Exploit This

Security News, Exploits, and Vulnerabilities.

First Annual Cyberwarcon

Cyberwarcon is a brand new event organized yesterday in Arlington, Virginia, and delivered eight hours of fantastic content. “CyberwarCon is a one-day conference in the Washington D.C. area focused on the specter of destruction, disruption, and malicious influence on our… Read Full Article

IT threat evolution Q3 2018

LuckyMouse, mobile Trojan Asacub, BusyGasper, KeyPass ransomware and other notable targeted attacks and malware stories of Q3 2018.

MuddyWater expands operations

MuddyWater is a relatively new APT that surfaced in 2017. It has focused mainly on governmental targets in Iraq and Saudi Arabia, according to past telemetry. However, the group behind MuddyWater has been known to target other countries in the Middle East, Europe and the US.

Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware

While investigating a cryptocurrency exchange attacked by Lazarus, we made an unexpected discovery. The victim had been infected with the help of a trojanized cryptocurrency trading application, which had been recommended to the company over email.

IT threat evolution Q2 2018

Olympic Destroyer worm, Roaming Mantis mobile banker, Operation Parliament cyber-espionage campaign, SynAck ransomware and other notable targeted attacks and malware campaigns of Q2 2018.

Olympic Destroyer is still alive

In May-June 2018 we discovered new spear-phishing documents that closely resembled weaponized documents used by Olympic Destroyer in the past. This and other TTPs led us to believe that we were looking at the same actor again. However, this time the attacker has new targets.

The Dropping Elephant actor

A threat actor, likely operating from India, was undertaking aggressive cyber-espionage activity in the Asian region, targeting multiple diplomatic and government entities with a particular focus on China and its international affairs.

Expert: cross-platform Adwind RAT

Kaspersky Lab researcher Vitaly Kamluk gave a talk about the latest version of the cross-platform Adwind RAT. The remote access Trojan is unique in that it’s written in JavaScript, giving this version — which is also known as Frutas, AlienSpy and JSocket — the flexibility to be used liberally in cybercrime operations as well as in targeted attacks.

Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage

Kaspersky Lab exposes first ever publicly known Brazilian Portuguese cyberespionage campaign targeting financial institutions as well as telecommunications, manufacturing, energy and media companies. Poseidon Group is a commercial entity whose attacks involve custom malware digitally signed with rogue certificates deployed to steal sensitive data from victims.

Adwind: FAQ

Adwind – a cross-platform RAT, multifunctional malware program which is distributed through a single malware-as-a-service platform. Different versions of the Adwind malware have been used in attacks against at least 443,000 private users, commercial and non-commercial organizations around the world.

%d bloggers like this: