Head Mare: adventures of a unicorn in Russia and Belarus

Head Mare is a hacktivist group that first made itself known in 2023 on the social network X formerly Twitter1. In their public posts, the attackers reveal information about some of their victims, including organization names, internal documents stolen during attacks, and screenshots of desktops...

DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware

Introduction In February 2024, we discovered a new malware campaign targeting government entities in the Middle East. We dubbed it "DuneQuixote"; and our investigation uncovered over 30 DuneQuixote dropper samples actively employed in the campaign. These droppers, which exist in two versions –...

IoC detection experiments with ChatGPT

ChatGPT is a groundbreaking chatbot powered by the neural network-based language model text-davinci-003 and trained on a large dataset of text from the Internet. It is capable of generating human-like text in a wide range of styles and formats. ChatGPT can be fine-tuned for specific tasks, such a...

Lazarus on the hunt for big game

We may only be six months in, but theres little doubt that 2020 will go down in history as a rather unpleasant year. In the field of cybersecurity, the collective hurt mostly crystallized around the increasing prevalence of targeted ransomware attacks. By investigating a number of these incidents...

Black Friday Alert 2019: Net Shopping Bag of Threats

Every year, Kaspersky releases an annual Black Friday alert to highlight how fraudsters may capitalize on increased levels of online shopping at this time of year when many brands are offering their customers appealing discounts. In the rush to get a big discount or, even more panic-inducing, a...

Cyberthreats to financial institutions 2019: overview and predictions

Kaspersky Security Bulletin: Threat Predictions for 2019 Threat predictions for industrial security in 2019 Cryptocurrency threat predictions for 2019 Introduction – key events in 2018 The past year has been extremely eventful in terms of the digital threats faced by financial institutions:...

Backdoors in D-Link’s backyard

"If you want to change the world, start with yourself." In the case of security research this can be rephrased to: "If you want to make the world safer, start with the smart things in your home." Or, to be more specific, start with your router – the core of any home network as well as an...

Operation Parliament, who is doing what?

Summary Kaspersky Lab has been tracking a series of attacks utilizing unknown malware since early 2017. The attacks appear to be geopolitically motivated and target high profile organizations. The objective of the attacks is clearly espionage – they involve gaining access to top legislative,...

Pocket cryptofarms

In recent months, the topic of cryptocurrency has been a permanent news fixture — the value of digital money has been see-sawing spectacularly. Such pyrotechnics could hardly have escaped the attention of scammers, which is why cryptocurrency fluctuations have gone hand in hand with all kinds of...

LianSpy: new Android spyware targeting Russian users

In March 2024, we discovered a campaign targeting individuals in Russia with previously unseen Android spyware we dubbed LianSpy. Our analysis indicates that the malware has been active since July 2021. This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs a...

APT trends report Q1 2024

For more than six years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published and...

Assessing the Y, and How, of the XZ Utils incident

High-end APT groups perform highly interesting social engineering campaigns in order to penetrate well-protected targets. For example, carefully constructed forum responses on precision targeted accounts and follow-up "out-of-band" interactions regarding underground rail system simulator software...

IT threat evolution in Q3 2023. Mobile statistics

IT threat evolution in Q3 2023 IT threat evolution in Q3 2023. Non-mobile statistics IT threat evolution in Q3 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures Accordin...

Modern Asian APT groups’ tactics, techniques and procedures (TTPs)

Almost every quarter, someone publishes major research focusing on campaigns or incidents that involve Asian APT groups. These campaigns and incidents target various organizations from a multitude of industries. Likewise, the geographic location of victims is not limited to just one region. This...

Gaming-related cyberthreats in 2023: Minecrafters targeted the most

Introduction and trends The gaming industry continues growing. The Newzoo report for 2023 reveals that two in five — more than three billion — across the globe are gamers, which is 6.3 percent more than last year. Globally, gaming revenue amounts to an estimated US$242.39 billion, with almost hal...

Overview of IoT threats in 2023

IoT devices routers, cameras, NAS boxes, and smart home components multiply every year. Statista portal predicts their number will exceed 29 billion by 2030. As connected device numbers increase, so does the need for protection against various threats. The first-ever large-scale malware attacks o...

Malvertising through search engines

In recent months, we observed an increase in the number of malicious campaigns that use Google Advertising as a means of distributing and delivering malware. At least two different stealers, Rhadamanthys and RedLine, were abusing the search engine promotion plan in order to deliver malicious...

Threat in your browser: what dangers innocent-looking extensions hold for users

Whether you want to block ads, keep a to-do list or check your spelling, browser extensions allow you to do all of the above and more, improving convenience, productivity and efficiency for free, which is why they are so popular. Chrome, Safari, Mozilla — these and many other major Web browsers —...

A Bad Luck BlackCat

In early December 2021, a new ransomware actor started advertising its services on a Russian underground forum. They presented themselves as ALPHV, a new generation Ransomware-as-a-Service RaaS group. Shortly afterwards, they dialed up their activity, infecting numerous corporate victims around t...

WildPressure targets industrial-related entities in the Middle East

In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine KTAE doesn't...

Cybersecurity of connected healthcare 2020: Overview and predictions

Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020 5G technology predictions 2020 Corporate security prediction 2020 Cyberthreats to financial institutions 2020: Overview and predictions More than two years after the infamous Wannacry ransomware crippled medical facilities and...

5G technology predictions 2020

Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020 Cybersecurity of connected healthcare 2020: Overview and predictions Corporate security prediction 2020 Cyberthreats to financial institutions 2020: Overview and predictions It is estimated that data will reach 175 zettabytes...

How we hacked our colleague’s smart home

In this article, we publish the results of our study of the Fibaro Home Center smart home. We identified vulnerabilities in Fibaro Home Center 2 and Fibaro Home Center Lite version 4.540, as well as vulnerabilities in the online API. An offer you cannot refuse The backbone of any technology compa...

Threat Landscape for Industrial Automation Systems in H1 2018

For many years, Kaspersky Lab experts have been uncovering and researching cyberthreats that target a variety of information systems – those of commercial and government organizations, banks, telecoms operators, industrial enterprises, and individual users. In this report, Kaspersky Lab Industria...

What are botnets downloading?

Spam mailshots with links to malware and bots downloading other malware are just a couple of botnet deployment scenarios. The choice of infectious payload is limited only by the imagination of the botnet operator or customer. It might be a ransomware, a banker, a miner, a backdoor, the list goes...

Loki Bot: On a hunt for corporate passwords

Starting from early July, we have seen malicious spam activity that has targeted corporate mailboxes. The messages discovered so far contain an attachment with an .iso extension that Kaspersky Lab solutions detect as Loki Bot. The malware's key objective is to steal passwords from browsers,...

ChatGPT at work: how chatbots help employees, but threaten business

Workhorse Only a few months ago, ChatGPT and other chatbots based on large language models LLMs were still a novelty. Users enjoyed using them to compose poems and lyrics in the style of famous artists which left Nick Cave, for example, decidedly unimpressed, researchers debated blowing up data...

IT threat evolution in Q2 2023. Mobile statistics

IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures Accordin...

Dissecting TriangleDB, a Triangulation spyware implant

Over the years, there have been multiple cases when iOS devices were infected with targeted spyware such as Pegasus, Predator, Reign and others. Often, the process of infecting a device involves launching a chain of different exploits, e.g. for escaping the iMessage sandbox while processing a...

Developing an incident response playbook

An incident response playbook is a predefined set of actions to address a specific security incident such as malware infection, violation of security policies, DDoS attack, etc. Its main goal is to enable a large enterprise security team to respond to cyberattacks in a timely and effective manner...

Server-side attacks, C&C in public clouds and other MDR cases we observed

Introduction This report describes several interesting incidents observed by the Kaspersky Managed Detection and Response MDR team. The goal of the report is to inform our customers about techniques used by attackers. We hope that learning about the attacks that took place in the wild helps you t...

DDoS attacks in Q2 2022

News overview Politically-motivated cyberattacks dominated the DDoS landscape in the second quarter of 2022 just as they did in the previous reporting period. ALtahrea Team, a group targeting NATO and its partners, attacked public transportation websites in Israel and the United Kingdom. Israel s...

Triada Trojan in WhatsApp mod

WhatsApp users sometimes feel the official app is lacking a useful feature of one sort or another, be it animated themes, self-destructing messages which automatically delete themselves, the option of hiding certain conversations from the main list, automatic translation of messages, or the optio...

Threat Predictions for Cryptocurrencies in 2018

The landscape in 2017 Today, cryptocurrency is no longer only for computer geeks and IT pros. It's starting to affect people's daily life more than they realize. At the same time, it is fast becoming an attractive target for cybercriminals. Some cyberthreats have been inherited from e-payments,...

Lumma Stealer – Tracking distribution channels

Introduction The evolution of Malware-as-a-Service MaaS has significantly lowered the barriers to entry for cybercriminals, with information stealers becoming one of the most commercially successful categories in this underground economy. Among these threats, Lumma Stealer has emerged as a...

The dark side of Black Friday: decoding cyberthreats around the year’s biggest shopping season

As the annual Black Friday approaches, the digital landscape experiences an unprecedented surge in e-commerce and online shopping activity. Major sales aside, e-commerce is still a huge market. In 2022, global e-commerce retail revenue was estimated to reach $5.7 trillion worldwide, marking nearl...

Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware

Introduction As a cybersecurity company, Kaspersky is constantly dealing with known and brand-new malware samples. As part of our crimeware reporting service, we provide our customers with technical reports on the evolution of existing crimeware families, as well as newly emerging ones. In this...

BlueNoroff introduces new methods bypassing MoTW

BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. We have published technical details of how this notorious group steals cryptocurrency before. We continue to track the groups activities and this October we observed the adoption of new...

Telehealth: a new frontier in medicine—and security

Telehealth today doesnt just involve chatting with a doctor via a video-conferencing application. Its become an entire collection of rapidly developing technologies and products that includes specialized applications, wearable devices, implantable sensors, and cloud databases, many of which have...

Kaspersky Security Bulletin 2020. Statistics

All statistics in this report are from the global cloud service Kaspersky Security Network KSN, which receives information from components in our security solutions. The data was obtained from users who have given their consent to it being sent to KSN. Millions of Kaspersky users around the globe...

Healthcare security in 2021

The pandemic has turned 2020 into a year of medicine and information technology. The remarkable surge in the criticality level of medical infrastructure, coupled with feasible across-the-board digitalization, led to many of our last years predictions coming true much sooner than expected. As we...

Ghimob: a Tétrade threat actor moves to infect mobile devices

Guildma, a threat actor that is part of the Tétrade family of banking trojans, has been working on bringing in new techniques, creating new malware and targeting new victims. Recently, their new creation, the Ghimob banking trojan, has been a move toward infecting mobile devices, targeting...

GravityRAT: The spy returns

In 2018, researchers at Cisco Talos published a post on the spyware GravityRAT, used to target the Indian armed forces. The Indian Computer Emergency Response Team CERT-IN first discovered the Trojan in 2017. Its creators are believed to be Pakistani hacker groups. According to our information, t...

Kaspersky Security Bulletin 2018. Story of the year: miners

Kaspersky Security Bulletin 2018. Statistics Kaspersky Security Bulletin 2018. Top security stories Kaspersky Security Bulletin 2018. Threat Predictions for 2019 Cryptocurrency miners that infect the computers of unsuspecting users essentially operate according to the same business model as...

Roaming Mantis dabbles in mining and phishing multilingually

In April 2018, Kaspersky Lab published a blogpost titled 'Roaming Mantis uses DNS hijacking to infect Android smartphones'. Roaming Mantis uses Android malware which is designed to spread via DNS hijacking and targets Android devices. This activity is located mostly in Asia South Korea, Banglades...

GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia

In a recent incident response IR case, we discovered highly customized malware targeting Exchange infrastructure within government environments. Analysis of detection logs and clues within the sample suggests that the Exchange server was likely compromised via a known N-day vulnerability. Our...

Bypassing 2FA with phishing and OTP bots

Introduction Two-factor authentication 2FA is a security feature we have come to expect as standard by 2024. Most of todays websites offer some form of it, and some of them wont even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain types ...

IT threat evolution in Q1 2024. Mobile statistics

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Quarterly figures According to Kaspersky Security Network, in Q1 2024: 10.1 million attacks using malware, adware, or unwanted mobile software were blocked. The most commo...

Anomaly detection in certificate-based TGT requests

One of the most complex yet effective methods of gaining unauthorized access to corporate network resources is an attack using forged certificates. Attackers create such certificates to fool the Key Distribution Center KDC into granting access to the target companys network. An example of such an...

Verizon’s 2020 DBIR

Verizon's 2020 DBIR is out, you can download a copy or peruse their publication online. Kaspersky was a contributor once again, and we are happy to provide generalized incident data from our unique and objective research. We have contributed to this project and others like it for years now. This...