Hamburger Menu Icon
Yoroi Background

Tag: malware

Campagna di Attacco “Agenzia Entrate”

Proto: N060620. Con la presente Yoroi desidera informarla riguardo al rilevamento di una estensiva campagna di attacco ai danni di utenti e organizzazioni italiane. Le email fraudolente simulano comunicazioni da parte di Agenzia Entrate che invitano le vittime a prendere visione del documento allegato alla comunicazione ed a non inoltrarla ad altri soggetti.  Figura. Esempio […]

Read More

New Cyber Operation Targets Italy: Digging Into the Netwire Attack Chain

Introduction Info stealer malware confirms to be one of the most adopted weapons of cyber actors. One of them is Netwire (MITRE S0198), a multiplatform remote administration tool (RAT) that has been used by criminals and espionage groups at least since 2012. During our Cyber Threat Intelligence monitoring we spotted a particular Office document weaponized […]

Read More

Himera and AbSent-Loader Leverage Covid19 Themes

 Introduction During our Cyber Defense monitoring activities we intercepted waves of incoming emails directed to many companies under our protective umbrella. These messages were leveraging FMLA (Family and Medical Leave Act) requests related to the ongoing CoronaVirus pandemics. These emails were weaponized with two versatile cyber-criminal tools: Himera and Absent-Loader.   Figure1: Email vector example Loaders […]

Read More

Cyber-Criminal espionage Operation insists on Italian Manufacturing

Introduction During our Cyber Threat Intelligence monitoring we spotted new malicious activities targeting some Italian companies operating worldwide in the manufacturing sector, some of them also part of the automotive production chain. The group behind this activity is the same we identified in the past malicious operations described in Roma225 (12/2018), Hagga (08/2019), Mana (09/2019), […]

Read More

Poulight Stealer, a new Comprehensive Stealer from Russia

Introduction Nowadays, info-stealer is one of the most common threats. This category of malware includes famous malware like Azorult, Agent Tesla, and Hawkeye. Infostealer market is one of the most remunerative for cyber criminals, information gathered from infected systems could be resold in the cybercrime underground or used for credential stuffing attacks. Over the last […]

Read More

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Introduction During our daily monitoring activities, we intercepted a singular Linux malware trying to penetrate the network of some of our customers. The Linux malware is the well-known “Shellbot”, it is a crimetool belonging to the arsenal of a threat actor tracked as the “Outlaw Hacking Group.” The Outlaw Hacking Group was first spotted by […]

Read More

Ondate di Attacco sLoad Tramite PEC

Proto: N050420. Con la presente Yoroi desidera informarla riguardo alla recente scoperta di ondate di attacco dirette ad utenze ed organizzazioni italiane. Le email fraudolente sono recapitate alle caselle di posta elettronica certificata (PEC) ed invitano la vittima all’apertura di un archivio zip ad esse allegato. Al suo interno, è presente un documento PDF corrotto […]

Read More

A Brand New Ursnif/ISFB Campaign Targets Italian Organizations

Introduction Ursnif is one of the most and widespread threats, it is delivered through malspam campaigns aimed at multiple industries across Italy and Europe.   Recently, we have identified a new variant that is targeting Italian organizations. The malspam messages use attachments with subjects like “Avviso di Pagamento_xxxx_date” where xxxx is a number and date is […]

Read More

Ursnif Campaign Targets Italy with a New Infection Chain

Introduction Ursnif is one of the most and widespread common threats today delivered through malspam campaigns. It appeared on the threat landscape about 13 years ago and gained its popularity since 2014 when its source code was leaked online giving the opportunity to several threat actors to develop their own version. For months, Italian users […]

Read More

The North Korean Kimsuky APT keeps threatening South Korea evolving its TTPs

Introduction Recently we have observed a significant increase in state-sponsored operations carried out by threat actors worldwide. APT34, Gamaredon, and Transparent Tribe are a few samples of the recently uncovered campaigns, the latter was spotted after four years of apparent inactivity. Cybaze-Yoroi ZLab decided to study in depth a recent threat attributed to a North Korean APT dubbed Kimsuky. […]

Read More

New Cyber Attack Campaign Leverages the COVID-19 Infodemic

Introduction Nowadays, it is common to say that the physical world and the cyber world are strictly connected. The proof is the leverage of the current physical threat, the CoronaVirus, as a social engineering trick to infect the cyber world. It is not new for cyber-crooks to exploit social phenomena to spread malware in order […]

Read More

Transparent Tribe: Four Years Later

Introduction Operation Transparent Tribe was first spotted by Proofpoint Researchers in Feb 2016, in a series of espionages operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. At that time, the researchers tracked the sources IP in Pakistan, the attacks were part of a wider operation that relies on multi vector such […]

Read More
1 2 3 14
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram