Wed, 02 Mar 2022 21:23:15 +0000
DanaBot Launches DDoS Attack Against the Ukrainian Ministry of Defense
https://www.zscaler.com/blogs/security-research/danabot-launches-ddos-attack-against-ukrainian-ministry-defense
Zscaler
DanaBot Launches DDoS Attack | ThreatLabz
Researchers at Zscaler discovered a DDoS attack launched by DanaBot against the Ukrainian Ministry of Defense.
Thu, 03 Mar 2022 02:15:23 +0000
ASEC Weekly Malware Statistics (February 21st, 2022 – February 27th, 2022)
https://asec.ahnlab.com/en/32293/
ASEC BLOG
ASEC Weekly Malware Statistics (February 21st, 2022 - February 27th, 2022) - ASEC BLOG
The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from February 21st, 2022 (Monday) to February 27th, 2022 (Sunday). For the main category,…
Thu, 03 Mar 2022 09:37:08 +0000
Help for Ukraine: Free decryptor for HermeticRansom ransomware
https://decoded.avast.io/threatresearch/help-for-ukraine-free-decryptor-for-hermeticransom-ransomware/?utm_source=rss&utm_medium=rss&utm_campaign=help-for-ukraine-free-decryptor-for-hermeticransom-ransomware
Avast Threat Labs
Help for Ukraine: Free decryptor for HermeticRansom ransomware - Avast Threat Labs
On February 24th, the Avast Threat Labs discovered a new ransomware strain accompanying the data wiper HermeticWiper malware, which our colleagues at ESET found circulating in the Ukraine. Following this naming convention, we opted to name the strain we…
Thu, 03 Mar 2022 14:17:27 +0000
Cyberattacks are Prominent in the Russia-Ukraine Conflict
https://www.trendmicro.com/en_us/research/22/c/cyberattacks-are-prominent-in-the-russia-ukraine-conflict.html
Trend Micro
Cyberattacks are Prominent in the Russia-Ukraine Conflict
Fri, 04 Mar 2022 03:35:07 +0000
Ongoing Cyberwarfare
https://blog.cyble.com/2022/02/25/ongoing-cyberwarfare/
Cyble
Ongoing Cyberwarfare
Cyble Research Labs analyzes significant acts of cyberwarfare that have occurred so far in the Russia-Ukraine Conflict.
Fri, 04 Mar 2022 03:35:07 +0000
Vultur Banking Trojan Spreading Via Fake Google Play Store App
https://blog.cyble.com/2022/02/25/vultur-banking-trojan-spreading-via-fake-google-play-store-app/
Cyble
Vultur Banking Trojan Spreading Via Fake Google Play Store App
The Vultur malware is delivered as an add-on payload via a fake app called 2FA Authenticator, which over 10,000 people have downloaded.
Fri, 04 Mar 2022 03:35:07 +0000
Emotet Malware back in Action
https://blog.cyble.com/2022/02/26/emotet-malware-back-in-action/
Cyble
Emotet Malware back in Action
Cyble researchers analyze the new attack vectors being leveraged by the recently resurfaced Emotet Malware.
Fri, 04 Mar 2022 03:35:07 +0000
Ongoing Cyberwarfare: A Look at the Key Cyberattacks
https://blog.cyble.com/2022/03/03/ongoing-cyberwarfare-a-look-at-the-key-cyberattacks/
Fri, 04 Mar 2022 08:34:55 +0000
Ongoing Cyberwarfare: A Look at the Key Cyberattacks
https://blog.cyble.com/2022/03/04/ongoing-cyberwarfare-a-look-at-the-key-cyberattacks/
Cyble
Ongoing Cyberwarfare: A Look at the Key Cyberattacks
Security researchers at Cyble Research Labs have compiled a list of critical incidents in the escalating Russia-Ukraine conflict.
Fri, 04 Mar 2022 17:22:20 +0000
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine
https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
Malwarebytes
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine
Hours before the invasion of Ukraine by Russian forces, a new piece of malware was launched at Ukrainian targets. In this blog post, we take apart its components and highlight its capabilities.
Digging into HermeticWiper
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/digging-into-hermeticwiper.html
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/digging-into-hermeticwiper.html
Trellix
Digging into HermeticWiper
The HermeticWiper malware aims to destroy the boot sectors of any (removable) disk on the infected machine, with the help of a benign partition manager driver.
Ukraine-Themed Malspam Drops Agent Tesla
https://blogs.infoblox.com/cyber-threat-intelligence/cyber-campaign-briefs/ukraine-themed-malspam-drops-agent-tesla/
https://blogs.infoblox.com/cyber-threat-intelligence/cyber-campaign-briefs/ukraine-themed-malspam-drops-agent-tesla/
Infoblox Blog
Agent Tesla Malware Delivered Through Russia & Ukraine Related Emails | Infoblox
The Agent Tesla malspam campaign has been observed using messages related to the conflict in Ukraine. Learn the indicators and mitigation techniques now.
Deep Analysis of Redline Stealer: Leaked Credential with WCF
https://medium.com/s2wblog/deep-analysis-of-redline-stealer-leaked-credential-with-wcf-7b31901da904
https://medium.com/s2wblog/deep-analysis-of-redline-stealer-leaked-credential-with-wcf-7b31901da904
Medium
Deep Analysis of Redline Stealer: Leaked Credential with WCF
Author: Jiho Kim | S2W TALON
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
Fox-IT International blog
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
Authors: Alberto Segura, Malware analystRolf Govers, Malware analyst & Forensic IT Expert NCC Group, as well as many other researchers noticed a rise in Android malware last year, especillay An…
RuRAT Used In Spear-Phishing Attacks Against Media Organisations In United States
https://cluster25.io/2022/03/03/rurat-used-in-spear-phishing-attacks-against-media-organisations-in-united-states/
https://cluster25.io/2022/03/03/rurat-used-in-spear-phishing-attacks-against-media-organisations-in-united-states/
Sat, 05 Mar 2022 16:12:20 +0000
Government
Legitimate Sites used as Cobalt Strike C2s against Indian
Government
https://www.telsy.com/legitimate-sites-used-as-cobalt-strike-c2s-against-indian-government/
Telsy
Legitimate Sites used as Cobalt Strike C2s against Indian Government - Telsy
Telsy Threat Intelligence team observed a Cobalt Strike attack against members of the Indian government or local institutions.
Targeted APT Activity: BABYSHARK Is Out for Blood
https://www.huntress.com/blog/targeted-apt-activity-babyshark-is-out-for-blood
https://www.huntress.com/blog/targeted-apt-activity-babyshark-is-out-for-blood
Huntress
Targeted APT Activity: BABYSHARK Is Out for Blood | Huntress
We discovered malicious, targeted advanced persistent threat (APT) activity on a partner's system. Here, we dive into the BABYSHARK malware strain.
Sat, 05 Mar 2022 17:39:25 +0000
Beware of malware offering “Warm greetings from Saudi Aramco”
https://blog.malwarebytes.com/threat-intelligence/2022/03/beware-of-malware-offering-warm-greetings-from-saudi-aramco/
Malwarebytes Labs
Beware of malware offering "Warm greetings from Saudi Aramco"
A new Formbook campaign is targeting oil and gas companies.
Malware now using NVIDIA's stolen code signing certificates
https://www.bleepingcomputer.com/news/security/malware-now-using-nvidias-stolen-code-signing-certificates/
https://www.bleepingcomputer.com/news/security/malware-now-using-nvidias-stolen-code-signing-certificates/
BleepingComputer
Malware now using NVIDIA's stolen code signing certificates
Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows.
Не TI-отчет, но про противостояние в киберпространстве.
Volunteer Hackers Converge on Ukraine Conflict With No One in Charge
https://www.nytimes.com/2022/03/04/technology/ukraine-russia-hackers.html?smid=tw-share
Volunteer Hackers Converge on Ukraine Conflict With No One in Charge
https://www.nytimes.com/2022/03/04/technology/ukraine-russia-hackers.html?smid=tw-share
NY Times
Volunteer Hackers Converge on Ukraine Conflict With No One in Charge
The hackers have claimed a number of disruptions over the past week, blurring the lines between amateurs and groups linked to governments.
Sun, 06 Mar 2022 18:24:58 +0000
TeaBot: revamped banking trojan resurrected to steal SMS & other credentials of android users
https://www.secureblink.com/threat-research/teabot:-revamped-banking-trojan-resurrected-to-steal-sms-and-other-credentials-of-android-users
Secureblink
TeaBot: revamped banking trojan resurrected to steal SMS & other credentials of android users | Secure Blink
TeaBot resurrected with evolved malware distribution tactics active across Google Play Store, primarily circulating through OR Code Apps…