Viruslist News

  • DNS Manipulation in Venezuela in regards to the Humanitarian Aid Campaign


    This website for volunteers in Venezuela appeared online on February 6th. Only a few days later, on February 11th, the day after the public announcement of the initiative, another almost identical website appeared with a very similar domain name and structure.
  • DDoS Attacks in Q4 2018


    For the third quarter in a row, the Top 10 ratings of countries by number of attacks, targets, and botnet C&C servers continue to fluctuate. Growth in DDoS activity is strongest where previously it was relatively low, while the once-dominant countries have seen a decline.
  • Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities


    Throughout the autumn of 2018 we analyzed a long-standing (and still active at that time) cyber-espionage campaign that was primarily targeting foreign diplomatic entities based in Iran. The attackers were using an improved version of Remexi in what the victimology suggests might be a domestic cyber-espionage operation.
  • Razy in search of cryptocurrency


    Last year, we discovered malware that installs a malicious browser extension on its victim’s computer or infects an already installed extension. To do so, it disables the integrity check for installed extensions and automatic updates for the targeted browser. Kaspersky Lab products detect the malicious program as Trojan.Win32.Razy.gen.
  • GreyEnergy’s overlap with Zebrocy


    We have identified an overlap between GreyEnergy, which is believed to be a successor to BlackEnergy group, and a Sofacy subset called “Zebrocy”. Both used the same servers at the same time and targeted the same organization.
  • A Zebrocy Go Downloader


    The Sofacy subset we identify as “Zebrocy” continues to target Central Asian government related organizations, both in-country and remote locations, along with a new middle eastern diplomatic target. And, as predicted, they continue to build out their malware set with a variety of scripts and managed code.
  • The world’s southernmost security conference


    In November I had the privilege of participating in a conference that can rightfully be labelled the world's southernmost. It is called "Patagonia Hacking" and it is organized in the Chilean city of Punta Arenas
  • Remotely controlled EV home chargers – the threats and vulnerabilities


    There are lots of home charger vendors. Some of them, such as ABB or GE, are well-known brands, but some smaller companies have to add ‘bells and whistles’ to their products to attract customers. One of the most obvious and popular options in this respect is remote control of the charging process. But from our point of view this sort of improvement can make chargers an easy target for a variety of attacks.
  • Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)


    In October 2018, our AEP systems detected an attempt to exploit a vulnerability in the Microsoft Windows. Further analysis led us to uncover a zero-day vulnerability in ntoskrnl.exe.
  • DarkVishnya: Banks attacked through direct connection to local network


    In 2017-2018, Kaspersky Lab specialists were invited to research a series of cybertheft incidents. Each attack had a common springboard: an unknown device directly connected to the company’s local network.

Leave a Reply

Your email address will not be published. Required fields are marked *