Category: SAS | Securelist

Ransomware’s popularity has attracted the attention of cybercriminal gangs; they use these malicious programs in targeted attacks on large organizations in order to steal money. In late 2016, we detected an increase in the number of attacks, the main goal of which was to launch an encryptor on an organization’s network nodes and servers.

Subscribe

Reports

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack.

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

SAS

Ransomware in targeted attacks

ATMitch: remote administration of ATMs

Lazarus Under The Hood

Penquin’s Moonlit Maze

Top 8 Reasons You Don’t Want to Miss SAS 2017

Dissecting Malware

How to succeed in online investigations and digital forensics

How to hunt for rare malware

Caribbean scuba diving with IT-security in mind

Experts: what ATM jackpotting malware is

Congratulations, you’ve won! The reality behind online lotteries

Keyloggers: How they work and how to detect them (Part 1)

Scammers’ delivery service: exclusively dangerous

Subscribe

Reports

The SessionManager IIS backdoor

APT ToddyCat

WinDealer dealing on the side

APT trends report Q1 2022

Subscribe to our weekly e-mails