Hamburger Menu Icon
Yoroi Background

Tag: cybercrime

Reconstructing the last activities of Royal Ransomware 

Introduction Royal Ransomware is a new group first spotted on Bleeping Computer last September, where the cybersecurity news site revealed a connection with another malware known as Zeon.   At the moment, we don’t have much information about the group and all its actual TTPs, but we know that they use the Double Extortion model to […]

Read More

Dissecting BlueSky Ransomware Payload

Introduction BlueSky is a ransomware firstly spotted in May 2022 and it gained the attention of the threat researchers for two main reasons: the first one is that the group behind the ransomware doesn’t adopt the double-extortion model; the second one is that their targets are even normal users because the ransomware has been discovered […]

Read More

On the FootSteps of Hive Ransomware

Introduction  Hive ransomware is one of the most active financially motivated threat actors of this period, adopting the current Double Extorsion model. They started their malicious activities in June of the past year, and just in a year of activity they collected a big number of victims, demonstrating the capability to hit even critical infrastructures.   […]

Read More

A deep dive into Eternity Group: A new emerging Cyber Threat

For months, we at Yoroi Malware ZLab have studied and tracked the evolution of a new emerging cyber-criminal group which has attracted the attention of everyone inside the cyber security threat landscape. This threat actor calls itself “Eternity Group”, previously “Jester Group”, which we internally tracked it as “TH-320”. This threat has also recently been […]

Read More

Leak di dati di dirigenti italiani ed europei

Proto: N031121. Con la presente CERT-Yoroi riguardo alla recente circolazione negli ambienti undergroud cyber-criminali di dati realtivi ad impiegati e dirigenti di organizzazioni italiane di rilievo nei settori finanziario e bancario.  E' stata infatti rilevata la pubblicazione di 3887 contatti telefonici ed email di personale di alto profilo di centinaia di aziende private e pubbliche, condizione che aumenta il rischio frode (e.g. CEO-Fraud), e di cyber attacchi basati su tecniche di Social Engineering per le organizzazioni coinvolte.   Figura. Pubblicazione dati dirigenti fintech italiani ed europei  Considerato il contesto del rilevamento e la tipologia di personale coinvolto, CERT Yoroi consiglia di sensibilizzare gli utenti coinvolti ed il personale di collaborazione riguardo al rischio di eventuali contatti e richieste inattese via email e telefono, e nel caso, di segnalare l’accaduto agli uffici di sicurezza interni.  Yoroi consiglia infine di mantenere alto il livello di consapevolezza degli utenti, avvisandoli periodicamente delle minacce in corso e di utilizzare un team di esperti per salvaguardare la sicurezza del […]

Read More

Threatening within Budget: How WSH-RAT is abused by Cyber-Crooks

Introduction Nowadays malware attacks work like a complex industry based on their own supply chains, data providers, access brokers and craftsmen developing and maintaining intrusion tools. During our monitoring operations we frequently face malware samples based on known families and code-bases, mangled and then used to conduct even more sophisticated attacks.  Recently, we intercepted a […]

Read More

Attacchi Emergenti a Firmware UEFI/BIOS

Proto: N041220. Con la presente Yoroi intende informarla riguardo un nuovo trend di attacco verso firmware UEFI/BIOS. Questa tecnica di attacco fa uso di appositi strumenti e codici finalizzati a leggere, scrivere o cancellare il firmware UEFI/BIOS di un dispositivo.  Questa tipologia di attacco era in passato limitata a scenari di attacco avanzati filo governativi, […]

Read More

Shadows From the Past Threaten Italian Enterprises

Introduction The modern cyber threat landscape hides nasty surprises for companies, especially for the most structured and complex companies. Many times, threat actors develop very dangerous and effective techniques using tools and technologies in a smart, unattended way.  This is the case of a particular cyber criminal group operating cyber intrusion against one of the […]

Read More

Poulight Stealer, a new Comprehensive Stealer from Russia

Introduction Nowadays, info-stealer is one of the most common threats. This category of malware includes famous malware like Azorult, Agent Tesla, and Hawkeye. Infostealer market is one of the most remunerative for cyber criminals, information gathered from infected systems could be resold in the cybercrime underground or used for credential stuffing attacks. Over the last […]

Read More

Ondate di Attacco sLoad Tramite PEC

Proto: N050420. Con la presente Yoroi desidera informarla riguardo alla recente scoperta di ondate di attacco dirette ad utenze ed organizzazioni italiane. Le email fraudolente sono recapitate alle caselle di posta elettronica certificata (PEC) ed invitano la vittima all’apertura di un archivio zip ad esse allegato. Al suo interno, è presente un documento PDF corrotto […]

Read More

Ursnif Campaign Targets Italy with a New Infection Chain

Introduction Ursnif is one of the most and widespread common threats today delivered through malspam campaigns. It appeared on the threat landscape about 13 years ago and gained its popularity since 2014 when its source code was leaked online giving the opportunity to several threat actors to develop their own version. For months, Italian users […]

Read More

New Cyber Attack Campaign Leverages the COVID-19 Infodemic

Introduction Nowadays, it is common to say that the physical world and the cyber world are strictly connected. The proof is the leverage of the current physical threat, the CoronaVirus, as a social engineering trick to infect the cyber world. It is not new for cyber-crooks to exploit social phenomena to spread malware in order […]

Read More
1 2 3 11
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram