Fileless Malware Attacks

Hunting Fileless Malware: Invisible but not Undetected

Fileless malware attacks are a growing concern in cyber-security with an interesting history that dates back to 2001. After remaining almost silent for several years, this type of threat began to gain fresh traction in 2014 with new concepts introduced at a fast pace. Today such attacks are so common that new strategies had to be developed to identify and contain them.
Continue reading “Hunting Fileless Malware: Invisible but not Undetected”

Silence group targeting Russian Banks via Malicious CHM

In November 2018 we followed up on a tweet mentioning a potential malicious code disseminated in CHM (Microsoft Compiled HTML Help). A preliminary analysis caught the attention of our Threat Analysis and Intelligence team as it yielded interesting data that, among other things, shows that the attack campaign was targeting employees from financial entities, specifically in the Russian Federation and the Republic of Belarus. We conclude that the actor behind the attack is Silence group, a relatively new threat actor that’s been operating since mid-2016. Continue reading “Silence group targeting Russian Banks via Malicious CHM”

Ursnif reloaded: tracing the latest trojan campaigns

On the 9th of October our customers started reporting the same kind of incident over the span of a few hours. The identified activity appears to be linked to the banking Trojan Ursnif, a long active malware, whose roots can be traced back to 2007 together with ZeuS and SpyEye, still with strong infection capabilities in each of its campaigns. The attack vector was a malicious email with a Word document attached.
Continue reading “Ursnif reloaded: tracing the latest trojan campaigns”

A dive into MuddyWater APT targeting Middle-East

MuddyWater is a threat actor that caught our attention for their extensive use of “Living off the Land” attacks in a targeted campaign aimed at the Middle East. During our investigation we reconstruct the evolution of the vectors used and how the group operates to  target their victims, evade detections and move laterally inside the compromised infrastructures.
Continue reading “A dive into MuddyWater APT targeting Middle-East”