Tracking PhishingKits for Hunting APT Evolution

Advanced and Persistent Threats are often inoculated by emails or by exploiting exposed vulnerabilities. Since vulnerability exploitation follows specific waves, it depends on vulnerability trends, the email vector become one of the most (ab)used and stable way to inoculate Malicious and unwanted software. A common way to attack victims is to make her open an […]

Read more "Tracking PhishingKits for Hunting APT Evolution"

Is APT27 Abusing COVID-19 To Attack People ?!

Scenario We are living hard time, many countries all around the world are hit by COVID-19 which happened to be a very dangerous disease. Unfortunately many deaths, thousands of infected people, few breathing equipment, stock burned Billion of dollars and a lot of companies are entering into a economic and financial crisis. Governments are doing […]

Read more "Is APT27 Abusing COVID-19 To Attack People ?!"

Iranian Threat Actors: Preliminary Analysis

Nowadays Iran’s Cybersecurity capabilities are under microscope, many news sites, gov. agencies and security experts warn about a possible cybersecurity infiltration from Iranian government and alert to increase cybersecurity defensive levels. Today I want to share a quick and short study based on cross correlation between MITRE ATT&CK and Malpedia about some of the main […]

Read more "Iranian Threat Actors: Preliminary Analysis"

TA-505 Cybercrime on System Integrator Companies

Introduction During a normal monitoring activity, one of the detection tools hits a suspicious email coming from the validtree.com domain. The domain was protected by a Panama company to hide its real registrant and this condition rang a warning bell on the suspected email so that it required a manual analysis in order to investigate […]

Read more "TA-505 Cybercrime on System Integrator Companies"

Is Lazarus/APT38 Targeting Critical Infrastructures ?

Introduction During the past few days a cyber attack hit Kudankulam Nuclear Power Plant: the largest nuclear power plant located in the Indian state of Tamil Nadu. The news was announced on Monday October 28 by the Indian strategic infrastructure. In a press release on arstechnica, NPCIL Associate Director A. K. Nema stated, “Identification of […]

Read more "Is Lazarus/APT38 Targeting Critical Infrastructures ?"