Is Hagga Threat Actor (ab)using FSociety framework ?

Introduction Today I’d like to share a quick analysis initiated during a threat hunting process. The first observable was found during hunting process over OSINT sources, the entire infrastructure was still up and running during the analyses as well as malicious payload were downloadable. Analysis My first observable was a zipped text file compressing a […]

Read more "Is Hagga Threat Actor (ab)using FSociety framework ?"

DiskKill/HermeticWiper and NotPetya (Dis)similarities

Many security researchers, professional cybersecurity analysts and cybsec organizations realized great analyses on DiskKill (HermeticWiper), some of my favorite are HERE, HERE and HERE. Today what I’d like to do, is to focus on specific HermeticWiper characteristics and looking for similarities (or differences) to another similar (and well known) cyber attack happened in Ukraine few […]

Read more "DiskKill/HermeticWiper and NotPetya (Dis)similarities"