Cyble Research & Intelligence Labs (CRIL) investigated a fraudulent operation carried out by impostors posing as Village Level Entrepreneurs (VLEs) to dupe and scam Indian rural subscribers registering for Customer …
Tag: BANK
A RAT (Remote Access Trojan) is a tool used by Threat Actors (TAs) to gain full access and remote control of a victim’s …
ESET researchers discovered a new wiper and its execution tool, both attributed to the Agrius APT group, while analyzing a supply-chain attack abusing an Israeli software developer. The group is …
概述
Lazarus组织是疑似具有东北亚背景的APT组织,奇安信威胁情报中心内部追踪编号为APT-Q-1,因2014年攻击索尼影业开始受到广泛关注,其攻击活动最早可追溯到2007年。该组织早期主要针对其他国家政府机构,以窃取敏感情报为目的,但自2014年后,该组织开始以全球金融机构 、虚拟货币交易场等为目标,进行敛财为目的的攻击活动。据公开情报显示,2014 年索尼影业遭黑客攻击事件,2016 年孟加拉国银行数据泄露事件,2017年美国国防承包商、美国能源部门及英国、韩国等比特币交易所被攻击事件都出自Lazarus之手。2021年,Lazarus还开始了针对安全研究人员的新活动【1】。一直以来,木马样本的免杀率都是各个APT组织高度关注的要点,随着杀毒软件的更新迭代,检出方法不断的完善,恶意样本的检出率也随之提高,攻击者为进一步对抗而使用了各种匪夷所思的绕过方法、千奇百怪的免杀方法。近日,奇安信威胁情报中心红雨滴团队在日常的威胁狩猎中便发现Lazarus组织最新的0杀软查杀攻击样本,样本为VHD(虚拟磁盘映像)文件,以日本瑞穗银行(Mizuho Bank)的招聘信息为诱饵进行攻击。
https://www.virustotal.com/gui/file/826f2a2a25f7b7d42f54d18a99f6721f855ba903db7b125d7dea63d0e4e6df64/detection
在发现该攻击活动后,红雨滴团队便第一时间向安全社区进行了预警【2】,并引发国内外安全研究员对该类型样本进行深度探索。A sample seems to be from #APT #Lazarus and uses VHD to deploy malware.Decoy document is about job description for Mizuho …
This blog post was authored by Jérôme Segura
Black Friday is the annual kick off to the shopping season for brick and mortar and online retailers. However, it’s not just …
Editor’s Note: This is an excerpt of a full report. To read the entire analysis with endnotes, click here to download the report as a PDF.
This report analyzes the …
A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that …
Online banking is convenient as it allows users to make money transfers, bill payments, verify their balance, and access accounts 24/7 at …
11/07: Updated article to provide clarity around hunting techniques
Key points from our research:
Following our reporting on Robin Banks in July, Cloudflare disassociated Robin Banks phishing infrastructure from its…By Nati Tal (Guardio Labs) — BadEx II
TL;DRThe “Dormant Colors” is yet another vast campaign of malicious extensions with millions of active installations worldwide, this time with a …
This post is also available in: 日本語 (Japanese)
Executive SummaryIn May 2021, Palo Alto Networks launched a proactive detector employing state-of-the-art methods to recognize malicious domains at the time …
A tech support scam is an extensive fraud where the scammer offers a support service for any legitimate entity and lures the …
By Daksh Kapur · October 6, 2022
What is BazarCall?
As nicely defined in this article by Microsoft:
BazarCall campaigns forgo malicious links or attachments in email messages in favor …
UPD: A notice on Google’s response to the issue was added.
An unusual malicious bundle (a collection of malicious programs distributed in the form of a single installation file, self-extracting …
During our routine threat-hunting exercise, Cyble Research & Intelligence Labs (CRIL) came across a Twitter post wherein a researcher mentioned …
During our routine threat-hunting exercise, Cyble Research & Intelligence Labs (CRIL) came across multiple URLs hosting pages pretending to be Greece’s tax refund site. …
Recent studies show that more than 85% of financial institutions in Central and Western Africa have repeatedly been victimized in multiple, damaging cyberattacks. In a quarter of these cases, intrusions …
It has now been six months since the war in Ukraine began. Since then, pro-Russian and pro-Ukrainian hacker groups, like KillNet, Anonymous, IT Army of Ukraine, Legion Spetsnaz RF, have …
Stealing information is fundamental to cybercriminals today to scope and gain access to systems, profile organizations, and execute bigger payday schemes like ransomware. Information stealer malware families including Prynt Stealer …
During our routine threat-hunting exercise, Cyble Research & Intelligence Labs (CRIL) came across a Twitter post wherein a researcher mentioned an interesting JavaScript skimmer …
Mitiga spotted a sophisticated, advanced business email compromise (BEC) campaign, directly targeting relevant executives of organizations (mostly CEOs and CFOs) usingOffice 365. The attackers combine high-end spear-phishing with an adversary-in-the-middle …
In a recent blog, Cyble Research Labs (CRL) has highlighted an International Bank Account Number (IBAN) Clipper Malware after identifying a Threat Actor …
Introduction
Recently Zscaler ThreatLabz observed a Grandoreiro campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain that work across a variety of different industry verticals such as Automotive, …
On August 8, CheckPoint published a report on ten malicious Python packages in the Python Package Index (PyPI), the most popular Python repository among software developers. The malicious packages were …
Resecurity, Inc. (USA), a Los Angeles-based cybersecurity company providing managed threat detection and response for Fortune 500’s, identified threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps …
Key points from our research:
Robin Banks is a phishing-as-a-service (PhaaS) platform, first seen in March 2022, selling ready-made phishing kits to cyber criminals aiming to gain access to the…During our routine threat hunting exercise, Cyble Research Labs came across a Twitter Post wherein the researcher mentioned an Android malware variant published on the Play Store. The variant in …
Trustwave SpiderLabs in early April observed a Grandoreiro malware campaign targeting bank users from Brazil, Spain, and Mexico. The campaign exploits the tax season in target countries by sending out …
It started with a seemingly benign email, dealing with the purchase of a vehicle, and ended in a reveal of a months’ long campaign targeting German organizations. Most of …
Remcos RAT (Remote Access Trojan) was originally designed as a professional tool to remotely control computers. Remcos RAT is recognized as a malware family because it has been abused by …
UNC2891 often made use of the STEELCORGI in-memory dropper which decrypts its embedded payloads by deriving a ChaCha20 key from the value of an …
This post is also available in: 日本語 (Japanese)
Executive SummaryAs early as Dec. 21, 2021, Unit 42 observed a new infection method for the highly prevalent malware family Emotet. …
Research by: Aliaksandr Trafimchuk, Raman Ladutska
This research comes as a follow-up to our previous article on Trickbot, “When Old Friends Meet Again: Why Emotet Chose Trickbot For Rebirth” where …
In our previous article “Mobile banking fraud: BRATA strikes again” we’ve described how threat actors (TAs) leverage the Android banking trojan BRATA to perpetrate fraud via unauthorized wire transfers. …
TrickBot Bolsters Layered Defenses to Prevent Injection Research
Limor Kessem and Charlotte Hammond.
The cyber crime gang that operates the TrickBot Trojan, as well as other malware and ransomware attacks, …
BlueNoroff is the name of an APT group coined by Kaspersky researchers while investigating the notorious attack on Bangladesh’s Central Bank back in 2016. A mysterious group with links to …