Archive for March, 2017


From September 2016 through late November 2016, a threat actor group used both the Trochilus RAT and a newly idenfied RAT we’ve named MoonWind to target organizations in Thailand, including a utility organization. We chose the name ‘MoonWind’ based on debugging strings we saw within the samples, as well as the compiler used to generate the samples.  Continue reading

The Turla espionage group has been targeting various institutions for many years. Recently, we found several new versions of Carbon, a second stage backdoor in the Turla group arsenal. Last year, a technical analysis of this component was made by Swiss as part of their report detailing the attack that a defense firm owned by the Swiss government, RUAG, suffered in the past. Continue reading

Illustration: diver searching for new math

In order to fully understand the quantum world, we may have to develop a new realm of mathematics. Continue reading


Following a media inquiry, we drilled down into our data and discovered that 56 percent of all IPs used in the attack belonged to DVRs manufactured by the same vendor. We have contacted the vendor with an offer to share our information and assist with resolving the issue. Continue reading

An environmental scientist working on a laptop in a chemically contaminated area.

An Uncommon Tale of a Failed Banking Trojan Vendor

Continue reading

Microsoft Internet Information Services (IIS) 6.0 is vulnerable to a zero-day Buffer Overflow vulnerability (CVE-2017-7269) due to an improper validation of an ‘IF’ header in a PROPFIND request. Continue reading

Threat Landscape for Industrial Automation Systems, H2 2016

The Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) is starting a series of regular publications about our research devoted to the threat landscape for industrial organizations. Continue reading

Ukrainian national public cryptographic competition was announced [1] in 2006 by State Service of Special Communication and Information Security of Ukraine. General aim of the competition is selection of the symmetric block cipher which can be a prototype of the national standard of Ukraine instead of GOST 28147–89 [2]. Cipher, proposed to the competition, should satisfy the following main requirements [1]:

Continue reading


Researchers in Israel have shown off a novel technique that would allow attackers to wirelessly command devices using a laser light, bypassing so-called air gaps.

Continue reading