PTsecurity-ESC – Cyber Security News Aggregator

Asia’s SMS stealers: 1,000 bots and one study

July 11, 2024July 17, 2024 PTsecurity-ESC

1. Introduction

Attackers have increasingly started using Telegram as a control server (C2). One example is the Lazy Koala group, which we recently discovered and set out to study. While researching bots on Telegram, we found that …

Threat Research

ExCobalt: GoRed, the hidden-tunnel technique

June 19, 2024 PTsecurity-ESC

Introduction

While responding to an incident at one of our clients, the PT ESC CSIRT team discovered a previously unknown backdoor written in Go, which we attributed to a cybercrime gang dubbed ExCobalt.

ExCobalt focuses on cyberespionage and includes several members …

Threat Research

Hellhounds: Operation Lahat. Part 2

May 23, 2024 PTsecurity-ESC

Introduction

In November 2023, the team at the Positive Technologies Expert Security Center (PT ESC) released their first research report on attacks by the hitherto-unknown group Hellhounds on Russian companies’ infrastructure: Operation Lahat. The report focused …

Threat Research

Positive Technologies detects a series of attacks via Microsoft Exchange Server

May 17, 2024 PTsecurity-ESC

While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers. This keylogger was collecting …

Threat Research

SteganoAmor campaign: TA558 mass-attacking companies and public institutions all around the world

April 17, 2024April 18, 2024 PTsecurity-ESC

Key findings: The group is targeting various countries around the world in addition to its priority region of Latin America. It uses long chains that incorporate a variety of tools and malware: AgentTesla, FormBook, Remcos, LokiBot, Formbook,…

Threat Research

LazyStealer: sophisticated does not mean better

April 4, 2024April 17, 2024 PTsecurity-ESC

Introduction

In the first quarter of 2024, specialists from Positive Technologies Expert Security Center (PT ESC) detected a series of attacks targeting government organizations in Russia, Belarus, Kazakhstan, Uzbekistan, Kyrgyzstan, Tajikistan, and Armenia. We could not find any …

Threat Research

Hellhounds: Operation Lahat

November 30, 2023May 24, 2024 PTsecurity-ESC

Introduction

In 2023, our Positive Technologies Computer Security Incident Response Team (PT CSIRT) discovered that a certain power company was compromised by the Decoy Dog trojan. According to the PT CSIRT investigation, Decoy Dog has been …

Threat Research

A pirated program downloaded from a torrent site infected hundreds of thousands of users

October 26, 2023May 24, 2024 PTsecurity-ESC

Introduction

When searching for necessary software, users often visit seemingly safe websites and torrent trackers to download, install and use programs. But are these programs truly safe? Illegal software could contain …

Threat Research

Dark River. You can’t see them, but they’re there

September 28, 2023May 24, 2024 PTsecurity-ESC

Introduction

In October 2022, during an investigation into an incident at a Russian industrial enterprise, samples of previously unseen malware were discovered running on compromised computers of this organization. The names of this malware’s executable files were similar to the …

Threat Research

Space Pirates: a look into the group’s unconventional techniques, new attack vectors, and tools

July 25, 2023May 24, 2024 PTsecurity-ESC

Introduction

At the end of 2019, the team at the Positive Technologies Expert Security Center (PT ESC) discovered a new cybercrime group, which they dubbed Space Pirates. It had been active since at least 2017. The first-ever …

Author: PTsecurity-ESC