A deep dive down the Vermin RAThole

ESET researchers have analysed remote access tools cybercriminals have been using in an ongoing campaign to systematically exfiltrate data from Ukrainian systems. In this blogpost, we will sum up the findings published in full in our white paper “Quasar, Sobaken and Vermin: A deeper look into an ongoing espionage campaign”. The attackers behind the campaign … More A deep dive down the Vermin RAThole

Bad Rabbit: Not-Petya is back with improved ransomware

A new ransomware outbreak today and has hit some major infrastructure in Ukraine including Kiev metro. Here are some of the details about this new variant. Drive-by download via watering hole on popular sites One of the distribution method of Bad Rabbit is via drive-by download. Some popular websites are compromised and have JavaScript injected in … More Bad Rabbit: Not-Petya is back with improved ransomware

Analysis of TeleBots’ cunning backdoor

On the 27th of June 2017, a new cyberattack hit many computer systems in Ukraine, as well as in other countries. That attack was spearheaded by the malware ESET products detect as Diskcoder.C(aka ExPetr, PetrWrap, Petya, or NotPetya). This malware masquerades as typical ransomware: it encrypts the data on the computer and demands $300 bitcoins for recovery. In fact, … More Analysis of TeleBots’ cunning backdoor

TeleBots are back: Supply-chain attacks against Ukraine

The latest Petya-like outbreak has gathered a lot of attention from the media. However, it should be noted that this was not an isolated incident: this is the latest in a series of similar attacks in Ukraine. This blogpost reveals many details about the Diskcoder.C (aka ExPetr, PetrWrap, Petya, or NotPetya) outbreak and related information about previously … More TeleBots are back: Supply-chain attacks against Ukraine

All you need to know about the worldwide ‘Petya’ ransomware attacks

ESET Ireland wrote about Petya ransomware last year, a new variant massive cyberattack struck on June 27th. ESET LiveGrid technology detects the Petya malware as Win32/Diskcoder.C. If you have a default install of any modern ESET product, ESET would protect against this threat. Additionally, any ESET product with network detection would protect from the SMB spreading … More All you need to know about the worldwide ‘Petya’ ransomware attacks

Is the world going to go to war over cyberattacks?

According to NATO’s decision, a cyberattack on a member country could be considered an attack on the entire US-led alliance, potentially triggering a military response. Does this translate to “You hack us, we nuke you”? While on one hand cybersecurity is as much part of the global security system as physical security and should therefore … More Is the world going to go to war over cyberattacks?

Operation Groundbait: Espionage in Ukrainian war zones

In addition to the armed conflict in eastern Ukraine, in recent years the country has been facing a significantly higher number of targeted cyberattacks, or so-called advanced persistent threats (APTs). After BlackEnergy, which has, most infamously, facilitated attacks that resulted in power outages for hundreds of thousands of Ukrainian civilians, and Operation Potao Express, where … More Operation Groundbait: Espionage in Ukrainian war zones