On April 2021, one of the most known Ransomware Gang called Babuk, decided to change the way they ask for ransom: no more double extortion, no more file encryption but just data exfiltration and a later announcement in case of no deal with the victim. It’s a nice move forward for a Ransomware Gang that, […]Read more "Babuk Ransomware: The Builder"
Reverse Engineering is one of the most clear path to study Malware and Threat Attribution, by RE you are intimately observe in the developer mind figuring out techniques and, from time to time, even intents. My current role as a CEO of a mid-sized organization (thousands of people) tries to keep me away from RE, […]Read more "The Allegedly Ryuk Ransomware builder: #RyukJoke"
According to the Yoroi annual cyber security report (available HERE), to Cyber Threat Trends (available HERE) and to many additional resources, Microsoft Office files (Word documents and Excel spreadsheet) are one of the most used malware loaders in the current era. Attackers lure victims, by seducing them to open a specially crafted Office document, which […]Read more "How to Reverse Office Droppers: Personal Notes"
Scenario We are living hard time, many countries all around the world are hit by COVID-19 which happened to be a very dangerous disease. Unfortunately many deaths, thousands of infected people, few breathing equipment, stock burned Billion of dollars and a lot of companies are entering into a economic and financial crisis. Governments are doing […]Read more "Is APT27 Abusing COVID-19 To Attack People ?!"
Introduction During a normal monitoring activity, one of the detection tools hits a suspicious email coming from the validtree.com domain. The domain was protected by a Panama company to hide its real registrant and this condition rang a warning bell on the suspected email so that it required a manual analysis in order to investigate […]Read more "TA-505 Cybercrime on System Integrator Companies"
Introduction During the past few days a cyber attack hit Kudankulam Nuclear Power Plant: the largest nuclear power plant located in the Indian state of Tamil Nadu. The news was announced on Monday October 28 by the Indian strategic infrastructure. In a press release on arstechnica, NPCIL Associate Director A. K. Nema stated, “Identification of […]Read more "Is Lazarus/APT38 Targeting Critical Infrastructures ?"
Introduction Today I’d like to share a quick analysis of an interesting attack targeting precision engineering companies based in Italy. Precision engineering is a very important business market in Europe, it includes developing mechanical equipment for: automotive, railways, heavy industries and military grade technology . The attacker pretended to be a customer and sent to […]Read more "SWEED Targeting Precision Engineering Companies in Italy"
Introduction The group behind Emotet malware is getting smarter and smarter in the way the deliver such a Malware. While the infection schema looks alike from years; the way the group tries to infect victims improves from day to day.Today I’d like to share a quick analysis resulted by a very interesting email which claimed […]Read more "Is Emotet gang targeting companies with external SOC?"
Nowadays one of the most frequent cybersecurity threat comes from Malicious (office) document shipped over eMail or Instant Messaging. Some analyzed threats examples include: Step By Step Office Dropper Dissection, Spreading CVS Malware over Google, Microsoft Powerpoint as Malware Dropper, MalHIDE, Info Stealing: a New Operation in the Wild, Advanced All in Memory CryptoWorm, etc. […]Read more "Frequent VBA Macros used in Office Malware"
From time to time we might observe special Malware storing themselves into a MBR and run during the booting process. Attackers could use this neat technique to infect and to mess-up your disk and eventually asking for a ransom before restoring original disk-configurations (Petya was just one of the most infamous boot-ransomware). But this is […]Read more "Writing Your First Bootloader for Better Analyses"