Thu, 03 Mar 2022 14:17:27 +0000
Cyberattacks are Prominent in the Russia-Ukraine Conflict
https://www.trendmicro.com/en_us/research/22/c/cyberattacks-are-prominent-in-the-russia-ukraine-conflict.html
Trend Micro
Cyberattacks are Prominent in the Russia-Ukraine Conflict
Fri, 04 Mar 2022 03:35:07 +0000
Ongoing Cyberwarfare
https://blog.cyble.com/2022/02/25/ongoing-cyberwarfare/
Cyble
Ongoing Cyberwarfare
Cyble Research Labs analyzes significant acts of cyberwarfare that have occurred so far in the Russia-Ukraine Conflict.
Fri, 04 Mar 2022 03:35:07 +0000
Vultur Banking Trojan Spreading Via Fake Google Play Store App
https://blog.cyble.com/2022/02/25/vultur-banking-trojan-spreading-via-fake-google-play-store-app/
Cyble
Vultur Banking Trojan Spreading Via Fake Google Play Store App
The Vultur malware is delivered as an add-on payload via a fake app called 2FA Authenticator, which over 10,000 people have downloaded.
Fri, 04 Mar 2022 03:35:07 +0000
Emotet Malware back in Action
https://blog.cyble.com/2022/02/26/emotet-malware-back-in-action/
Cyble
Emotet Malware back in Action
Cyble researchers analyze the new attack vectors being leveraged by the recently resurfaced Emotet Malware.
Fri, 04 Mar 2022 03:35:07 +0000
Ongoing Cyberwarfare: A Look at the Key Cyberattacks
https://blog.cyble.com/2022/03/03/ongoing-cyberwarfare-a-look-at-the-key-cyberattacks/
Fri, 04 Mar 2022 08:34:55 +0000
Ongoing Cyberwarfare: A Look at the Key Cyberattacks
https://blog.cyble.com/2022/03/04/ongoing-cyberwarfare-a-look-at-the-key-cyberattacks/
Cyble
Ongoing Cyberwarfare: A Look at the Key Cyberattacks
Security researchers at Cyble Research Labs have compiled a list of critical incidents in the escalating Russia-Ukraine conflict.
Fri, 04 Mar 2022 17:22:20 +0000
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine
https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
Malwarebytes
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine
Hours before the invasion of Ukraine by Russian forces, a new piece of malware was launched at Ukrainian targets. In this blog post, we take apart its components and highlight its capabilities.
Digging into HermeticWiper
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/digging-into-hermeticwiper.html
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/digging-into-hermeticwiper.html
Trellix
Digging into HermeticWiper
The HermeticWiper malware aims to destroy the boot sectors of any (removable) disk on the infected machine, with the help of a benign partition manager driver.
Ukraine-Themed Malspam Drops Agent Tesla
https://blogs.infoblox.com/cyber-threat-intelligence/cyber-campaign-briefs/ukraine-themed-malspam-drops-agent-tesla/
https://blogs.infoblox.com/cyber-threat-intelligence/cyber-campaign-briefs/ukraine-themed-malspam-drops-agent-tesla/
Infoblox Blog
Agent Tesla Malware Delivered Through Russia & Ukraine Related Emails | Infoblox
The Agent Tesla malspam campaign has been observed using messages related to the conflict in Ukraine. Learn the indicators and mitigation techniques now.
Deep Analysis of Redline Stealer: Leaked Credential with WCF
https://medium.com/s2wblog/deep-analysis-of-redline-stealer-leaked-credential-with-wcf-7b31901da904
https://medium.com/s2wblog/deep-analysis-of-redline-stealer-leaked-credential-with-wcf-7b31901da904
Medium
Deep Analysis of Redline Stealer: Leaked Credential with WCF
Author: Jiho Kim | S2W TALON
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
https://blog.fox-it.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
Fox-IT International blog
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
Authors: Alberto Segura, Malware analystRolf Govers, Malware analyst & Forensic IT Expert NCC Group, as well as many other researchers noticed a rise in Android malware last year, especillay An…
RuRAT Used In Spear-Phishing Attacks Against Media Organisations In United States
https://cluster25.io/2022/03/03/rurat-used-in-spear-phishing-attacks-against-media-organisations-in-united-states/
https://cluster25.io/2022/03/03/rurat-used-in-spear-phishing-attacks-against-media-organisations-in-united-states/
Sat, 05 Mar 2022 16:12:20 +0000
Government
Legitimate Sites used as Cobalt Strike C2s against Indian
Government
https://www.telsy.com/legitimate-sites-used-as-cobalt-strike-c2s-against-indian-government/
Telsy
Legitimate Sites used as Cobalt Strike C2s against Indian Government - Telsy
Telsy Threat Intelligence team observed a Cobalt Strike attack against members of the Indian government or local institutions.
Targeted APT Activity: BABYSHARK Is Out for Blood
https://www.huntress.com/blog/targeted-apt-activity-babyshark-is-out-for-blood
https://www.huntress.com/blog/targeted-apt-activity-babyshark-is-out-for-blood
Huntress
Targeted APT Activity: BABYSHARK Is Out for Blood | Huntress
We discovered malicious, targeted advanced persistent threat (APT) activity on a partner's system. Here, we dive into the BABYSHARK malware strain.
Sat, 05 Mar 2022 17:39:25 +0000
Beware of malware offering “Warm greetings from Saudi Aramco”
https://blog.malwarebytes.com/threat-intelligence/2022/03/beware-of-malware-offering-warm-greetings-from-saudi-aramco/
Malwarebytes Labs
Beware of malware offering "Warm greetings from Saudi Aramco"
A new Formbook campaign is targeting oil and gas companies.
Malware now using NVIDIA's stolen code signing certificates
https://www.bleepingcomputer.com/news/security/malware-now-using-nvidias-stolen-code-signing-certificates/
https://www.bleepingcomputer.com/news/security/malware-now-using-nvidias-stolen-code-signing-certificates/
BleepingComputer
Malware now using NVIDIA's stolen code signing certificates
Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows.
Не TI-отчет, но про противостояние в киберпространстве.
Volunteer Hackers Converge on Ukraine Conflict With No One in Charge
https://www.nytimes.com/2022/03/04/technology/ukraine-russia-hackers.html?smid=tw-share
Volunteer Hackers Converge on Ukraine Conflict With No One in Charge
https://www.nytimes.com/2022/03/04/technology/ukraine-russia-hackers.html?smid=tw-share
NY Times
Volunteer Hackers Converge on Ukraine Conflict With No One in Charge
The hackers have claimed a number of disruptions over the past week, blurring the lines between amateurs and groups linked to governments.
Sun, 06 Mar 2022 18:24:58 +0000
TeaBot: revamped banking trojan resurrected to steal SMS & other credentials of android users
https://www.secureblink.com/threat-research/teabot:-revamped-banking-trojan-resurrected-to-steal-sms-and-other-credentials-of-android-users
Secureblink
TeaBot: revamped banking trojan resurrected to steal SMS & other credentials of android users | Secure Blink
TeaBot resurrected with evolved malware distribution tactics active across Google Play Store, primarily circulating through OR Code Apps…
Mon, 07 Mar 2022 01:11:56 +0000
Distribution of Remcos RAT Disguised as Tax Invoice
https://asec.ahnlab.com/en/32376/
ASEC BLOG
Distribution of Remcos RAT Disguised as Tax Invoice - ASEC BLOG
The ASEC analysis team has discovered Remcos RAT being distributed under the disguise of a tax invoice. The content and the type of phishing email are similar to the type that has been consistently discussed in previous blogs. Within the email, it has a short…
Mon, 07 Mar 2022 21:58:15 +0000
MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part I
https://www.fortinet.com/blog/threat-research/ms-office-files-involved-in-emotet-trojan-campaign-pt-one
Fortinet Blog
MS Office Files Involved Again in Recent Emotet Trojan Campaign – Part I
FortiGuard Labs discovered more than 500 Microsoft Excel files involved in a campaign to deliver a fresh Emotet Trojan variant. Read to learn more how to avoid this lure.…
Mon, 07 Mar 2022 22:05:21 +0000
An update on the threat landscape
https://blog.google/threat-analysis-group/update-threat-landscape-ukraine/
Google
An update on the threat landscape
Online security is extremely important for people in Ukraine and the surrounding region right now. Government agencies, independent newspapers and public service provide…