Found 11 bookmarks
Custom sorting
Kapeka: A novel backdoor spotted in Eastern Europe
Kapeka: A novel backdoor spotted in Eastern Europe
This report provides an in-depth technical analysis of the backdoor and its capabilities, and analyzes the connection between Kapeka and Sandworm group. The purpose of this report is to raise awareness amongst businesses, governments, and the broader security community. WithSecure has engaged governments and select customers with advanced copies of this report. In addition to the report, we are releasing several artifacts developed as a result of our research, including a registry-based & hardcoded configuration extractor, a script to decrypt and emulate the backdoor’s network communication, and as might be expected, a list of indicators of compromise, YARA rules, and MITRE ATT&CK mapping
#withsecure#EN#2024#Kapeka#analysis#Sandworm
·labs.withsecure.com·
Kapeka: A novel backdoor spotted in Eastern Europe
2023’s ransomware rookies are a remix of Conti and other classics
2023’s ransomware rookies are a remix of Conti and other classics
Ransomware’s business model is a big part of what’s made it such a potent threat for so many years. However, we dug into multi-point ransomware attacks from 2023, and found another factor in ransomware’s staying power: a seemingly endless supply of new cyber crime groups starting ransomware operations.
#withsecure#EN#2023#ransomware#groups#attacks#names
·withsecure.com·
2023’s ransomware rookies are a remix of Conti and other classics
EDR bypassing via memory manipulation techniques | WithSecure™ Labs
EDR bypassing via memory manipulation techniques | WithSecure™ Labs
Endpoint Detection & Response systems (EDR), delivered by in-house teams or as part of a managed service, are a feature of modern intrusion detection and remediation operations. This success is a problem for attackers, and malicious actors have worked to find new ways to evade EDR detection capabilities. PDF Document
#withsecure#EN#2023#Research#Connor-Morley#EDR#bypass#manipulation#techniques
·labs.withsecure.com·
EDR bypassing via memory manipulation techniques | WithSecure™ Labs
FIN7 tradecraft seen in attacks against Veeam backup servers
FIN7 tradecraft seen in attacks against Veeam backup servers
WithSecure Intelligence identified attacks which occurred in late March 2023 against internet-facing servers running Veeam Backup & Replication software. Our research indicates that the intrusion set used in these attacks has overlaps with those attributed to the FIN7 activity group. It is likely that initial access & execution was achieved through a recently patched Veeam Backup & Replication vulnerability, CVE-2023-27532.
#withsecure#EN#2023#Research#Veeam#FIN7
·labs.withsecure.com·
FIN7 tradecraft seen in attacks against Veeam backup servers
Detecting OneNote Abuse
Detecting OneNote Abuse
OneNote is a software part of the Office suite, commonly used within most organisations for note-keeping, task management and more. In the last year, OneNote gained more attention from a security perspective, mostly thanks to the research paper published by Emeric Nasi.
#withsecure#2023#EN#Attack-detection#OneNote#Office#LNK
·labs.withsecure.com·
Detecting OneNote Abuse
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
During Q4 2022, WithSecure™ detected and responded to a cyber attack conducted by a threat actor that WithSecure™ have attributed with high confidence to an intrusion set referred to as Lazarus Group. Attribution with high confidence was based off of overlapping techniques tactics and procedures as well as an operational security mistake by the threat actor. Amongst technical indications, the incident observed by WithSecure™ also contains characteristics of recent campaigns attributed to Lazarus Group by other researchers.
#WithSecure#2023#EN#Case-study#Report#Lazarus#attack
·labs.withsecure.com·
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
Microsoft Office 365 Message Encryption Insecure Mode of Operation | WithSecure™ Labs
Microsoft Office 365 Message Encryption Insecure Mode of Operation | WithSecure™ Labs
Microsoft Office 365 Message Encryption (OME) utilitises Electronic Codebook (ECB) mode of operation. This mode is insecure and leaks information about the structure of the messages sent and can lead to partial or full message disclosure.
#withsecure#EN#2022#Security-advisory#365#office365#leak#Encryption#ECB#disclosure
·labs.withsecure.com·
Microsoft Office 365 Message Encryption Insecure Mode of Operation | WithSecure™ Labs
Detecting OneNote Abuse
Detecting OneNote Abuse
OneNote is a software part of the Office suite, commonly used within most organisations for note-keeping, task management and more. In the last year, OneNote gained more attention from a security perspective, mostly thanks to the research paper published by Emeric Nasi.
#withsecure#2023#EN#Attack-detection#OneNote#Office#LNK
·labs.withsecure.com·
Detecting OneNote Abuse
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
During Q4 2022, WithSecure™ detected and responded to a cyber attack conducted by a threat actor that WithSecure™ have attributed with high confidence to an intrusion set referred to as Lazarus Group. Attribution with high confidence was based off of overlapping techniques tactics and procedures as well as an operational security mistake by the threat actor. Amongst technical indications, the incident observed by WithSecure™ also contains characteristics of recent campaigns attributed to Lazarus Group by other researchers.
#WithSecure#2023#EN#Case-study#Report#Lazarus#attack
·labs.withsecure.com·
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
Microsoft Office 365 Message Encryption Insecure Mode of Operation | WithSecure™ Labs
Microsoft Office 365 Message Encryption Insecure Mode of Operation | WithSecure™ Labs
Microsoft Office 365 Message Encryption (OME) utilitises Electronic Codebook (ECB) mode of operation. This mode is insecure and leaks information about the structure of the messages sent and can lead to partial or full message disclosure.
#withsecure#EN#2022#Security-advisory#365#office365#leak#Encryption#ECB#disclosure
·labs.withsecure.com·
Microsoft Office 365 Message Encryption Insecure Mode of Operation | WithSecure™ Labs