Introduction Information sharing is one of the most important activity that cybersecurity researchers do on daily basis. Thanks to “infosharing” activities it is possible to block or, in specific cases, to prevent cyber attacks. Most of the infosharing activities involved in cybersecurity are mostly focused on Indicator of Compromise such as: URL, IPs, Domains and […]Read more "Cyber Threat Trends Dashboard"
Nowadays Iran’s Cybersecurity capabilities are under microscope, many news sites, gov. agencies and security experts warn about a possible cybersecurity infiltration from Iranian government and alert to increase cybersecurity defensive levels. Today I want to share a quick and short study based on cross correlation between MITRE ATT&CK and Malpedia about some of the main […]Read more "Iranian Threat Actors: Preliminary Analysis"
APT28 is a well known Russian cyber espionage group attributed, with a medium level of confidence, to Russian military intelligence agency GRU (by CrowdStrike). It is also known as Sofacy Group (by Kaspersky) or STRONTIUM (by Microsoft) and it’s used to target Aereospace, Defence, Governmente Agencies, International Organizations and Media. Today I’d like to share […]Read more "APT28 Attacks Evolution"
One year ago I decided to invest in static Malware Analysis automation by setting up a full-stack environment able to grab samples from common opensources and to process them by using Yara rules. I mainly decided to offer to cybersecurity community a public dataset of pre-processed analyses and let them be “searchable” offering PAPI and […]Read more "After 1 Million of Analyzed Samples"
Introduction During a normal monitoring activity, one of the detection tools hits a suspicious email coming from the validtree.com domain. The domain was protected by a Panama company to hide its real registrant and this condition rang a warning bell on the suspected email so that it required a manual analysis in order to investigate […]Read more "TA-505 Cybercrime on System Integrator Companies"
Introduction During the past few days a cyber attack hit Kudankulam Nuclear Power Plant: the largest nuclear power plant located in the Indian state of Tamil Nadu. The news was announced on Monday October 28 by the Indian strategic infrastructure. In a press release on arstechnica, NPCIL Associate Director A. K. Nema stated, “Identification of […]Read more "Is Lazarus/APT38 Targeting Critical Infrastructures ?"
Introduction Today I’d like to share a quick analysis of an interesting attack targeting precision engineering companies based in Italy. Precision engineering is a very important business market in Europe, it includes developing mechanical equipment for: automotive, railways, heavy industries and military grade technology . The attacker pretended to be a customer and sent to […]Read more "SWEED Targeting Precision Engineering Companies in Italy"
Introduction The group behind Emotet malware is getting smarter and smarter in the way the deliver such a Malware. While the infection schema looks alike from years; the way the group tries to infect victims improves from day to day.Today I’d like to share a quick analysis resulted by a very interesting email which claimed […]Read more "Is Emotet gang targeting companies with external SOC?"
Nowadays one of the most frequent cybersecurity threat comes from Malicious (office) document shipped over eMail or Instant Messaging. Some analyzed threats examples include: Step By Step Office Dropper Dissection, Spreading CVS Malware over Google, Microsoft Powerpoint as Malware Dropper, MalHIDE, Info Stealing: a New Operation in the Wild, Advanced All in Memory CryptoWorm, etc. […]Read more "Frequent VBA Macros used in Office Malware"
During the early 2000s in private chats or even in public IRC channels, self-styled “hackers” used to DOX people in order to prove their competence in “dark arts” (cit. Proceedings of the 39th SIGCSE). I always was fascinated by those guys that with few information such as an email address or a nickname were able […]Read more "DOXing in 2019"