• 18 May 2020
    New spying Trojan targets diplomatic entities in Europe via spoofed visa application
    In November 2019, Kaspersky technologies revealed new malware with a focus on diplomatic bodies in Europe, with the initial dropper spread as a spoofed visa application. Further analysis has indicated that this spyware uses the same code base as the infamous COMPFun. Spyware focuses on propagating across the victims’ devices to collect and transmit data to the actor. It is widely used by various APTs and its danger is equal to the selected victimology: be it government or critical infrastructure segments, harvested information could pose a great value to the malware operators and bring many changes to the affected landscape. The detected malware has strong code similarities with COMPFun, first reported in 2014. In 2019, the industry already witnessed it successor, Reductor. The new Trojan’s functions include the ability to acquire the target’s geolocation, gather host- and network-related data, keylogging and screenshots.
  • 3 January 2020
    Kaspersky finds zero-day exploit in Windows OS used in targeted attack
    Kaspersky automated detection technologies have found a Windows zero-day vulnerability. The exploit based on this vulnerability allowed attackers to gain higher privileges on the attacked machine and avoid protection mechanisms in the Google Chrome browser. The newly discovered exploit was used in the malicious WizardOpium operation.
  • 31 July 2019
    Taste of Topinambour: Turla hacking group hides malware in anti-internet censorship software
    Kaspersky researchers have discovered that the Russian-speaking threat actor Turla has revamped its toolset: wrapping its famous JavaScript KopiLuwak malware in a new dropper called Topinambour, creating two similar versions in other languages, and distributing its malware through infected installation packs for software that circumvents internet censorship, among others. Researchers believe these measures are designed to minimize detection and precision target victims. Topinambour was spotted in an operation against government entities at the start of 2019.
  • 25 March 2019
    Operation ShadowHammer: new supply chain attack threatens hundreds of thousands of users worldwide
    Kaspersky Lab has uncovered a new advanced persistent threat (APT) campaign that has affected a large number of users through what is known as a supply chain attack. Our research found that threat actors behind Operation ShadowHammer have targeted users of the ASUS Live Update Utility, by injecting a backdoor into it at least between June and November 2018. Kaspersky Lab experts estimate that the attack may have affected more than a million users worldwide.
  • 13 March 2019
    Kaspersky Lab uncovers Windows zero-day exploited by recently discovered threat actor
    Kaspersky Lab’s automated technologies have detected a new exploited vulnerability in Microsoft Windows, believed to have been used in targeted attacks by at least two threat actors, including the recently discovered SandCat. This is the fourth zero-day exploit to be discovered in the wild by Kaspersky Lab’s Automatic Exploit Prevention technology. Kaspersky Lab reported the vulnerability, allocated CVE-2019-0797 to Microsoft, which has released a patch.
  • 6 March 2019
    The number of mobile malware attacks doubles in 2018, as cybercriminals sharpen their distribution strategies
    Kaspersky Lab researchers have seen the number of attacks using malicious mobile software nearly double in just a year. In 2018 there were 116.5 million attacks, compared to 66.4 million in 2017, with a significant increase in unique users being affected. Despite more devices being attacked, the number of malware files has decreased, leading researchers to conclude that the quality of mobile malware has become more impactful and precise. These and other findings are unveiled in Kaspersky Lab's report Mobile malware evolution 2018.
  • 1 February 2019
    Chafer cyberespionage group targets embassies with updated homebrew spyware
    Kaspersky Lab researchers have detected multiple attempts to infect foreign diplomatic entities in Iran with homebrew spyware. The attacks appear to be using an updated Remexi backdoor. Several legitimate tools were also used during the campaign. The Remexi backdoor is linked to a suspected Farsi-speaking cyberespionage group known as Chafer, previously associated with the cyber-surveillance of individuals in the Middle East. The targeting of embassies could suggest a new focus for the group.