From September 2016 through late November 2016, a threat actor group used both the Trochilus RAT and a newly idenfied RAT we’ve named MoonWind to target organizations in Thailand, including a utility organization. We chose the name ‘MoonWind’ based on debugging strings we saw within the samples, as well as the compiler used to generate the samples. Continue reading
The Turla espionage group has been targeting various institutions for many years. Recently, we found several new versions of Carbon, a second stage backdoor in the Turla group arsenal. Last year, a technical analysis of this component was made by Swiss GovCERT.ch as part of their report detailing the attack that a defense firm owned by the Swiss government, RUAG, suffered in the past. Continue reading
In order to fully understand the quantum world, we may have to develop a new realm of mathematics. Continue reading
Following a media inquiry, we drilled down into our data and discovered that 56 percent of all IPs used in the attack belonged to DVRs manufactured by the same vendor. We have contacted the vendor with an offer to share our information and assist with resolving the issue. Continue reading
Microsoft Internet Information Services (IIS) 6.0 is vulnerable to a zero-day Buffer Overflow vulnerability (CVE-2017-7269) due to an improper validation of an ‘IF’ header in a PROPFIND request. Continue reading
The Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) is starting a series of regular publications about our research devoted to the threat landscape for industrial organizations. Continue reading
Ukrainian national public cryptographic competition was announced [1] in 2006 by State Service of Special Communication and Information Security of Ukraine. General aim of the competition is selection of the symmetric block cipher which can be a prototype of the national standard of Ukraine instead of GOST 28147–89 [2]. Cipher, proposed to the competition, should satisfy the following main requirements [1]:
