Logo
Hamburger Menu Icon
Yoroi Background

Tag: apt

Grave Vulnerabilità su Sistemi iOS Apple

Proto: N060420. Con la presente Yoroi desidera informarla riguardo ad una vulnerabilità 0-day estremamente grave all’interno dei sistemi operativi mobile iOS di Apple, sistema operativo alla base dei celebri iPhone. La problematica nasce da lacune nella gestione della memoria all’interno delle librerie di sistema per i contenuti MIME (Multipurpose Internet Mail Extensions), attraverso le quali un […]

Read More

The North Korean Kimsuky APT keeps threatening South Korea evolving its TTPs

Introduction Recently we have observed a significant increase in state-sponsored operations carried out by threat actors worldwide. APT34, Gamaredon, and Transparent Tribe are a few samples of the recently uncovered campaigns, the latter was spotted after four years of apparent inactivity. Cybaze-Yoroi ZLab decided to study in depth a recent threat attributed to a North Korean APT dubbed Kimsuky. […]

Read More

Karkoff 2020: a new APT34 espionage operation involves Lebanon Government

Introduction In November 2018, researchers from Cisco Talos tracked and detailed a “DNSEspionage” campaign against targets in Lebanon and UAE. At the time of the report, the threat actor carried out a cyber espionage campaign by redirecting DNS traffic from domains owned by the Lebanon government to target entities in the country. In April 2019, Cisco Talos discovered […]

Read More

Transparent Tribe: Four Years Later

Introduction Operation Transparent Tribe was first spotted by Proofpoint Researchers in Feb 2016, in a series of espionages operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. At that time, the researchers tracked the sources IP in Pakistan, the attacks were part of a wider operation that relies on multi vector such […]

Read More

Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign

Introduction  Gamaredon Group is a Cyber Espionage persistent operation attributed to Russians FSB (Federal Security Service) in a long-term military and geo-political confrontation against the Ukrainian government and more in general against the Ukrainian military power.  Gamaredon has been active since 2014, and during this time, the modus operandi has remained almost the same. The […]

Read More

APT or not APT? What's Behind the Aggah Campaign

Introduction During our threat monitoring activities, we discovered an interesting drop chain related to the well-known Aggah campaign, the ambiguous infection chain observed by Unit42 which seemed to deliver payloads potentially associated with the Gorgon Group APT. After that, we discovered other malicious activities using the same TTPs and infrastructures, for instance in “The Enigmatic […]

Read More

The Arsenal Behind the Australian Parliament Hack

Introduction In the past days, an infamous cyber attack targeted an high profile target on the APAC area: the Australian Parliament House. As reported by the Australian prime minister there was no evidence of any information theft and the attack has been promptly isolated and contained by the Australian Cyber Security Centre (ACSC), however the […]

Read More

Sofacy's Zepakab Downloader Spotted In-The-Wild

In the last weeks, the Cybaze-Yoroi ZLAB investigated a new APT28 campaign discovered in January 2019. The sample has been initially identified by an Italian independent security researcher, who warned the InfoSec community and shared the binary for further analysis. Cybaze-Yoroi ZLab researchers analyzed this sample to extract indicators and investigate their presence into the […]

Read More

GreyEnergy: Welcome to 2019

Introduction In the first days of January, an interesting malware sample has been disclosed through the InfoSec community: a potential GreyEnergy implant still under investigation. This kind of threat, previously analyzed by third party firms, contains similarities with the infamous BlackEnergy malware, used in the attacks against the Ukrainian energy industry back in 2015. The […]

Read More

Dissecting the MuddyWater Infection Chain

Introduction In the last days of November, some Middle East countries have been targeted by a new wave of attacks related to the Iranian APT group known as "MuddyWater": their first campaign was observed back in 2017 and more recently Unit42 researchers reported attacks in the ME area. The MuddyWater’s TTPs seem to be quite invariant […]

Read More

New “Cozy Bear” campaign, old habits

Introduction The researchers of the Yoroi-Cybaze ZLab, on 16 November, accessed to a new APT29’s dangerous malware used for the recent attacks against many important US entities, such as military agencies, law enforcement, defense contractors, media companies and pharmaceutical companies.   The Russian group spread the malware through a spear phishing attacks impersonating a State Department […]

Read More

Hunting for Sofacy: Lojax Double-Agent Analysis

Introduction A new variant of the infamous APT28 Lojax (aka Double-Agent) has been discovered by the Yoroi-Cybaze ZLab researchers. It is the latest version of the well-known rootkit Double-Agent, previously analyzed by ESET researchers. The behavior of the Lojax sample seems to be similar to the previous versions and exploits the legitimate “Absolute Lojack” software […]

Read More
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram