Logo
Hamburger Menu Icon
Yoroi Background

Tag: threat

The Russian Shadow in Eastern Europe: Ukrainian MOD Campaign.

Introduction Few days after the publication of our technical article related to the evidence of possible APT28 interference in the Ukrainian elections, we spotted another signal of a sneakier on-going operation. This campaign, instead, seems to be linked to another Russian hacking group: Gamaredon.  The Gamaredon APT was first spotted in 2013 and in 2015, […]

Read More

Ondata di Attacco Ursnif “FATTURA/DOC”

Proto: N04419. Con la presente Yoroi desidera informarLa relativamente ad una recente ondata di attacchi rivolta ad utenti ed organizzazioni italiane. I messaggi di posta fraudolenti intercettati simulano l’invio di documentazione e copia di fatture, tuttavia al loro interno contengono documenti Excel malevoli in grado di infettare la vittima con un impianto malware della famiglia […]

Read More

Nuova Campagna di Attacco sLoad

Proto: N020419. Con la presente Yoroi desidera informarLa relativamente ad una estesa campagna di attacco rivolta ad aziende ed utenze italiane. Le email fraudolente contengono allegati in formato HTML i quali, una volta aperti, invitano allo scaricamento di un archivio compresso capace di infettare la macchina con una pericolosa backdoor della famiglia sLoad, in grado […]

Read More

APT28 and Upcoming Elections: evidence of possible interference

Introduction In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild. This file was uncommon, it seemed carefully prepared and was speaking about who is leading in the elections polls, arguing about the life of the favorite candidate, Volodymyr Zelenskiy, who is defined Servant of the People, along with a strong […]

Read More

Ursnif: The Latest Evolution of the Most Popular Banking Malware

Introduction Few days ago, the researchers of ZLab Yoroi-Cybaze dissected another attack wave of the infamous Ursnif malware, also known as Gozi ISFB, an offspring of the original Gozi which source code was leaked in 2014. Ursnif/Gozi is active from over a decade and was one of the most active malwares listed in 2017 and […]

Read More

The Ursnif Gangs keep Threatening Italy

Introduction The Ursnif trojan confirms itself as one of the most active malware threats in cyberspace, even during the past days, when new attack attempts reached several organization across Italy. Cybaze-Yoroi ZLab teams dissected its infection chain to keep tracking the evolution of this persistent malware threat, analyzing its multiple stages, each one with the […]

Read More

Campagna di Attacco Ransomware

Proto: N070319. Con la presente Yoroi desidera informarLa relativamente ad una pericolosa campagna di attacco rivolta ad aziende italiane. Le email intercettate sono appositamente curate per ingannare i malcapitati destinatari simulando l’invio di candidature spontanee per posizioni vacanti. Il documento Office in allegato contiene però codice macro in grado di infettare la macchina bersaglio con […]

Read More

The Document that Eluded AppLocker and AMSI

Introduction Few days ago, during intel sources monitoring operation, the Cybaze-Yoroi ZLAB team encountered an interesting Office document containing some peculiarities required a deeper analysis: its payload includes techniques suitable to bypass modern Microsoft security mechanisms such as AppLocker, the application whitelisting security feature in place in well-configured Windows OSes, and the newer Anti-Malware Scan […]

Read More

Campagna di Attacco Ursnif in Corso

Proto: N050319. Con la presente Yoroi desidera informarLa relativamente ad una emergente ondata di attacchi rivolta ai danni di organizzazioni ed utenze italiane. I messaggi di posta intercettati contengono documenti Excel malevoli in grado di evadere sistemi perimetrali ed analisi comportamentali, effettuano infatti controlli su configurazioni locali presenti sulla macchina bersaglio prima dell’avvio della catena […]

Read More

Torrent Risks: an Analysis

Digital media sharing is one of the most relevant phenomena since the advent of the internet. During the 80’s and 90’s, with the rapid growth the Internet, people around the world started sharing digital stuff protected by copyright, through particular communication protocols and programs such as FTP, IRC, etc. At the time, only a few […]

Read More

Apex Legends for Android: a Fake App could Compromise your Smartphone

Introduction At the beginning of 2019, Electronic Arts released a game for PC, XBox One and Playstation 4 named Apex Legends. It is a battle royal game like Titanfall and Fortnite, the latter is the direct competitor in the battle royale gaming panorama. The game has achieved great success in the gamers community with 25 […]

Read More

Campagna di Attacco “Scarica il documento”

Proto: N020319. Con la presente Yoroi desidera informarLa relativamente al recente rilievo di una nuova ondata di attacchi mirata al panorama cibernetico italiano, numerose email fraudolente contenenti link malevoli sono state intercettate negli ultimi giorni. I messaggi tentano di simulare comunicazioni provenienti da avvocati i quali invitano allo scaricamento di copie digitali di documenti legali […]

Read More
1 3 4 5 6 7 16
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram