Since its first attack was discovered nearly a decade ago, Winnti has evolved into an advanced and sophisticated toolkit leveraged by several actors such as APT17, Axiom, Barium, and PassCV, just to name a few. All these actors have been sharing core tactics, techniques, and...
By Quentin Fois and Stefano Ortolani We are just back from Singapore, where we attended the Security Analyst Summit organized by Kaspersky Lab. Believe us, it was a blast! Inspiring talks and perfect location made this event an effective forum to foster collaborations among security professionals. Besides...
The accelerating migration to the cloud is creating an attractive target for cybercriminals. One of the primary offerings is Microsoft Office 365, so we decided to take a closer look. We have provided a brief history of Office 365 attacks, and then we take a...
Introduction As part of our efforts to self-evaluate our backend systems, we closely monitor the behavioral reports produced by our dynamic analysis system. Every detection is, in fact, cross-checked and correlated with several other pieces of information, including the output from a number of static analyzers. A...
Authored by: Alexander Sevtsov Edited by: Stefano Ortolani Introduction It’s not news that the cryptocurrency industry is on the rise. Mining crypto coins offers to anybody a lucrative way to exchange computation resources for profit: every time a miner guesses the solution of a complex mathematical puzzle, he is awarded...
Recently, the ASERT team at Arbor Networks, published a report on an old version of the Absolute Software product, Absolute LoJack for laptops, being illicitly modified by suspected APT28 actors. The LoJack implant, previously known as Computrace and brought into the spotlight in 2014 at...
Introduction During the RSA 2018 conference, Lastline launched Breach Defender, a new solution to facilitate the analysis of suspicious anomalies in monitored networks. As part of our internal product QA leading up to any release, we often coordinate with our partners to carry out tests on...
In 1971 the first known instance of a self-replicating "computer worm" was recorded. Creeper didn't harm computers, but it did propagate through computers over the internet predecessor, ARPANET. By investigating how Creeper worked, a contrasting program — Reaper — was created to stop its spread. Reverse engineering...
Authored by: Alexander Sevtsov Edited by: Stefano Ortolani A new malware has recently made the headlines, targeting several computers during the opening ceremony of the Olympic Games Pyeongchang 2018. While Cisco Talos group, and later Endgame, have recently covered it, we noticed a couple of interesting aspects...
Until late Sunday afternoon, a number of public sector websites including ICO, NHS, and local councils (for example, Camden in London) have been serving a crypto miner unbeknownst to visitors, turning them into a free computing cloud at the service of unknown hackers. Although initially...
