Tag: cybercrime
Innovation in Cyber Intrusions: The Evolution of TA544
12/18/2023
Introduction Innovation is not only an activity performed by companies, committed to protecting their perimeter, but is also an provided by threat actors. In fact, while organizations are investing in cybersecurity operations, such buying or implementing digital defenses, threat actors are implementing new strategies to bypass those protections. An example of this type of innovation […]
Vulnerabilità critica su Citrix sfruttata da LockBit
11/23/2023
PROTO: N231122 CERT Yoroi informa riguardo una vulnerabilità critica che affligge la tecnologia Citrix NetScaler ADC e NetScaler Gateway. L'appliance NetScaler è uno switch applicativo che esegue l'analisi del traffico specifico dell'applicazione per distribuire, ottimizzare e proteggere in modo intelligente il traffico di rete Layer 4-Layer 7 (L4-L7) per le applicazioni web, mentre NetScaler Gateway […]
DuckTail: Dissecting a complex infection chain started from social engineering
03/29/2023
Introduction It is concerning to learn about the increasing use of social engineering tactics to exploit users on social media platforms. Cybercriminals commonly disguise malware as games, music, software, and other media content to deceive users into downloading and installing malicious software on their devices. One such sophisticated stealer is DuckTail, which was first identified […]
Reconstructing the last activities of Royal Ransomware
11/17/2022
Introduction Royal Ransomware is a new group first spotted on Bleeping Computer last September, where the cybersecurity news site revealed a connection with another malware known as Zeon. At the moment, we don’t have much information about the group and all its actual TTPs, but we know that they use the Double Extortion model to […]
Dissecting BlueSky Ransomware Payload
09/30/2022
Introduction BlueSky is a ransomware firstly spotted in May 2022 and it gained the attention of the threat researchers for two main reasons: the first one is that the group behind the ransomware doesn’t adopt the double-extortion model; the second one is that their targets are even normal users because the ransomware has been discovered […]
On the FootSteps of Hive Ransomware
07/26/2022
Introduction Hive ransomware is one of the most active financially motivated threat actors of this period, adopting the current Double Extorsion model. They started their malicious activities in June of the past year, and just in a year of activity they collected a big number of victims, demonstrating the capability to hit even critical infrastructures. […]
A deep dive into Eternity Group: A new emerging Cyber Threat
05/18/2022
For months, we at Yoroi Malware ZLab have studied and tracked the evolution of a new emerging cyber-criminal group which has attracted the attention of everyone inside the cyber security threat landscape. This threat actor calls itself “Eternity Group”, previously “Jester Group”, which we internally tracked it as “TH-320”. This threat has also recently been […]
Leak di dati di dirigenti italiani ed europei
11/19/2021
Proto: N031121. Con la presente CERT-Yoroi riguardo alla recente circolazione negli ambienti undergroud cyber-criminali di dati realtivi ad impiegati e dirigenti di organizzazioni italiane di rilievo nei settori finanziario e bancario. E' stata infatti rilevata la pubblicazione di 3887 contatti telefonici ed email di personale di alto profilo di centinaia di aziende private e pubbliche, condizione che aumenta il rischio frode (e.g. CEO-Fraud), e di cyber attacchi basati su tecniche di Social Engineering per le organizzazioni coinvolte. Figura. Pubblicazione dati dirigenti fintech italiani ed europei Considerato il contesto del rilevamento e la tipologia di personale coinvolto, CERT Yoroi consiglia di sensibilizzare gli utenti coinvolti ed il personale di collaborazione riguardo al rischio di eventuali contatti e richieste inattese via email e telefono, e nel caso, di segnalare l’accaduto agli uffici di sicurezza interni. Yoroi consiglia infine di mantenere alto il livello di consapevolezza degli utenti, avvisandoli periodicamente delle minacce in corso e di utilizzare un team di esperti per salvaguardare la sicurezza del […]
Threatening within Budget: How WSH-RAT is abused by Cyber-Crooks
03/16/2021
Introduction Nowadays malware attacks work like a complex industry based on their own supply chains, data providers, access brokers and craftsmen developing and maintaining intrusion tools. During our monitoring operations we frequently face malware samples based on known families and code-bases, mangled and then used to conduct even more sophisticated attacks. Recently, we intercepted a […]
Attacchi Emergenti a Firmware UEFI/BIOS
12/10/2020
Proto: N041220. Con la presente Yoroi intende informarla riguardo un nuovo trend di attacco verso firmware UEFI/BIOS. Questa tecnica di attacco fa uso di appositi strumenti e codici finalizzati a leggere, scrivere o cancellare il firmware UEFI/BIOS di un dispositivo. Questa tipologia di attacco era in passato limitata a scenari di attacco avanzati filo governativi, […]
Shadows From the Past Threaten Italian Enterprises
11/30/2020
Introduction The modern cyber threat landscape hides nasty surprises for companies, especially for the most structured and complex companies. Many times, threat actors develop very dangerous and effective techniques using tools and technologies in a smart, unattended way. This is the case of a particular cyber criminal group operating cyber intrusion against one of the […]
Poulight Stealer, a new Comprehensive Stealer from Russia
05/07/2020
Introduction Nowadays, info-stealer is one of the most common threats. This category of malware includes famous malware like Azorult, Agent Tesla, and Hawkeye. Infostealer market is one of the most remunerative for cyber criminals, information gathered from infected systems could be resold in the cybercrime underground or used for credential stuffing attacks. Over the last […]