Malware

Pierluigi Paganini June 05, 2020
Multi-platform Tycoon Ransomware employed in targeted attacks

Experts recently discovered a multi-platform ransomware, dubbed Tycoon Ransomware, that uses a Java image file (JIMAGE) to evade detection. Experts from BlackBerry Threat Intelligence and KPMG recently discovered a new strain of multi-platform ransomware dubbed Tycoon ransomware. The Tycoon ransomware was used in highly targeted attacks, its operators recently targeted small to medium-sized companies and […]

Pierluigi Paganini June 04, 2020
Cycldek APT targets Air-Gapped systems using the USBCulprit Tool

A Chinese threat actor tracked as Cycldek (aka Goblin Panda, or Conimes) has developed new tool to steal information from air-gapped systems. Security experts from Kaspersky Lab reported that the Chinese threat actor tracked as Cycldek (aka Goblin Panda, or Conimes) has developed new tool to steal information from air-gapped systems. The Cycldek group was […]

Pierluigi Paganini June 03, 2020
Sodinokibi ransomware gang launches auction site to sell stolen data

REvil /Sodinokibi ransomware operators launch an auction site to sell data stolen from victims that have chosen to not pay the ransom. Sodinokibi ransomware operators are very active in this period, a few days after the gang has leaked the files allegedly stolen from the UK power grid middleman Elexon it has announced to launch […]

Pierluigi Paganini June 02, 2020
Sodinokibi ransomware operators leak files stolen from Elexon electrical middleman

The REvil/Sodinokibi ransomware operators have leaked the files allegedly stolen from the UK power grid middleman Elexon. In May Elexon, a middleman in the UK power grid network, was the victim of a cyber attack, its systems have been infected with the Sodinokibi ransomware. The incident impacted only affected the internal IT network, including the […]

Pierluigi Paganini May 31, 2020
Coronavirus-themed attacks May 24 – May 30, 2020

This post includes the details of the Coronavirus-themed attacks launched from May 24 to May 30, 2020. Threat actors exploit the interest in the Coronavirus outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases. Below a list of attacks detected this week. May 26 – Hangzhou could permanently adopt COVID-19 […]

Pierluigi Paganini May 30, 2020
A new COVID-19-themed campaign targets Italian users

Security researchers uncovered a new COVID-19-themed campaign targeting users of the National Institute for Social Security (INPS). Security experts from D3Lab have uncovered a new COVID-19-themed phishing campaign that is targeting the users of the Italian National Institute for Social Security (INPS). Like a previous campaign observed in early April, threat actors set up a fake […]

Pierluigi Paganini May 30, 2020
NetWalker ransomware gang threatens to release Michigan State University files

Michigan State University is the last victim of the NetWalker ransomware, attackers threaten to leak stolen files if it will not pay the ransom in seven days. Michigan State University hit by ransomware gang, NetWalker ransomware operators are threatening to leak stolen files if the university will not pay the ransom in seven days. At […]

Pierluigi Paganini May 29, 2020
Himera and AbSent-Loader Leverage Covid19 lures

Researchers at ZLab spotted a new phishing campaign using Covid19 lures to spread Himera and Absent-Loader.   Introduction During our Cyber Defense monitoring activities we intercepted waves of incoming emails directed to many companies under our protective umbrella. These messages were leveraging FMLA (Family and Medical Leave Act) requests related to the ongoing COVID19 pandemics. These […]

Pierluigi Paganini May 29, 2020
Octopus Scanner Malware: open source supply chain attack via NetBeans projects on GitHub

GitHub has issued a security alert warning of a malware campaign that is spreading on its platform via boobytrapped NetBeans Java projects. GitHub has issued a security alert warning of a piece of malware dubbed Octopus Scanner that is spreading on its platform via boobytrapped NetBeans Java projects. GitHub’s security team discovered the malicious code […]

Pierluigi Paganini May 29, 2020
Steganography in targeted attacks on industrial enterprises in Japan and Europe

Threat actors targeted industrial suppliers in Japan and several European countries in sophisticated attacks, Kaspersky reported. Researchers from Kaspersky’s ICS CERT unit reported that threat actors targeted industrial suppliers in Japan and several European countries in sophisticated attacks. The experts first observed the attacks in early 2020, while in early May, threat actors targeted organizations […]