JPCERT/CC has observed attacks on cryptocurrency exchanges believed to be related to DangerousPassword attack campaign (also known as CryptoMimic or SnatchCrypto) continuously since June 2019. For many years, attackers have been using an attack technique of infecting targets with malware by sending shortcut files to them via email.…
Author: admin
Around February 2023, JPCERT/CC identified an attack that attempted to infect a crypto asset exchanger with the Parallax RAT malware. This attack attempted to infect employees of the crypto asset exchanger with malware by sending spam emails. This article presents the details of this attack.
Flow of events leading to Parallax RAT infectionFigure 1 shows the flow of this attack.…
I believe that automating analysis is a challenge that all malware analysts are working on for more efficient daily incident investigations. Cloud-based technologies (CI/CD, serverless, IaC, etc.) are great solutions that can automate MAOps efficiently. In this article, I introduce how JPCERT/CC automates malware analysis on the cloud, based on the following case studies.…
After nearly a year of being disrupted by Google, the Glupteba malware botnet has again become active, infecting devices worldwide. As a result of Google’s efforts, the blockchain-enabled botnet could be seriously disrupted in December 2021 by securing court orders for control of its infrastructure as well as filing legal claims against two Russian operators. …
JPCERT/CC is continuously investigating the activities by Lazarus. In 2021, JPCERT/CC presented on its attack activities at CODE BLUE and HITCON.
https://github.com/JPCERTCC/Lazarus-research/
The YamaBot malware shared in the above research report targeted the Linux OS, but another type recently found targets Windows OS. (It is referred to as Kaos in the document, but this blog refers to it as YamaBot.)…
By Jake Longden, Cofense Phishing Defense Center
Microsoft Power BI, a popular data-visualization tool, is designed to help users wrangle their data in multiple and more human-friendly formats. As a recognizable application from a commonly used and trusted vendor, Power BI is also a prime target for threat actors to spoof and abuse it for phishing attacks.…
By Adam Martin, Cofense Phishing Defense Center
Recently, the Phishing Defense Center (PDC) has observed a trend relative to a phishing tactic involving missed voicemail messages. As illustrated below in figure 1, the end user is notified about a missed voice message from a British Telecom landline. The link directs the recipient to a website that isn’t in any way associated with BT or any other legitimate telecom service.…
By Max Gannon
For what seems like years now, ransomware has captured headlines due to its sensationally disruptive and costly nature. And over these years, phishing has been used to directly deliver ransomware or to use a single intermediary loader, often targeting individual machines for low ransom amounts.…
By Tej Tulachan, Cofense Phishing Defense Center
The Cofense Phishing Defense Center (PDC) has intercepted a new phishing technique that uses information technology (IT) support-themed emails to get users to enter their old password. It’s common practice within industries to deploy a reset password communication from IT support for essential purposes such as hardening the employee’s email security.…
Kaspersky Lab experts discovered a targeted cyber espionage campaign, where attackers infect computers with malware that collects all recent documents on the victim’s device, archives them and passes them back to them.
The UEFI program is loaded before the operating system and controls all processes at an “early start”.…
The coronavirus pandemic is forcing many people around the world to work remotely. This has significantly increased the popularity of video conferencing services such as Zoom. Attackers took advantage of this and began to use fake Zoom domains to spread malware and gain access to other people’s video conferencing.…
Start with open https://siteconfig.fivefilters.org/
Enter a URL to the article for which you’d like custom extraction rules applied.
Select a block which appears to contain only the article content (or as close to it as possible).
Click Download Full-Text RSS site config to download a site config file for the site.…
Cybercriminals used to generate cryptocurrencies not only computers of ordinary Internet users but also the resources of large companies, as well as the websites of government agencies of the Russian Federation. This was announced at a press conference on Monday by Nikolai Murashov, the Deputy Director of the National Coordination Center for Computer Incidents (NCCCI).…
In September, Russian companies faced the problem of malicious software disguised as accounting documents. The launch of the virus led to leaks of personal data of users and the connection their computers to the botnet. Check Point company claims that 15.3% of Russian Internet users received such letters only in a month.…
Cases of malicious e-mails to Russian companies have become more frequent. Attackers write on behalf of Banks, large air operators, car dealers and mass media. They offer cooperation to companies and advise to open the file in the attachment, where there are details about a good deal.…
Specialists of the Russian company Dr Web found malicious software that threatens the MacOS operating system, which allows attackers to download and execute any Python code on the user’s device. In addition, sites distributing this malware also infected Windows users with a dangerous spyware Trojan.
According to the employees of the company Dr Web, a new threat was discovered by their experts on April 29.…
Herman Klimenko, adviser of the Russian President on Internet development, said that nowadays this is the most common and most dangerous virus. There are about 20 million computers in Moscow, of those, 20-30 percent are infected.…