Attack attempts involving the USA’s National Security Agency’s exploit are in hundreds of thousands daily. It has been two years since EternalBlue opened the door to one of the nastiest ransomware outbreaks in history, known as WannaCryptor (or WannaCry). Since the now-infamous malware incident, attempts to use the exploit have only been growing in prevalence. Currently … More NSA’s EternalBlue exploit reaching new heights since WannaCryptor outbreak
The latest ESET research offers a rare glimpse into the mechanics of a particularly stealthy and resilient backdoor that the Turla cyberespionage group can fully control via PDF files attached to emails. ESET researchers have investigated a distinctive backdoor used by the notorious Advanced Persistent Threat (APT) group known as Turla (or Snake, or Uroburos) to siphon … More Turla: In and out of its unique Outlook backdoor
ESET researchers have analysed remote access tools cybercriminals have been using in an ongoing campaign to systematically exfiltrate data from Ukrainian systems. In this blogpost, we will sum up the findings published in full in our white paper “Quasar, Sobaken and Vermin: A deeper look into an ongoing espionage campaign”. The attackers behind the campaign … More A deep dive down the Vermin RAThole
D-Link and Changing Information Technologies code-signing certificates stolen and abused by highly skilled cyberespionage group focused on East Asia, particularly Taiwan. ESET researchers have discovered a new malware campaign misusing stolen digital certificates. We spotted this malware campaign when our systems marked several files as suspicious. Interestingly, the flagged files were digitally signed using a valid … More Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign
New surveillance campaigns utilising FinFisher, infamous spyware known also as FinSpy and sold to governments and their agencies worldwide, are in the wild. Besides featuring technical improvements, some of these variants have been using a cunning, previously-unseen infection vector with strong indicators of major internet service provider (ISP) involvement. FinFisher has extensive spying capabilities, such as … More New FinFisher surveillance campaigns: Are internet providers involved?
Security researchers at ESET have released new research today into the activities of the notorious Turla cyberespionage group, and specifically a previously undocumented backdoor that has been used to spy on consulates and embassies worldwide. ESET’s research team are the first in the world to document the advanced backdoor malware, which they have named “Gazer”, despite evidence that … More New ESET research uncovers Gazer, the stealthy backdoor that spies on embassies
In recent years we’ve seen increasing numbers of attacks designed to affect systems which are isolated from the network and cannot be attacked using conventional methods. Almost all research into this has been carried out by experts in Israel – that comes as no great surprise since this is a country at the forefront of cybersecurity. … More USBee: how to spy on an isolated system with a USB