All Articles (147)

AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically by employing the Shodan.io API. The AutoSploit program allows a user to enter a targeted operating platform’s specific search query such as: Apache, IIS, etc, - upon which a list of candidates will be obtained. This exploit tool can be troublesome for networks that do not employ sound cyber security practices.
Bosnia and Herzegovina is a country in Southeastern Europe formerly under the Republic of Yugoslavia. After the dissolution of Yugoslavia, Bosnia and Herzegovina has experienced infighting of ethnically and religiously motivated hacktivist groups, as well as commercially motivated hackers. Current cyberlaws are not fully enacted, yet the country completely cooperates to fight cybercrime. Bosnian hackers use Bosnian, Serbian, German, English, and other languages to communicate. Due to recent…
A serious vulnerability has been identified in Skype that could allow attackers to gain full control of the target machine by granting system-level privileges to a local, unprivileged user.
On 08 February 2018, Wapack Labs discovered a user affected by the Azorult malware who may have compromised a major US city’s procurement portal. Analysts identified this infected user through our keylogger collection project. The affected user had their username and password stolen when signing onto the city’s procurement website portal. This city’s portal permits contractors to enter bids for the government’s request for quotes (RFQ).
A vulnerability in a piece of code titled gSOAP, also known as, “Devil’s Ivy,” is widely being exploited in physical security products. This could potentially allow attackers to fully disable or take over thousands of models of internet-connected devices, from security cameras to sensors and access-card readers.
In February 2018, Wapack Labs identified configurations for a Structured Query Language (SQL) injection tool showing attempted exploitation against the site for the 2018 Winter Olympic Games in PyeongChang, South Korea. A Wapack Labs Analyst identified the tool as SQLi Dumper. The developer, “c4rl0s” (for Carlos), states the SQL injection tool supports blind SQL injection, schema dumping, file dumping, MySQL brute forcing, site scanning, and can also hash online cracks. The attempted injection…
A new malware has been discovered targeting institutions in government, technology, education and telecommunications sectors in Asian counties and in the US. This malware performs various tasks, including password stealing, bitcoin mining, and providing hackers complete remote access to compromised systems.
A new strain of point-of-sale (PoS) malware has been discovered by security researchers that disguises itself as a LogMeIn service pack and steals credit card payment information through DNS queries. Since the malware relies on UDP DNS traffic for extraction of data, it was named “UDPoS” by researchers who discovered it.
On 31 January 2018, South Korea’s Computer Emergency Response Team (KR-CERT) published an advisory about an Adobe Flash zero-day vulnerability being exploited in the wild. On 1 February 2018, Adobe released an advisory confirming the vulnerability exists in Adobe Flash Player. The vulnerability is dubbed, “CVE-2018-4878.”
Researchers have unveiled a powerful spyware variant that provides attackers complete control of the target device remotely. The malware was first seen in 2014. It has evolved over time, from simple un-obfuscated malware in the beginning, to sophisticated multi-stage spyware that provides attackers full remote control of the infected device.
The XXIII Olympic Winter Games, hosted in PyeongChang, South Korea, commence on 9 February 2018. Wapack Labs observed two compromised individuals, infected with AZORult malware, logging into the official Olympic Winter Games portal, pyeongchang2018.com. AZORult is a Trojan horse which steals information from a compromised system. After installation, AZORult begins looking for sensitive data; browser cookies, usernames and passwords, system information, and autocomplete fields.


Actor Type: II
Serial: TR-18-026-001
Countries: all
Report Date: 20180126

Dark Caracal APT Group

Researchers have identified an Advanced Persistent Threat group (APT) identified as Dark Caracal (DC).  DC claims to have stolen hundreds of gigabytes of data…

Zyklon is a family of malware which first emerged in early 2016 before going dormant until January 2017. Attackers then exploited several vulnerabilities in the Microsoft Office software suite in order to spread Zyklon malware.


Actor Type: II
Serial: TR-18-024-001
Countries: IN, CN
Report Date: 20180124

Iranian APT Groups


APT34 is involved in long-term cyber espionage operations largely focused in the Middle East.  This threat group has targeted a wide…

A vulnerability has been identified within Intel’s Active Management Technology, which could allow attackers to bypass logins and place backdoors; allowing them remote access to the target laptop. This remote access can be exploited within one minute.
A security researcher has made public a vulnerability in Apple’s MacOS operating system which allows an attacker to take complete control of the system. The vulnerability was made public on 31 December 2017 by a researcher who is identified as, “Siguza.”
Wapack Labs is monitoring the developments in the ongoing Iran protests. Wapack analysts continue to observe an increase in Internet restriction and disabling of communication applications; Facebook, Twitter, Telegram, Google, WhatsApp, and Signal. To date, ProtonMail’s free VPN service for Android phones, and Psiphon, an app that circumnavigates network firewalls, are the only means of providing anonymity for Iranian citizens.