Logo
Hamburger Menu Icon
Yoroi Background

Category: research

Threatening within Budget: How WSH-RAT is abused by Cyber-Crooks

Introduction Nowadays malware attacks work like a complex industry based on their own supply chains, data providers, access brokers and craftsmen developing and maintaining intrusion tools. During our monitoring operations we frequently face malware samples based on known families and code-bases, mangled and then used to conduct even more sophisticated attacks.  Recently, we intercepted a […]

Read More

Yes, Cyber Adversaries are still using Formbook in 2021

Introduction Cyber criminals are always looking for new ways to infiltrate companies, new techniques, or maybe only creative arrangement of known tricks to achieve their objective. In some of our previous blog posts, we documented how cyber criminals are investing their efforts on creating more and sophisticated code protectors to hide malicious software, and in […]

Read More

Connecting the dots inside the Italian APT Landscape

Introduction The news of the hack of one of the major strategic Italian companies circulated in the first half of December 2020 shocked a huge part of the national security community: Leonardo SpA (formerly Finmeccanica) runs critical services and projects directly related to the Italian defense industry and military corps.  On 5th December 2020, the […]

Read More

Opening “STEELCORGI”: A Sophisticated APT Swiss Army Knife

Introduction 2020 was a really intense year in terms of APT activities, in fact it brought us new evidence of sophisticated campaigns targeting Enterprises organization across Europe and also Italy. In particular the threat group we track as TH-239, also mentioned as UNC1945 by FireEye security researchers, has been one of the sneakiest.  We discussed […]

Read More

Shadows From the Past Threaten Italian Enterprises

Introduction The modern cyber threat landscape hides nasty surprises for companies, especially for the most structured and complex companies. Many times, threat actors develop very dangerous and effective techniques using tools and technologies in a smart, unattended way.  This is the case of a particular cyber criminal group operating cyber intrusion against one of the […]

Read More

New Cyber Operation Targets Italy: Digging Into the Netwire Attack Chain

Introduction Info stealer malware confirms to be one of the most adopted weapons of cyber actors. One of them is Netwire (MITRE S0198), a multiplatform remote administration tool (RAT) that has been used by criminals and espionage groups at least since 2012. During our Cyber Threat Intelligence monitoring we spotted a particular Office document weaponized […]

Read More

Himera and AbSent-Loader Leverage Covid19 Themes

 Introduction During our Cyber Defense monitoring activities we intercepted waves of incoming emails directed to many companies under our protective umbrella. These messages were leveraging FMLA (Family and Medical Leave Act) requests related to the ongoing CoronaVirus pandemics. These emails were weaponized with two versatile cyber-criminal tools: Himera and Absent-Loader.   Figure1: Email vector example Loaders […]

Read More

Cyber-Criminal espionage Operation insists on Italian Manufacturing

Introduction During our Cyber Threat Intelligence monitoring we spotted new malicious activities targeting some Italian companies operating worldwide in the manufacturing sector, some of them also part of the automotive production chain. The group behind this activity is the same we identified in the past malicious operations described in Roma225 (12/2018), Hagga (08/2019), Mana (09/2019), […]

Read More

Poulight Stealer, a new Comprehensive Stealer from Russia

Introduction Nowadays, info-stealer is one of the most common threats. This category of malware includes famous malware like Azorult, Agent Tesla, and Hawkeye. Infostealer market is one of the most remunerative for cyber criminals, information gathered from infected systems could be resold in the cybercrime underground or used for credential stuffing attacks. Over the last […]

Read More

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Introduction During our daily monitoring activities, we intercepted a singular Linux malware trying to penetrate the network of some of our customers. The Linux malware is the well-known “Shellbot”, it is a crimetool belonging to the arsenal of a threat actor tracked as the “Outlaw Hacking Group.” The Outlaw Hacking Group was first spotted by […]

Read More

A Brand New Ursnif/ISFB Campaign Targets Italian Organizations

Introduction Ursnif is one of the most and widespread threats, it is delivered through malspam campaigns aimed at multiple industries across Italy and Europe.   Recently, we have identified a new variant that is targeting Italian organizations. The malspam messages use attachments with subjects like “Avviso di Pagamento_xxxx_date” where xxxx is a number and date is […]

Read More

Ursnif Campaign Targets Italy with a New Infection Chain

Introduction Ursnif is one of the most and widespread common threats today delivered through malspam campaigns. It appeared on the threat landscape about 13 years ago and gained its popularity since 2014 when its source code was leaked online giving the opportunity to several threat actors to develop their own version. For months, Italian users […]

Read More
1 2 3 7
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram