-
Aug 14, 2024 | 
securelist.com | Dmitry Kalinin |Tatyana Shishkova |Igor Golovin |Roman Dedenok
In late July 2024, we detected a series of ongoing targeted cyberattacks on dozens of computers at Russian government organizations and IT companies. The threat actors infected devices using phishing emails with malicious shortcut attachments. These shortcuts were used to deliver malware that received commands via the Dropbox cloud service.
-
Aug 13, 2024 | 
securelist.com | Tatyana Shishkova |Igor Golovin |Roman Dedenok |Roman Nazarov
For over six years now, Kaspersky’s Global Research and Analysis Team (GReAT) has been sharing quarterly updates on advanced persistent threats (APTs). These summaries draw on our threat intelligence research, offering a representative overview of what we’ve published and discussed in more detail in our private APT reports. They’re designed to highlight the key events and findings that we think people should know about.
-
Aug 12, 2024 | 
securelist.com | Vladislav Tushkanov |Tatyana Shishkova |Igor Golovin |Roman Dedenok
What is prompt injection? Large language models (LLMs) – the neural network algorithms that underpin ChatGPT and other popular chatbots – are becoming ever more powerful and inexpensive. For this reason, third-party applications that make use of them are also mushrooming, from systems for document search and analysis to assistants for academic writing, recruitment and even threat research. But LLMs also bring new challenges in terms of cybersecurity.
-
Aug 5, 2024 | 
securelist.com | Dmitry Kalinin |Tatyana Shishkova |Igor Golovin |Roman Dedenok
In March 2024, we discovered a campaign targeting individuals in Russia with previously unseen Android spyware we dubbed LianSpy. Our analysis indicates that the malware has been active since July 2021. This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications.
-
Aug 1, 2024 | 
securelist.com | Tatyana Shishkova |Igor Golovin |Roman Dedenok |Roman Nazarov
IntroductionCybercriminals who specialize in ransomware do not always create it themselves. They have many other ways to get their hands on ransomware samples: buying a sample on the dark web, affiliating with other groups or finding a (leaked) ransomware variant. This requires no extraordinary effort, as source code is often leaked or published.
-
Sep 13, 2023 | 
securelist.com | Kaspersky ICS CERT |Igor Golovin |Anton Kivva |David Emm
Global threat statisticsIn the first half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from H2 2022 by just 0.3 pp to 34%. That said, he percentage of attacked ICS computers dropped in Q1 2023, but then rose again in Q2 2023, reaching highest quarterly figure since 2022 – 26.8%. The percentage of ICS computers on which malicious objects were blocked varied across countries from 53.3% in Ethiopia to 7.4% in Luxembourg.
-
Sep 8, 2023 | 
securelist.com | Igor Golovin |Eduardo Ovalle |Francesco Figurelli |Tatyana Machneva
A while ago we discovered a bunch of Telegram mods on Google Play with descriptions in traditional Chinese, simplified Chinese and Uighur. The vendor says these are the fastest apps which use a distributed network of data processing centers around the world. What can possibly be wrong with a Telegram mod duly tested by Google Play and available through the official store?
-
Aug 3, 2023 | 
securelist.com | Igor Golovin |Anton Kivva |David Emm |Dmitry Galov
IntroductionThe malware landscape keeps evolving. New families are born, while others disappear. Some families are short-lived, while others remain active for quite a long time. In order to follow this evolution, we rely both on samples that we detect and our monitoring efforts, which cover botnets and underground forums. While doing so, we found new Emotet samples, a new loader dubbed “DarkGate”, and a new LokiBot infostealer campaign.
-
Jul 28, 2023 | 
securelist.com | Alexander Rodchenko |Igor Golovin |Anton Kivva |David Emm
One of the most complex yet effective methods of gaining unauthorized access to corporate network resources is an attack using forged certificates. Attackers create such certificates to fool the Key Distribution Center (KDC) into granting access to the target company’s network. An example of such an attack is the Shadow Credentials technique, which lets an attacker sign in under a user account by modifying the victim’s msDS-KeyCredentialLink attribute and adding an authorization certificate to it.
