2018: Research highlights from ESET’s leading lights

As the curtain slowly falls on yet another eventful year in cybersecurity, let’s look back on some of the finest malware analysis by ESET researchers in 2018. If you never got the chance to read this year’s investigations by ESET researchers into some of the most dangerous hacker shenanigans in recent years, or if you … More 2018: Research highlights from ESET’s leading lights

Q&A with an ESET Malware Researcher – Cyberattack via UEFI rootkit

ESET researchers discovered the first-ever known cyberattack conducted via a UEFI rootkit. We sat down with Jean-Ian Boutin, ESET Senior Malware Researcher who led the research and asked a few questions to shed more light on his team’s discovery and its consequences. In your white paper, you claim to have discovered the first-ever UEFI rootkit in the … More Q&A with an ESET Malware Researcher – Cyberattack via UEFI rootkit

LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group

ESET researchers have shown that the Sednit operators used different components of the LoJax malware to target a few government organizations in the Balkans as well as in Central and Eastern Europe. UEFI rootkits are widely viewed as extremely dangerous tools for implementing cyberattacks, as they are hard to detect and able to survive security … More LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group

Sednit update: How Fancy Bear Spent the Year

The Sednit group — also known as Strontium, APT28, Fancy Bear or Sofacy — is a group of attackers operating since 2004, if not earlier, and whose main objective is to steal confidential information from specific targets. This article is a follow-up to ESET’s presentation at BlueHat in November 2017. Late in 2016 we published a white paper covering Sednit activity … More Sednit update: How Fancy Bear Spent the Year

Sednit adds two zero-day exploits using ‘Trump’s attack on Syria’ as a decoy

Introduction The Sednit group, also known as APT28, Fancy Bear and Sofacy, is a group of attackers operating since at least 2004 and whose main objective is to steal confidential information from specific targets. In October 2016, ESET published an extensive analysis of Sednit’s arsenal and tactics in a whitepaper titled En Route with Sednit. Last … More Sednit adds two zero-day exploits using ‘Trump’s attack on Syria’ as a decoy

IAAF: Sednit cyber-gang behind cyberattack

The International Association of Athletics Federations (IAAF) has confirmed that its database of Therapeutic Use Exemption (TUE) applications has fallen victim to a suspected cyberattack from the notorious Sednit group. The attack by the group, also known as Fancy Bear, was detected on February 21st during a ‘proactive investigation’ by Context Information Security, which was … More IAAF: Sednit cyber-gang behind cyberattack