Ursnif reloaded: tracing the latest trojan campaigns

On the 9th of October our customers started reporting the same kind of incident over the span of a few hours. The identified activity appears to be linked to the banking Trojan Ursnif, a long active malware, whose roots can be traced back to 2007 together with ZeuS and SpyEye, still with strong infection capabilities in each of its campaigns. The attack vector was a malicious email with a Word document attached.
Continue reading “Ursnif reloaded: tracing the latest trojan campaigns”

A dive into MuddyWater APT targeting Middle-East

MuddyWater is a threat actor that caught our attention for their extensive use of “Living off the Land” attacks in a targeted campaign aimed at the Middle East. During our investigation we reconstruct the evolution of the vectors used and how the group operates to  target their victims, evade detections and move laterally inside the compromised infrastructures.
Continue reading “A dive into MuddyWater APT targeting Middle-East”