Exploit This

Security News, Exploits, and Vulnerabilities.

Introducing WhiteBear

As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear. It is a parallel project or second stage of the Skipper Turla cluster of activity documented in another private report. Like previous Turla activity, WhiteBear leverages compromised websites and hijacked satellite connections for command and control (C2) infrastructure.

APT Trends report Q2 2017

Since 2014, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been providing threat intelligence reports to a wide-range of customers worldwide, leading to the delivery of a full and dedicated private reporting service. Prior to the new service offering, GReAT published research online for the general public in an effort to help combat the ever-increasing threat from nation-state and other advanced actors.

Penquin’s Moonlit Maze

Moonlight Maze is the stuff of cyberespionage legend. In 1996, in the infancy of the Internet, someone was rummaging through military, research, and university networks primarily in the United States, stealing sensitive information on a massive scale. To say that this historic threat actor is directly related to the modern day Turla would elevate an already formidable modern day attacker to another league altogether.

KopiLuwak: A New JavaScript Payload from Turla

A new, unique JavaScript payload is now being used by Turla in targeted attacks. This new payload, dubbed KopiLuwak, is being delivered using embedded macros within Office documents.

Satellite Turla: APT Command and Control in the Sky

When you are an APT group, you need to deal with the constant seizure and takedown of C&C domains and servers. Some of the most advanced threat actors have found a solution — the use of satellite-based Internet links. In the past, we’ve seen three different actors using such links to mask their operations. The most interesting and unusual of them is the Turla group.

%d bloggers like this: