Tag: cybercrime

Introduction Recently, our ZLab research team published a detailed analysis of the LooCipher ransomware, a new malware threat that spreads using weaponized Word document and abuses ToR network proxy services to reach its command and control servers. Cybaze-Yoroi ZLab team further analyzed this threat and defeated it releasing a free decryptor for LooCipher victims. Encryption Details According […]

Proto: N010719. Con la presente Yoroi desidera informarLa riguardo al recente rilevamento di una nuova campagna di attacco in corso ai danni di Organizzazioni ed Aziende italiane. Le email malevole simulano invii di documenti contabili, fatture o solleciti di pagamento, al loro interno tuttavia sono presenti allegati in grado di infettare la macchina vittima con […]

Introduction In the last period we observed an increase of the malware spreading using less-known archive types as initial dropper, in particular ISO image. The spread of threats exploiting ISO image to hide themselves is helped by the Windows functionality, introduced since Windows 8, which allows the user to easily mount this file type through […]

Introduction A new Ransomware began to threats the digital world. This time using a nice but scary name: LooCipher. The name is at the same time an allusion to its capabilities (thank to the term “Cipher”) and to the popular religious figure, Lucifer. Despite its evocative nickname, the functionalities of this malware are pretty straight […]

Introduction Historically, cyber-criminals adopted one or more layers of encryption and obfuscation to lower their footprint and avoid detection. The usage of cryptors and packers has become a commodity in the contemporary malware landscape, providing the so called “FUD” (Fully UnDetectable) capabilities to malicious code and allowing the outsourcing of the payload hiding. The CSDC […]

Introduction For months the Italian users have been targeted by waves of malspam delivering infamous Ursnif variants. Yoroi-Cybaze ZLab closely observed these campaigns and analyzed them to track the evolution of the techniques and the underlined infection chain, noticing an increasing sophistication. For instance the latest waves increased their target selectivity abilities by implementing various […]

Proto: N040619. Con la presente Yoroi desidera informarLa riguardo al recente rilevamento di una pericolosa campagna di attacco ai danni di Organizzazioni ed Aziende italiane. L’ondata di email fraudolente simula l’invio di documenti di fatturazione verso le caselle di Posta Elettronica Certificata aziendali. All'interno di questi messaggi sono presenti link volti allo scaricamento di file […]

Proto: N010619. Con la presente Yoroi desidera informarLa relativamente al recente rilevamento di pericolose ondate di attacco ai danni di Utenti ed Organizzazioni italiane. I messaggi di posta fraudolenti tentano di simulare comunicazioni di carattere legale, relative ad invii di documenti e notifiche di comparizione. All’interno delle email sono presenti archivi compressi protetti da password […]

Introduction In the last few days, during monitoring activities, Yoroi CERT noticed a suspicious attack against an Italian organization. The malicious email contains a highly suspicious sample which triggered the ZLAB team to investigate its capabilities and its possible attribution, discovering a potential expansion of the TA505 operation. The threat group is also known for […]

Introduction During the last month our Threat Intelligence surveillance team spotted increasing evidence of an operation intensification against the Banking sector. In fact, many independent researchers pointed to a particular email attack wave probably related to the known TA505 hacking group, active since 2014 and focusing on Retail and Banking companies. The group is also […]

In 2018 cyber-security experts observed an increased number of cyber attacks, malware endure to be the most aggressive and pervasive threat. For this reason, analyzing the last year occurred events would help cyber-security professionals to prevent further attacks during the next few months. In many cases the attacks reached a very high sophistication levels, both […]

Proto: N020519. Con la presente Yoroi desidera informarLa relativamente ad una pericolosa campagna di attacco in corso ai danni di Organizzazioni italiane. Sono state infatti intercettate email dirette a caselle di Posta Elettronica Certificata (PEC) contenenti allegati infetti. I messaggi tentano di ingannare l’utente simulando comunicazioni legate a problematiche amministrative, tuttavia al loro interno sono […]