Recently, our team has noticed a slight uptick in malicious Word documents using Ostap to deliver a TrickBot payload. These documents tend to have a low detection rate and are very fussy about running in a sandbox. In order to get a better idea of how they work, we needed to deobfuscate the downloader by […]
Deobfuscating Ostap Downloader Read More »
Our team recently discovered an interesting attack that appeared to be targeting victims in the UAE using a lure in the style of the UAE Ministry of Foreign Affairs. We are publishing our findings here. The attack starts with a Microsoft Word document that loads a remote template containing malicious macros, which finally delivers a
JhoneRat – a snake in the network Read More »
Developments in the conflict between Iran and the US over the last week included the promised retaliatory attacks launched by Tehran in response to the killing by the US of military commander Qassem Soleimani. The strikes on American bases in Iraq did not result in any further loss of life, and the general consensus –
US-Iran tensions decrease – for now Read More »
On 3 January 2020 the news broke that President Trump had ordered an airstrike that resulted in the deaths of General Qassem Soleimani and six other Iranian officials. A US drone strike reportedly successfully targeted two cars leaving Baghdad Airport. The attack happened just days after a US contractor had been killed in an assault
Conflict between US and Iran escalates to new level Read More »
Last week, Iran’s Minister of Communications and Information Technology announced that the country had successfully prevented an attempted “huge cyber attack organised by a foreign state”. While he did not provide specific details about the incident, he said that Iran had faced “a highly-organized and state-sponsored attack against the infrastructures of the electronic government and
Iran and the USA: an escalation in cyber-warfare? Read More »
The World Anti-Doping Agency (WADA) this week announced the imposition of a four-year sporting ban on Russia, which cannot now compete in any major global events, including the 2020 Tokyo Olympics and the 2022 World Cup in Qatar. Russia had been previously been subject to a three-year suspension over doping allegations. This was lifted in
Sporting bans, Russian hackers and the Tokyo Olympics Read More »
Over the last couple of years, a great deal of attention in western countries has been directed towards the Chinese telecom companies Huawei and ZTE, which have been banned from participating in the 5G market by various governments, due to concerns over cyber espionage. While debates continue, analysts have also recently been focusing on the
WeChat: how private is your data? Read More »
Credential stuffing, a simple attack that involves running lists of stolen credentials against various services in the hopes of finding password reuse, is one of the most popular ways cyber criminals acquire accounts to sell on Darknet marketplaces. Victims often don’t know the difference between credential stuffing or an actual exploit or breach, and this
Packing heat: the rise of credential stuffing in 2019 Read More »
Recently our team discovered two very interesting tools published on GitHub by security researchers Michele Orrù and Giuseppe Trotta. Muraena is an almost transparent reverse proxy capable of proxying the victim through to the legitimate target website while harvesting credentials and cookies, and in most cases allowing 2FA flows to complete. (source) Necrobrowser is
Attack of the Zombie Eels Read More »
