All publications

In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor.

Loading...

Dec
Nov
Oct
Sep
Aug
Jul
Jun
May
Apr
Mar
Feb
Jan

Authors Categories Tags

Subscribe

Reports

In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor.

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack.

Archive

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

Luna and Black Basta — new ransomware for Windows, Linux and ESXi

Text-based fraud: from 419 scams to vishing

Dynamic analysis of firmware components in IoT devices

The SessionManager IIS backdoor

The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs

APT ToddyCat

‘Unpacking’ technical attribution and challenges for ensuring stability in cyberspace

How much does access to corporate infrastructure cost?

Router security in 2021

CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction

WinDealer dealing on the side

IT threat evolution in Q1 2022. Mobile statistics

IT threat evolution Q1 2022

IT threat evolution in Q1 2022. Non-mobile statistics

Congratulations, you’ve won! The reality behind online lotteries

Keyloggers: How they work and how to detect them (Part 1)

Scammers’ delivery service: exclusively dangerous