Winnti Group’s skip‑2.0: A Microsoft SQL Server backdoor

Notorious cyberespionage group debases MSSQL. For a while, ESET researchers have been tracking the activities of the Winnti Group, active since at least 2012 and responsible for high-profile supply-chain attacks against the video game and software industry. Recently, we discovered a previously undocumented backdoor targeting Microsoft SQL (MSSQL) that allows attackers to maintain a very discreet … More Winnti Group’s skip‑2.0: A Microsoft SQL Server backdoor

ESET discovers Attor, a spy platform with curious GSM fingerprinting

ESET researchers discover a previously unreported cyberespionage platform used in targeted attacks against diplomatic missions and governmental institutions, and privacy-concerned users. ESET researchers have discovered a new espionage platform with a complex architecture, a host of measures to make detection and analysis more difficult and two notable features. First, its GSM plugin uses the AT … More ESET discovers Attor, a spy platform with curious GSM fingerprinting

‘Machete’ cyberattack strikes Venezuela

ESET research uncovers a cyberespionage operation targeting Venezuelan government institutions. Latin America is often overlooked when it comes to persistent threats and groups with politically motivated targets. There is, however, an ongoing case of cyberespionage against high-profile organizations that has managed to stay under the radar. The group behind these attacks has stolen gigabytes of … More ‘Machete’ cyberattack strikes Venezuela

A dive into Turla PowerShell usage

ESET researchers analyze new TTPs attributed to the Turla group that leverage PowerShell to run malware in-memory only. Turla, also known as Snake, is an infamous espionage group recognized for its complex malware. To confound detection, its operators recently started using PowerShell scripts that provide direct, in-memory loading and execution of malware executables and libraries. … More A dive into Turla PowerShell usage

Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage

ESET researchers have discovered that the attackers have been distributing the Plead malware via compromised routers and man-in-the-middle attacks against the legitimate ASUS WebStorage software. In July 2018 we discovered that the Plead backdoor was digitally signed by a code-signing certificate that was issued to D-Link Corporation. Recently we detected a new activity involving the same malware … More Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage

New ESET research uncovers Gazer, the stealthy backdoor that spies on embassies

Security researchers at ESET have released new research today into the activities of the notorious Turla cyberespionage group, and specifically a previously undocumented backdoor that has been used to spy on consulates and embassies worldwide. ESET’s research team are the first in the world to document the advanced backdoor malware, which they have named “Gazer”, despite evidence that … More New ESET research uncovers Gazer, the stealthy backdoor that spies on embassies

New ESET research paper puts Sednit under the microscope

Security researchers at ESET have released their latest research into the notorious Sednit cyberespionage group, which has targeted over 1000 high profile individuals with phishing attacks and zero-day exploits in their attempts to steal confidential information. The Sednit gang, also known sometimes as APT28, Fancy Bear, Pawn Storm or Sofacy, are highly experienced. It has … More New ESET research paper puts Sednit under the microscope