• 31 July 2019
    Taste of Topinambour: Turla hacking group hides malware in anti-internet censorship software
    Kaspersky researchers have discovered that the Russian-speaking threat actor Turla has revamped its toolset: wrapping its famous JavaScript KopiLuwak malware in a new dropper called Topinambour, creating two similar versions in other languages, and distributing its malware through infected installation packs for software that circumvents internet censorship, among others. Researchers believe these measures are designed to minimize detection and precision target victims. Topinambour was spotted in an operation against government entities at the start of 2019.
  • 25 March 2019
    Operation ShadowHammer: new supply chain attack threatens hundreds of thousands of users worldwide
    Kaspersky Lab has uncovered a new advanced persistent threat (APT) campaign that has affected a large number of users through what is known as a supply chain attack. Our research found that threat actors behind Operation ShadowHammer have targeted users of the ASUS Live Update Utility, by injecting a backdoor into it at least between June and November 2018. Kaspersky Lab experts estimate that the attack may have affected more than a million users worldwide.
  • 13 March 2019
    Kaspersky Lab uncovers Windows zero-day exploited by recently discovered threat actor
    Kaspersky Lab’s automated technologies have detected a new exploited vulnerability in Microsoft Windows, believed to have been used in targeted attacks by at least two threat actors, including the recently discovered SandCat. This is the fourth zero-day exploit to be discovered in the wild by Kaspersky Lab’s Automatic Exploit Prevention technology. Kaspersky Lab reported the vulnerability, allocated CVE-2019-0797 to Microsoft, which has released a patch.
  • 6 March 2019
    The number of mobile malware attacks doubles in 2018, as cybercriminals sharpen their distribution strategies
    Kaspersky Lab researchers have seen the number of attacks using malicious mobile software nearly double in just a year. In 2018 there were 116.5 million attacks, compared to 66.4 million in 2017, with a significant increase in unique users being affected. Despite more devices being attacked, the number of malware files has decreased, leading researchers to conclude that the quality of mobile malware has become more impactful and precise. These and other findings are unveiled in Kaspersky Lab's report Mobile malware evolution 2018.
  • 1 February 2019
    Chafer cyberespionage group targets embassies with updated homebrew spyware
    Kaspersky Lab researchers have detected multiple attempts to infect foreign diplomatic entities in Iran with homebrew spyware. The attacks appear to be using an updated Remexi backdoor. Several legitimate tools were also used during the campaign. The Remexi backdoor is linked to a suspected Farsi-speaking cyberespionage group known as Chafer, previously associated with the cyber-surveillance of individuals in the Middle East. The targeting of embassies could suggest a new focus for the group.
  • 24 January 2019
    Kaspersky Lab Discovers Two Notorious Russian-Speaking Hacking Groups Sharing Infrastructure
    Kaspersky Lab experts have identified an overlap in cyberattacks carried out by two infamous threat actors — GreyEnergy, which is believed to be a successor of BlackEnergy, and the Sofacy cyberespionage group. The researchers found that both actors used the same servers simultaneously, but used them for different purposes.
  • 17 December 2015
    Kaspersky Lab’s New Malware Count Falls by 15,000 a Day in 2015, as Cybercriminals Look to Save Money
    According to Kaspersky Lab, 2015 marked the moment when demand for new malicious programs reached saturation point, as the number of new malware files detected every day by its products fell by 15,000, from 325,000 in 2014 to 310,000. Kaspersky Lab’s experts believe this is mainly due to the fact that coding new malware is expensive and cybercriminals have realized that they can get equally good results using intrusive advertising programs or legitimate digital signatures in their attacks. This approach appears to be working, as results show that despite the cost-cutting in malware creation, in 2015 the number of users attacked by cybercriminals increased by 5%.