APT43: An investigation into the North Korean group’s cybercrime operations
Introduction As recently reported by our Mandiant’s colleagues, APT43 is a threat actor believed to be associated with North Korea. APT43’s main targets include governmental institutions, research groups, think tanks, business services, and the manufacturing sector, with most victims located in the United States and South Korea. The group uses a variety of techniques and […] more…IT threat evolution Q3 2021
IT threat evolution Q3 2021 IT threat evolution in Q3 2021. PC statistics IT threat evolution in Q3 2021. Mobile statistics Targeted attacks WildPressure targets macOS Last March, we reported a WildPressure campaign targeting industrial-related entities in the Middle East. While tracking this threat actor in spring 2021, we discovered a newer version. It contains […] more…Extracting type information from Go binaries
During the 2021 edition of the SAS conference, I had the pleasure of delivering a workshop focused on reverse-engineering Go binaries. The goal of the workshop was to share basic knowledge that would allow analysts to immediately start looking into malware written in Go. A YouTube version of the workshop was released around the same […] more…How we protect our users against the Sunburst backdoor
What happened SolarWinds, a well-known IT managed services provider, has recently become a victim of a cyberattack. Their product Orion Platform, a solution for monitoring and managing their customers’ IT infrastructure, was compromised by threat actors. This resulted in the deployment of a custom Sunburst backdoor on the networks of more than 18,000 SolarWinds customers, […] more…Sunburst: connecting the dots in the DNS requests
On December 13, 2020 FireEye published important details of a newly discovered supply chain attack. An unknown attacker, referred to as UNC2452 or DarkHalo planted a backdoor in the SolarWinds Orion IT software. This backdoor, which comes in the form of a .NET module, has some really interesting and rather unique features. We spent the […] more…More information
- New backdoor worm found attacking websites running Apache Tomcat
- Akamai: Look for IoT devices to attack during Thanksgiving, Christmas
- Colonial Pipeline hackers received $90 million in bitcoin before shutting down
- 4 Fashionable Sweaters for Winter and Mid-season
- Security heavyweights to keynote #HITB2013KUL in Malaysia
- Vulnerability & Patch Roundup — February 2025
- Hackers target Yahoo users in Singapore: SingCert
- McAfee 2023 Threat Predictions: Evolution and Exploitation
- Contact Form in ScholarSphere is not emailing
- Microsoft Introduces Free Source Code Analyzer