Black Kingdom ransomware | Securelist- Tempemail

Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability (CVE-2021-27065). The complexity and sophistication of the Black Kingdom family cannot bear a comparison with other Ransomware-as-a-Service (RaaS) Continue Reading

Ferocious Kitten: 6 years of covert surveillance in Iran- Tempemail

Ferocious Kitten is an APT group that since at least 2015 has been targeting Persian-speaking individuals who appear to be based in Iran. Although it has been active for a long time, the group has mostly operated under the radar and has not been covered by security researchers to the Continue Reading

Andariel evolves to target South Korea with ransomware- Tempemail

Executive summary In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. While we were doing our research into these findings, Malwarebytes published a nice report with technical details about the same series of Continue Reading

PuzzleMaker attacks with Chrome zero-day exploit chain- Tempemail

On April 14-15, 2021, Kaspersky technologies detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. While we were not able to retrieve the exploit used for remote code execution (RCE) in Continue Reading

Gootkit: the cautious Trojan | Securelist- Tempemail

Gootkit is complex multi-stage banking malware that was discovered for the first time by Doctor Web in 2014. Initially it was distributed via spam and exploits kits such as Spelevo and RIG. In conjunction with spam campaigns, the adversaries later switched to compromised websites where the visitors are tricked into Continue Reading

Tempemail spoofing: how attackers impersonate legitimate senders- Tempemail

Introduction In a nutshell, email spoofing is the creation of fake emails that seem legitimate. This article analyzes the spoofing of email addresses through changing the From header, which provides information about the sender’s name and address. SMTP (Simple Mail Transfer Protocol, the main email transmission protocol in TCP/IP networks) Continue Reading

Children report 2021 | Securelist- Tempemail

For over a year we’ve been living in a world gripped by the COVID-19 pandemic. Not only has the pandemic affected people’s lifestyles, it has also accelerated the development and implementation of technologies that make it easier for us to complete everyday and work-related tasks. We no longer need to Continue Reading

IT threat evolution Q1 2021. Non-mobile statistics- Tempemail

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Quarterly figures According to Kaspersky Security Network, in Q1 2021: Kaspersky solutions blocked 2,023,556,082 attacks launched from online resources across the globe. 613,968,631 unique URLs were recognized as malicious by Web Continue Reading

IT threat evolution Q1 2021. Mobile statistics- Tempemail

The statistics presented here draw on detection verdicts returned by Kaspersky products as provided by users who consented to share statistical data. Quarterly figures According to Kaspersky Security Network, in the first quarter we saw: 1,451,660 detected mobile installation packages, of which 25,314 packages were related to mobile banking Trojans, Continue Reading

IT threat evolution Q1 2021- Tempemail

Targeted attacks Putting the ‘A’ into APT In December, SolarWinds, a well-known IT managed services provider, fell victim to a sophisticated supply-chain attack. The company’s Orion IT, a solution for monitoring and managing customers’ IT infrastructure, was compromised by threat actors. This resulted in the deployment of a custom backdoor, Continue Reading