Our team recently discovered an interesting attack that appeared to be targeting victims in the UAE using a lure in the style of the UAE Ministry of Foreign Affairs. We are publishing our findings here. The attack starts with a Microsoft Word document that loads a remote template containing malicious macros, which finally delivers a …
Developments in the conflict between Iran and the US over the last week included the promised retaliatory attacks launched by Tehran in response to the killing by the US of military commander Qassem Soleimani. The strikes on American bases in Iraq did not result in any further loss of life, and the general consensus – …
On 3 January 2020 the news broke that President Trump had ordered an airstrike that resulted in the deaths of General Qassem Soleimani and six other Iranian officials. A US drone strike reportedly successfully targeted two cars leaving Baghdad Airport. The attack happened just days after a US contractor had been killed in an assault …
Conflict between US and Iran escalates to new level Read More »
Last week, Iran’s Minister of Communications and Information Technology announced that the country had successfully prevented an attempted “huge cyber attack organised by a foreign state”. While he did not provide specific details about the incident, he said that Iran had faced “a highly-organized and state-sponsored attack against the infrastructures of the electronic government and …
Iran and the USA: an escalation in cyber-warfare? Read More »
The World Anti-Doping Agency (WADA) this week announced the imposition of a four-year sporting ban on Russia, which cannot now compete in any major global events, including the 2020 Tokyo Olympics and the 2022 World Cup in Qatar. Russia had been previously been subject to a three-year suspension over doping allegations. This was lifted in …
Sporting bans, Russian hackers and the Tokyo Olympics Read More »
Over the last couple of years, a great deal of attention in western countries has been directed towards the Chinese telecom companies Huawei and ZTE, which have been banned from participating in the 5G market by various governments, due to concerns over cyber espionage. While debates continue, analysts have also recently been focusing on the …
Credential stuffing, a simple attack that involves running lists of stolen credentials against various services in the hopes of finding password reuse, is one of the most popular ways cyber criminals acquire accounts to sell on Darknet marketplaces. Victims often don’t know the difference between credential stuffing or an actual exploit or breach, and this …
Packing heat: the rise of credential stuffing in 2019 Read More »
Recently our team discovered two very interesting tools published on GitHub by security researchers Michele Orrù and Giuseppe Trotta. Muraena is an almost transparent reverse proxy capable of proxying the victim through to the legitimate target website while harvesting credentials and cookies, and in most cases allowing 2FA flows to complete. (source) Necrobrowser is …
This week it was reported that the 1000MW Kudankulam Nuclear Power Plant (KKNPP), owned by the Nuclear Power Corporation of India, had been hit by a cyber-attack. Two generators were taken offline. The company initially denied that an attack had taken place; however, shortly afterwards, it confirmed that one of its internet-connected administrator PCs was …
Earlier this week, the UK’s National Cyber Security Centre (NCSC) and the USA’s National Security Agency (NSA) revealed that the Russian hacker group widely known as Turla had been using the Iranian APT Oilrig’s tools and infrastructure to target victims for its own ends. The researchers came to this conclusion when investigating an attack that …
