Exploit This

Security News, Exploits, and Vulnerabilities.

Operation Ghoul: targeted attacks on industrial and engineering organizations

We recently identified a cybercriminal operation targeting a large number of organizations, with focus on few countries more than others. Attackers are utilizing simple tools with proficient social engineering, highly successful with Industrial and engineering SMBs. Attacks are ongoing, slowly crippling businesses, spreading harm and ruin wherever they land, like a Ghoul.

ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms

‘ProjectSauron’ – a nation-state threat actor attacking state organizations with a unique set of tools for each victim, making traditional indicators of compromise almost useless. The aim of the attacks appears to be mainly cyber-espionage.

The Asacub Trojan: from spyware to banking malware

We were recently analyzing a family of mobile banking Trojans called Asacub, and discovered that one of its C&C servers is also used by CoreBot, a Windows spyware Trojan. This prompted us to do a more detailed analysis of the mobile banking Trojan.

Inside the EquationDrug Espionage Platform

EquationDrug represents the main espionage platform from the Equation Group. It’s been in use for over 10 years, replacing EquationLaser until it was itself replaced itself by the even more sophisticated GrayFish platform.

Equation Group: from Houston with love

In 2009, an international scientific conference on Energy and Space technologies was held in Houston. The organizers sent out a post-meeting CDROM. The disk used in the Houston attack represents a rare and unusual operation for the Equation Group.

A Fanny Equation: “I am your father, Stuxnet”

During our 2014 research into the Equation group, we created a special detection for the group’s exploitation library, codenamed “PrivLib”. To our surprise, this detection triggered a worm from 2008 that used the Stuxnet LNK exploit to replicate, codenamed Fanny.

Equation: The Death Star of Malware Galaxy

The Equation group is a highly sophisticated threat actor that has been engaged in multiple CNE (computer network exploitation) operations dating back to 2001, and perhaps as early as 1996. It is probably one of the most sophisticated cyber attack groups in the world.

%d bloggers like this: