Lucene search
K

16 matches found

Rapid7 Blog
Rapid7 Blog
added 2023/10/05 5:45 p.m.46 views

Little Crumbs Can Lead To Giants

This week is the Virus Bulletin Conference in London. Part of the conference is the Cyber Threat Alliance summit, where CTA members like Rapid7 showcase their research into all kinds of cyber threats and techniques. Traditionally, when we investigate a campaign, the focus is mostly on the code of...

5.8CVSS6.8AI score0.01986EPSS
Exploits0
ThreatPost
ThreatPost
added 2020/12/09 4:40 p.m.454 views

COVID-19 Vaccine Cyberattacks Steal Credentials, Spread Zebrocy Malware

Cybercriminals are tapping into the impending rollout of COVID-19 vaccines with everything from simple phishing scams all the way up to sophisticated Zebrocy malware campaigns. Security researchers with KnowBe4 said that the recent slew of vaccine-related cyberattacks leverage the widespread medi...

6.5AI score
Exploits0References18
The Hacker News
The Hacker News
added 2020/12/09 3:5 p.m.91 views

Russian APT28 Hackers Using COVID-19 as Bait to Deliver Zebrocy Malware

A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage. Linking the operation to a...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/09 3:5 p.m.5 views

Russian APT28 Hackers Using COVID-19 as Bait to Deliver Zebrocy Malware

A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage. Linking the operation to a...

5.8AI score
Exploits0
CISA
CISA
added 2020/10/29 12:0 a.m.16 views

CISA and CNMF Identify a New Malware Variant: Zebrocy

Content: The Cybersecurity and Infrastructure Security Agency CISA and the Department of Defense DOD Cyber National Mission Force CNMF have identified a malware variant—referred to as Zebrocy—used by a sophisticated cyber actor. In addition, U.S. Cyber Command has released the malware sample to t...

6.9AI score
Exploits0References2
ThreatPost
ThreatPost
added 2019/09/24 3:10 p.m.66 views

Zebrocy Retools for New Political Attacks

The APT known as the Sednit threat group also known as Sofacy, APT28 and Fancy Bear has kicked off a fresh spearphishing campaign, that was spotted targeting government entities with the Zebrocy backdoor. The malware features a rewritten and newly-improved backdoor and downloader, indicating an...

7.8AI score
Exploits0References12
ThreatPost
ThreatPost
added 2019/06/04 6:48 p.m.84 views

Zebrocy: A Russian APT Specializing in Victim Profiling, Access

Zebrocy, the Russian speaking threat group that shares similarities and overlaps with both the Sofacy and BlackEnergy APTs, is once again roaming the wide plain of government, foreign-affairs and military targets. Researchers have spotted the group using a new first-stage malware dropper in recen...

0.2AI score
Exploits0References5
Securelist
Securelist
added 2019/06/03 2:0 p.m.104 views

Zebrocy’s Multilanguage Malware Salad

Zebrocy is Russian speaking APT that presents a strange set of stripes. To keep things simple, there are three things to know about Zebrocy Zebrocy is an active sub-group of victim profiling and access specialists Zebrocy maintains a lineage back through 2013, sharing malware artefacts and...

7.2AI score
Exploits0
Securelist
Securelist
added 2019/05/23 10:0 a.m.3223 views

IT threat evolution Q1 2019

Targeted attacks and malware campaigns Go Zebrocy Zebrocy was first observed being used as a Sofacy backdoor in 2015. However, the collection of cases where this tool has been used mean that we consider it a subset of activity in its own right. On the basis of this threat actor's past behaviour, ...

7.2CVSS7.8AI score0.96274EPSS
Exploits13
ThreatPost
ThreatPost
added 2019/04/10 3:11 a.m.161 views

Meet ‘TajMahal,’ A New and Highly Advanced APT Framework

SINGAPORE – Researchers at Kaspersky Lab have discovered a new, highly sophisticated advanced persistent threat APT framework targeting a single Central Asian diplomatic agency. Malware samples associated with the APT reveal a complex never-before-seen code base, making it extremely hard to detec...

7.5AI score
Exploits0References4
Carbon Black Blog
Carbon Black Blog
added 2019/04/05 5:22 p.m.168 views

CB TAU Threat Intelligence Notification: Hunting APT28 Downloaders

Recently the Carbon Black Threat Analysis Unit TAU analyzed the APT28 downloaders SedUploader and Zebrocy which has been observed over the previous six months. There have been several good publications regarding the code analysis of SedUploader and Zebrocy already 125679. Therefore, in this artic...

7.4AI score
Exploits0
Securelist
Securelist
added 2019/01/24 9:0 a.m.1445 views

GreyEnergy’s overlap with Zebrocy

In October 2018, ESET published a report describing a set of activity they called GreyEnergy, which is believed to be a successor to BlackEnergy group. BlackEnergy a.k.a. Sandworm is best known, among other things, for having been involved in attacks against Ukrainian energy facilities in 2015,...

9.3CVSS8.8AI score0.99945EPSS
Exploits62
Securelist
Securelist
added 2019/01/11 10:0 a.m.140 views

A Zebrocy Go Downloader

Last year at SAS2018 in Cancun, Mexico, "Masha and these Bears" included discussion of a subset of Sofacy activity and malware that we call "Zebrocy", and predictions for the decline of SPLM/XAgent Sofacy activity coinciding with the acceleration of Zebrocy activity and innovation. Zebrocy was...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2018/12/18 9:48 p.m.12 views

Sofacy Russia-Linked APT Debuts Fresh Zebrocy Variant

The Zebrocy trojan – a custom downloader malware used by Russia-linked APT Sofacy a.k.a. APT28, Fancy Bear or Sednit – has a new variant. While it’s functionally much the same as its other versions, the new code was written using the Go programming language. The similarities between the new paylo...

0.2AI score
Exploits0References3
Securelist
Securelist
added 2018/12/05 2:0 p.m.79 views

APT review of the year

What were the most interesting developments in terms of APT activity throughout the year and what can we learn from them? Not an easy question to answer; everybody has partial visibility and it's never possible to really understand the motivations of some attacks or the developments behind them...

6.5AI score
Exploits0
Securelist
Securelist
added 2018/03/09 5:0 p.m.53 views

Masha and these Bears

Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a prolific, well resourced, and persistent adversary. They are sometimes portrayed as wild and reckless, but as seen under our visibility, the group can be pragmatic, measured, and agile. Our previous post on their 2017 activity stepped...

7.9AI score
Exploits0
Rows per page
Query Builder