Lucene search
K

114 matches found

ThreatPost
ThreatPost
added 2020/06/17 10:12 p.m.565 views

AcidBox Malware Uncovered Using Repurposed VirtualBox Exploit

Advanced malware, dubbed AcidBox, has been identified by researchers who say a mysterious cybergang used it twice against Russian organizations as far back as 2017. In a report released Wednesday, Palo Alto Networks’ Unit 42 sheds new light onto attacks against the popular open-source...

7.2CVSS9.1AI score0.26869EPSS
Exploits8References7
ThreatPost
ThreatPost
added 2020/05/26 3:28 p.m.46 views

Turla APT Revamps One of Its Go-To Spy Tools

The Turla APT group has been spotted using an updated version of the ComRAT remote-access trojan RAT to attack governmental targets. Turla a.k.a. Snake, Venomous Bear, Waterbug or Uroboros, is a Russian-speaking threat actor known since 2014, but with roots that go back to 2004 and earlier,...

7.9AI score
Exploits0References6
The Hacker News
The Hacker News
added 2020/05/26 9:36 a.m.3 views

New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data

Cybersecurity researchers today uncovered a new advanced version of ComRAT backdoor, one of the earliest known backdoors used by the Turla APT group, that leverages Gmail's web interface to covertly receive commands and exfiltrate sensitive data. "ComRAT v4 was first seen in 2017 and known still ...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2020/05/26 9:36 a.m.54 views

New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data

Cybersecurity researchers today uncovered a new advanced version of ComRAT backdoor, one of the earliest known backdoors used by the Turla APT group, that leverages Gmail's web interface to covertly receive commands and exfiltrate sensitive data. "ComRAT v4 was first seen in 2017 and known still ...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2020/05/15 9:43 a.m.63 views

HTTP Status Codes Command This Malware How to Control Hacked Systems

A new version of COMpfun remote access trojan RAT has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe. The cyberespionage malware—traced to Turla APT with "medium-to-low level of confidence"...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/05/15 9:43 a.m.8 views

HTTP Status Codes Command This Malware How to Control Hacked Systems

A new version of COMpfun remote access trojan RAT has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe. The cyberespionage malware—traced to Turla APT with "medium-to-low level of confidence"...

5.8AI score
Exploits0
ThreatPost
ThreatPost
added 2020/05/14 8:59 p.m.44 views

Innovative Spy Trojan Targets European Diplomatic Targets

A fresh malware trojan has emerged, built from the same code base as the stealthy COMPFun remote access trojan RAT. The malware is using spoofed visa applications to hit diplomatic targets in Europe and may be the work of the Turla APT. According to researchers at Kaspersky, the fake visa...

7.5AI score
Exploits0References6
ThreatPost
ThreatPost
added 2019/10/21 5:52 p.m.61 views

Turla Compromises, Infiltrates Iranian APT Infrastructure

The Turla APT group has been spotted co-opting two cyberweapons from an Iranian APT APT 34, according to one set of researchers, known as the Nautilus and Neuron implants, and deploying them against targets in the Middle East. The group also infiltrated the global operational infrastructure used ...

0.3AI score
Exploits0References8
CISA
CISA
added 2019/10/21 12:0 a.m.14 views

NSA and NCSC Release Joint Advisory on Turla Group Activity

The National Security Agency NSA and the United Kingdom National Cyber Security Centre NCSC have released a joint advisory on advanced persistent threat APT group Turla—widely reported to be Russian and also known as Snake, Uroburos, VENEMOUS BEAR, or Waterbug. The advisory provides an update to...

6.7AI score
Exploits0References7
Schneier on Security
Schneier on Security
added 2019/10/10 6:49 p.m.66 views

New Reductor Nation-State Malware Compromises TLS

Kaspersky has a detailed blog post about a new piece of sophisticated malware that it's calling Reductor. The malware is able to compromise TLS traffic by infecting the computer with hacked TLS engine substituted on the fly, "marking" infected TLS handshakes by compromising the underlining...

1AI score
Exploits0
Metasploit
Metasploit
added 2019/09/11 4:7 p.m.29 views

Mazda 2 Instrument Cluster Accelorometer Mover

This module moves the needle of the accelorometer and speedometer of the Mazda 2 instrument cluster This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mazda 2 Instrument Cluster Accelorometer...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2019/07/15 8:55 p.m.129 views

Turla APT Returns with New Malware, Anti-Censorship Angle

The Turla APT has revamped its arsenal in 2019, creating new weapons and tools for targeting government entities. It’s now using booby-trapped anti-internet censorship software as an initial infection vector, suggesting Turla is going after dissident or other civil-society targets. The...

Exploits0References9
Securelist
Securelist
added 2019/07/15 10:0 a.m.158 views

Turla renews its arsenal with Topinambour

Turla, also known as Venomous Bear, Waterbug, and Uroboros, is a Russian speaking threat actor known since 2014, but with roots that go back to 2004 and earlier. It is a complex cyberattack platform focused predominantly on diplomatic and government-related targets, particularly in the Middle Eas...

7.9AI score
Exploits0
ThreatPost
ThreatPost
added 2019/05/09 2:49 p.m.87 views

Researchers in the Dark on Powerful LightNeuron Malware for Years

LightNeuron, a backdoor specifically designed to target Microsoft Exchange mail servers, has flown under the radar since at least 2014, despite being the malware linchpin at the center of several targeted campaigns. A fresh analysis of the recently uncovered code shows that it’s the first publicl...

7.8AI score
Exploits0References6
Securelist
Securelist
added 2019/04/30 10:0 a.m.87 views

APT trends report Q1 2019

For just under two years, the Global Research and Analysis Team GReAT at Kaspersky Lab has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published an...

7.2CVSS0.4AI score0.83524EPSS
Exploits81
ThreatPost
ThreatPost
added 2019/04/10 3:11 a.m.161 views

Meet ‘TajMahal,’ A New and Highly Advanced APT Framework

SINGAPORE – Researchers at Kaspersky Lab have discovered a new, highly sophisticated advanced persistent threat APT framework targeting a single Central Asian diplomatic agency. Malware samples associated with the APT reveal a complex never-before-seen code base, making it extremely hard to detec...

7.5AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/04/09 12:0 a.m.5 views

PT-2019-1817 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a component of the Windows operating system, specifically the Win32k component, which has insufficient access restrictions. This can be exploited by an attacker to...

7.8CVSS8.3AI score0.04151EPSS
Exploits2References15
Carbon Black Blog
Carbon Black Blog
added 2018/12/11 5:40 p.m.63 views

Partner Perspectives: Insight on Turla PNG Dropper

Editor's Note: This blog originally appeared on NCC Group's website. This is a short blog post on the PNG Dropper malware that has been developed and used by the Turla Group 1. The PNG Dropper was first discovered back in August 2017 by Carbon Black researchers. Back in 2017 it was being used to...

Exploits0
Securelist
Securelist
added 2018/12/05 2:0 p.m.79 views

APT review of the year

What were the most interesting developments in terms of APT activity throughout the year and what can we learn from them? Not an easy question to answer; everybody has partial visibility and it's never possible to really understand the motivations of some attacks or the developments behind them...

6.5AI score
Exploits0
ThreatPost
ThreatPost
added 2018/10/04 7:14 p.m.20 views

Virus Bulletin 2018: Turla APT Changes Shape with New Code and Targets

MONTREAL – The Turla APT group’s extensive activities have diversified this year, representing a mix of old code, new code and fresh targets. Perhaps most interesting, this sophisticated group is branching into using scripts and open-source code in its malware development – a marked departure for...

0.2AI score
Exploits0References14
Rows per page
Query Builder