Alexander Rodchenko

Aug 14, 2023 | securelist.com | Olga Svistunova |Alexander Rodchenko |Francesco Figurelli |Eduardo Ovalle

Phishers want their fake pages to cost minimum effort but generate as much income as possible, so they eagerly use various tools and techniques to evade detection, and save time and money. Examples include automation with phishing kits or Telegram bots. Another tactic, popular with scammers big and small, phishers included, is hacking websites and placing malicious content on those, rather than registering new domains.

Jul 28, 2023 | securelist.com | Alexander Rodchenko |Igor Golovin |Anton Kivva |David Emm

One of the most complex yet effective methods of gaining unauthorized access to corporate network resources is an attack using forged certificates. Attackers create such certificates to fool the Key Distribution Center (KDC) into granting access to the target company’s network. An example of such an attack is the Shadow Credentials technique, which lets an attacker sign in under a user account by modifying the victim’s msDS-KeyCredentialLink attribute and adding an authorization certificate to it.

Jun 7, 2023 | securelist.com | David Emm |Alexander Rodchenko |Francesco Figurelli |Eduardo Ovalle

IT threat evolution in Q1 2023IT threat evolution in Q1 2023. Non-mobile statisticsIT threat evolution in Q1 2023. Mobile statisticsTargeted attacksAt the close of 2022, we reported the recent activities of BlueNoroff, a financially motivated threat actor known for stealing cryptocurrency. The threat actor typically exploits Word documents, using shortcut files for the initial intrusion. However, recently the group has adopted new methods to deliver its malware.