CloudSorcerer APT uses cloud services and GitHub as C2 | Securelist
Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor.
XZ backdoor behavior inside OpenSSH
In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook.
Leaked LockBit builder in a real-life incident response case | Securelist
Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder.
Kaspersky analysis of the backdoor in XZ
Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.
A backdoor with a cryptowallet stealer inside cracked macOS software
We review a new macOS backdoor that piggybacks on cracked software to replace Bitcoin and Exodus wallets with malware.
StripedFly: Perennially flying under the radar
Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. The amount of effort that went into creating the framework is truly remarkable, and its disclosure was quite astonishing.
DNS changer in malicious mobile app used by Roaming Mantis
Roaming Mantis (a.k.a Shaoye) is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. In 2022, we observed a DNS changer function implemented in its Android malware Wroba.o.
Stolen certificates in two waves of ransomware and wiper attacks | Securelist
In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations.
NullMixer drops Redline Stealer, SmokeLoader and other malware | Securelist
NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others.
Kaspersky report on Luna and Black Basta ransomware
This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta.
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs
We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks.
DNS changer in malicious mobile app used by Roaming Mantis
Roaming Mantis (a.k.a Shaoye) is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. In 2022, we observed a DNS changer function implemented in its Android malware Wroba.o.
Stolen certificates in two waves of ransomware and wiper attacks | Securelist
In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations.
NullMixer drops Redline Stealer, SmokeLoader and other malware | Securelist
NullMixer is a dropper delivering a number of Trojans, such as RedLine Stealer, SmokeLoader, Satacom, and others.
Kaspersky report on Luna and Black Basta ransomware
This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta.
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs
We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks.
Kaspersky report on Luna and Black Basta ransomware
This report discusses new ransomware, that targets Windows, Linux and ESXi systems: Luna written in Rust and Black Basta.
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs
We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks.