Malicious code in destroyer-of-worlds (npm)

The package destroyer-of-worlds was found to contain malicious code...

MAL-2025-18338 Malicious code in destroyer-of-worlds (npm)

The package destroyer-of-worlds was found to contain malicious code...

U.S. Offers $10 Million Bounty for Information on 6 Russian Military Hackers

The U.S. government on Tuesday announced up to $10 million in rewards for information on six hackers associated with the Russian military intelligence service. "These individuals participated in malicious cyber activities on behalf of the Russian government against U.S. critical infrastructure in...

U.S. Charges 6 Russian Intelligence Officers Over Destructive Cyberattacks

The US government on Monday formally charged six Russian intelligence officers for carrying out destructive malware attacks with an aim to disrupt and destabilize other nations and cause monetary losses. The individuals, who work for Unit 74455 of the Russian Main Intelligence Directorate GRU, ha...

305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer

Larry Cashdollar, senior security response engineer at Akamai, has been finding CVEs since the 1990s, around when MITRE was first being established. Since then, he’s found 305 CVEs – as well as various security findings, such an IoT bricking malware called Silex, and cybercriminals targeting poor...

Malicious Package in destroyer-of-worlds

The package destroyer-of-worlds contained malicious code. The package contained a bash script that was run as a postinstall script. The script deleted system files and attempted to exhaust resources by creating a large file, a fork bomb and an endless loop. The script targeted UNIX systems...

Details of the Olympic Destroyer APT

Interesting details on Olympic Destroyer, the nation-state cyberattack against the 2018 Winter Olympic Games in South Korea. Wired's Andy Greenberg presents evidence that the perpetrator was Russia, and not North Korea or China...

2018 in Snort Rules

This blog post was authored by Benny Ketelslegers of Cisco Talos The cybersecurity field shifted quite a bit in 2018. With the boom of cryptocurrency, we saw a transition from ransomware to cryptocurrency miners. Talos researchers identified APT campaigns including VPNFilter, predominantly...

Year in Malware 2018: The most prominent threats Talos tracked this year

It was easy to see a wild year coming in cybersecurity. It started with a bang, with Olympic Destroyer targeting the Winter Olympics in February in an attempt to disrupt the opening ceremonies. Things only got crazier from there, with cryptocurrency miners popping up everywhere, and VPNFilter...

Olympic Destroyer Wiper Changes Up Infection Routine

Olympic Destroyer, the wiper malware that briefly disrupted the Winter Olympic Games in South Korea earlier this year, appears to be back with a new first-stage dropper variant. It contains a few significant changes that indicate an evolution for the APT group behind it, according to researchers...

Destroyer Standalone Antivirus SysGuard.sys Driver Has a Local Lift Vulnerability

Destroyer Standalone Antivirus is an antivirus program. A local elevation of privilege vulnerability exists in the Destroyer Standalone Antivirus SysGuard.sys driver. An attacker can achieve elevation of privilege by constructing packets that cause the computer to blue screen...

Destroyer Standalone Antivirus SysGuard.sys Driver Has Denial of Service Vulnerability

Destroyer Standalone Antivirus is an antivirus program. A denial of service vulnerability exists in the Destroyer Standalone Antivirus SysGuard.sys driver. An attacker could cause a computer to blue screen by constructing packets...

Denial of Service Vulnerability in Destroyer Antivirus Software

Destroyer Antivirus, a security product of Destroyer Dalian Information Technology Co., Ltd, uses a self-developed super antivirus engine. A denial of service vulnerability exists in the SysGuard.sys driver of Destroyer Antivirus. An attacker can cause a blue screen by constructing a packet to se...

Olympic Destroyer Returns to Target Biochemical Labs

Olympic Destroyer, the threat actor that caused a crippling sabotage attack on the networks supporting this year’s Winter Games in Pyeongchang, South Korea, has resurfaced with a spy campaign – and with a wider target range. The new campaign began last month and is ongoing, employing spear-phishi...

Hackers Who Hit Winter Olympics 2018 Are Still Alive and Kicking

Remember the 'Olympic Destroyer' cyber attack? The group behind it is still alive, kicking and has now been found targeting biological and chemical threat prevention laboratories in Europe and Ukraine, and a few financial organisation in Russia. Earlier this year, an unknown group of notorious...

Hackers Who Hit Winter Olympics 2018 Are Still Alive and Kicking

Remember the 'Olympic Destroyer' cyber attack? The group behind it is still alive, kicking and has now been found targeting biological and chemical threat prevention laboratories in Europe and Ukraine, and a few financial organisation in Russia. Earlier this year, an unknown group of notorious...

Olympic Destroyer is still alive

In March 2018 we published our research on Olympic Destroyer, an advanced threat actor that hit organizers, suppliers and partners of the Winter Olympic Games 2018 held in Pyeongchang, South Korea. Olympic Destroyer was a cyber-sabotage attack based on the spread of a destructive network worm. Th...

IT threat evolution Q1 2018

Targeted attacks and malware campaigns Skygofree: sophisticated mobile surveillance In January, we uncovered a sophisticated mobile implant that provides attackers with remote control of infected Android devices. The malware, called Skygofree after one of the domains it uses, is a targeted...

APT Trends report Q1 2018

In the second quarter of 2017, Kaspersky's Global Research and Analysis Team GReAT began publishing summaries of the quarter's private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on...

Olympic Destroyer: A False Flag Confusion Bomb

CANCUN, Mexico – A postmortem of the Olympic Destroyer malware used in the PyeongChang Olympics attack reveals a deliberate attempt by adversaries to plant a false flags when it comes to attribution, according to researchers. Days after the crippling attack on the backend networks tied to the...