The Kaspersky Lab Global Research and Analysis Team (GReAT) has discovered several infections from a previously unknown Trojan, which is most likely related to the infamous Chinese-speaking threat actor – LuckyMouse.
This year, the world will see more legitimate software being poisoned by groups targeting wider victim profiles and geographies, with the added advantage that such attacks are extremely hard to spot and mitigate, according to Kaspersky Lab’s Targeted Threat Predictions for 2018.
From spying, stealing, and leaking state, military, and trade secrets, cybersecurity researchers at Kaspersky Lab discovered that cybercriminals operating in the region now aim for monetary gain as they infect banks in APAC countries.
To overcome the need for investigators to travel far and wide to gather evidence from infected computers after a cyberattack, a Kaspersky Lab expert has developed a simple tool that can remotely collect vital data without risk of its contamination or loss. Named BitScout, the tool can build a swiss-army knife for the remote forensic investigation of live systems and has been made freely available for all investigators to use.
Kaspersky Lab’s Global Research and Analysis Team has discovered a new sophisticated wiper malware, called StoneDrill. Just like another infamous wiper, Shamoon, it destroys everything on the infected computer.
Kaspersky Lab’s Global Research and Analysis Team has announced the discovery of the Poseidon Group, an advanced threat actor active in global cyber-espionage operations since at least 2005. What makes the Poseidon Group stand out is that it’s a commercial entity, whose attacks involve custom malware digitally signed with rogue certificates deployed to steal sensitive data from victims to coerce them into a business relationship. In addition, the malware is designed to function specifically on English and Brazilian Portuguese Windows machines, a first for a targeted attack.
10 February 2016 Kaspersky Lab’s Global Research and Analysis Team has published extensive research on the Adwind RAT, a cross-platform, multifunctional malware program also known as AlienSpy, Frutas, Unrecom, Sockrat, JSocket and jRat, and which is distributed through a single malware-as-a-service platform. According to the results of the investigation, conducted between 2013 and 2016, different versions of the Adwind malware have been used in attacks against at least 443,000 private users, commercial and non-commercial organizations around the world. The platform and the malware are still active.