6 matches found
ToddyCat: Keep calm and check logs
ToddyCat is an advanced APT actor that we described in a previous publication last year. The group started its activities in December 2020 and has been responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Our first publication was focused on their main tools,...
‘CryptoRom’ Crypto Scam is Back via Side-Loaded Apps
For about a year now, crypto-traders and lovelorn singles alike have been losing their money to CryptoRom, a malware campaign that combines catfishing with crypto-scamming. According to research from Sophos, CryptoRom’s perpetrators have now improved their techniques. They’re leveraging new iOS...
GhostEmperor: From ProxyLogon to kernel mode
Download GhostEmperors technical details PDF While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode...
Astaroth Spy Trojan Uses Facebook, YouTube Profiles to Cover Tracks
Facebook and YouTube profiles are at the heart of an ongoing phishing campaign spreading the Astaroth trojan, bent on the eventual exfiltration of sensitive information. The attack is sophisticated in that it uses normally trusted sources as cover for malicious activities – thus evading usually...
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation Windows: COM Desktop Broker Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: AppContainer Sandbox Summar...
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation
Windows: COM Desktop Broker Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: AppContainer Sandbox Summary: The COM Desktop Broker doesn’t correctly check permissions...