Latest posts on the Labs Weblog:
Wednesday, July 2, 2014
The backdoor known as "MiniDuke" was identified in Feburary 2013, discovered in a series of attacks against NATO and European government agencies. During MiniDuke analysis in April 2014, we determined that another malware family was using the same loader as MiniDuke stage 3. That malware is part of the Cosmu family of information-stealers which have been around for years.
Monday, June 30, 2014
The universe is full of "Black Energy " and so is cyberspace. Not so very long ago, we wrote about a sample of the BlackEnergy family discovered via VirusTotal. The family is allegedly the same malware used in the cyber-attack against Georgia in 2008. Last Friday, another fresh variant was submitted to VirusTotal. And this time it is more obvious on how it was being distributed: a zip file containing an executable. Again, as was the case earlier this month, the sample was submitted from Ukraine.
Monday, June 23, 2014
During the past year, we've been keeping a close eye on the Havex malware family and the group behind it. Havex is known to be used in targeted attacks against different industry sectors, and it was earlier reported to have specific interest in the energy sector.