Hamburger Menu Icon
Yoroi Background

Tag: malware

Financial Institutions in the Sight of New JsOutProx Attack Waves

Introduction  When threat actors evolve, their tools do so. Observing the evolution of the threats we track during our cyber defense operations is part of what we do to secure our customers. Back in 2019, the Yoroi’s Malware ZLAB unit discovered a complete new malware implant named “JsOutProx” (TH-264), a complex JavaScript-based RAT used to attack financial institutions in the APAC area.   In the last two years, the evolution of this implant was clear. After our initial discovery, many security research teams started monitoring this elusive […]

Read More

The "WayBack” Campaign: a Large Scale Operation Hiding in Plain Sight

Introduction  Tracking threat actors in the long run is a fundamental part of the cyber threat intelligence program we run at Yoroi, few years ago we began monitoring a particular actor who started offensive operations even in the Italian landscape: Aggah (TH-157), who launched malicious campaign such as the  Roma225 and the RG ones against the Italian manufacturing vertical. At that time, even UNIT42 was closely monitoring that actor, unveiling a large scale operation threatening also United States, Europe and Asia.  The recent operation we tracked was designed […]

Read More

Ransomware micro-criminals are still out here (and growing)

Introduction  Ransomware confirms to be one of the most pervasive threats of the last years. We saw during these last years the infamous phenomenon of Double Extorsion, where well-organized cyber-criminal groups perform highly sophisticated red team operations to achieve the highest level of privileges inside the perimeter of victim networks and, before releasing the ransomware, they steal all the sensitive data to extort the target the payment […]

Read More

Threatening within Budget: How WSH-RAT is abused by Cyber-Crooks

Introduction Nowadays malware attacks work like a complex industry based on their own supply chains, data providers, access brokers and craftsmen developing and maintaining intrusion tools. During our monitoring operations we frequently face malware samples based on known families and code-bases, mangled and then used to conduct even more sophisticated attacks.  Recently, we intercepted a […]

Read More

Yes, Cyber Adversaries are still using Formbook in 2021

Introduction Cyber criminals are always looking for new ways to infiltrate companies, new techniques, or maybe only creative arrangement of known tricks to achieve their objective. In some of our previous blog posts, we documented how cyber criminals are investing their efforts on creating more and sophisticated code protectors to hide malicious software, and in […]

Read More

Opening “STEELCORGI”: A Sophisticated APT Swiss Army Knife

Introduction 2020 was a really intense year in terms of APT activities, in fact it brought us new evidence of sophisticated campaigns targeting Enterprises organization across Europe and also Italy. In particular the threat group we track as TH-239, also mentioned as UNC1945 by FireEye security researchers, has been one of the sneakiest.  We discussed […]

Read More

Attacchi Emergenti a Firmware UEFI/BIOS

Proto: N041220. Con la presente Yoroi intende informarla riguardo un nuovo trend di attacco verso firmware UEFI/BIOS. Questa tecnica di attacco fa uso di appositi strumenti e codici finalizzati a leggere, scrivere o cancellare il firmware UEFI/BIOS di un dispositivo.  Questa tipologia di attacco era in passato limitata a scenari di attacco avanzati filo governativi, […]

Read More

Shadows From the Past Threaten Italian Enterprises

Introduction The modern cyber threat landscape hides nasty surprises for companies, especially for the most structured and complex companies. Many times, threat actors develop very dangerous and effective techniques using tools and technologies in a smart, unattended way.  This is the case of a particular cyber criminal group operating cyber intrusion against one of the […]

Read More

Nuove Campagne di Attacco Quakbot

Proto: N030920. Con la presente Yoroi desidera informarla riguardo ad una nuova campagna di attacco diretta ad utenze e aziende italiane. Gli attacchi si manifestano tramite messaggi di posta fraudolenti che simulano risposte a comunicazioni reali, ingannando l’utente vittima.  Le email contengono un allegato in formato archivio ZIP contenente un file Excel di tipo binario […]

Read More

Campagna di Attacco “Previdenza Sociale”

Proto: N050820. Con la presente Yoroi desidera informarla riguardo ad una nuova campagna di attacco diretta ad utenze e aziende italiane. Gli attacchi si manifestano tramite messaggi di posta fraudolenti che simulano comunicazioni da parte dell’INPS contenenti un documento Excel infetto in grado di scaricare ed installare un impianto malware della famiglia Ursnif (TH-124). I […]

Read More

Campagna di Attacco “Agenzia Entrate”

Proto: N060620. Con la presente Yoroi desidera informarla riguardo al rilevamento di una estensiva campagna di attacco ai danni di utenti e organizzazioni italiane. Le email fraudolente simulano comunicazioni da parte di Agenzia Entrate che invitano le vittime a prendere visione del documento allegato alla comunicazione ed a non inoltrarla ad altri soggetti.  Figura. Esempio […]

Read More

New Cyber Operation Targets Italy: Digging Into the Netwire Attack Chain

Introduction Info stealer malware confirms to be one of the most adopted weapons of cyber actors. One of them is Netwire (MITRE S0198), a multiplatform remote administration tool (RAT) that has been used by criminals and espionage groups at least since 2012. During our Cyber Threat Intelligence monitoring we spotted a particular Office document weaponized […]

Read More
1 2 3 15
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram