All Articles (2283)

Sort by
A vulnerability in a piece of code titled gSOAP, also known as, “Devil’s Ivy,” is widely being exploited in physical security products. This could potentially allow attackers to fully disable or take over thousands of models of internet-connected devices, from security cameras to sensors and access-card readers.
Views: 46
Comments: 0
In February 2018, Wapack Labs identified configurations for a Structured Query Language (SQL) injection tool showing attempted exploitation against the site for the 2018 Winter Olympic Games in PyeongChang, South Korea. A Wapack Labs Analyst identified the tool as SQLi Dumper. The developer, “c4rl0s” (for Carlos), states the SQL injection tool supports blind SQL injection, schema dumping, file dumping, MySQL brute forcing, site scanning, and can also hash online cracks. The attempted injection w
Views: 774
Comments: 0
A new malware has been discovered targeting institutions in government, technology, education and telecommunications sectors in Asian counties and in the US. This malware performs various tasks, including password stealing, bitcoin mining, and providing hackers complete remote access to compromised systems.
Views: 93
Comments: 0
A new strain of point-of-sale (PoS) malware has been discovered by security researchers that disguises itself as a LogMeIn service pack and steals credit card payment information through DNS queries. Since the malware relies on UDP DNS traffic for extraction of data, it was named “UDPoS” by researchers who discovered it.
Views: 50
Comments: 0
On 31 January 2018, South Korea’s Computer Emergency Response Team (KR-CERT) published an advisory about an Adobe Flash zero-day vulnerability being exploited in the wild. On 1 February 2018, Adobe released an advisory confirming the vulnerability exists in Adobe Flash Player. The vulnerability is dubbed, “CVE-2018-4878.”
Views: 28
Comments: 0
Mozilla has released a critical update to patch a serious vulnerability that allows attackers to execute code remotely on computers running the affected version of Firefox browser.
Views: 17
Comments: 0
Researchers have unveiled a powerful spyware variant that provides attackers complete control of the target device remotely. The malware was first seen in 2014. It has evolved over time, from simple un-obfuscated malware in the beginning, to sophisticated multi-stage spyware that provides attackers full remote control of the infected device.
Views: 25
Comments: 0
The XXIII Olympic Winter Games, hosted in PyeongChang, South Korea, commence on 9 February 2018. Wapack Labs observed two compromised individuals, infected with AZORult malware, logging into the official Olympic Winter Games portal, pyeongchang2018.com. AZORult is a Trojan horse which steals information from a compromised system. After installation, AZORult begins looking for sensitive data; browser cookies, usernames and passwords, system information, and autocomplete fields.

TACTICAL CYBER INTELLIGENCE REPORT

Actor Type: II
Serial: TR-18-026-001
Countries: all
Report Date: 20180126

Dark Caracal APT Group

Researchers have identified an Advanced Persistent Threat group (APT) identified as Dark Caracal (DC).  DC claims to have stolen hundreds of gigabytes of data including personal identifiable information.  The types of stolen data include audio recordings, text messages, call records, documents, photos, contact information, secure messaging client content, account data,

Views: 27
Comments: 0
Zyklon is a family of malware which first emerged in early 2016 before going dormant until January 2017. Attackers then exploited several vulnerabilities in the Microsoft Office software suite in order to spread Zyklon malware.
Views: 32
Comments: 0

TACTICAL CYBER INTELLIGENCE REPORT

Actor Type: II
Serial: TR-18-024-001
Countries: IN, CN
Report Date: 20180124

Iranian APT Groups

APT34

APT34 is involved in long-term cyber espionage operations largely focused in the Middle East.  This threat group has targeted a wide variety of industries, including financial, government, energy, chemical, and telecommunications.  The group is thought to have been operational since at least 2014 and is likely linked to the Iranian government.  The group is also kno

Views: 453
Comments: 0
A vulnerability has been identified within Intel’s Active Management Technology, which could allow attackers to bypass logins and place backdoors; allowing them remote access to the target laptop. This remote access can be exploited within one minute.
Views: 17
Comments: 0

SITUATION REPORT

Actor Type: II
Serial: SR-18-017-002
Countries: IN, CN
Report Date: 20180111


Critical Vulnerabilities in Western Digital ‘My Cloud’ Storage Devices

Various critical vulnerabilities have been identified in Western Digital’s My Cloud network attached storage (NAS) devices, which attackers could use to gain root access to a device.

Western Digital’s My Cloud NAS, is a personal cloud storage unit that organizes photos and videos.[1]  It is listed on Amazon as a highly rated device and is

Views: 33
Comments: 0
On 27 December 2017, a critical vulnerability was reported in Samsung Internet Browser, the browser app that comes pre-installed on Samsung Android devices. The vulnerability could allow an attacker to steal data from browser tabs if the user visits an attacker-controlled site.
Views: 27
Comments: 0
A security researcher has made public a vulnerability in Apple’s MacOS operating system which allows an attacker to take complete control of the system. The vulnerability was made public on 31 December 2017 by a researcher who is identified as, “Siguza.”
Views: 39
Comments: 0
Wapack Labs is monitoring the developments in the ongoing Iran protests. Wapack analysts continue to observe an increase in Internet restriction and disabling of communication applications; Facebook, Twitter, Telegram, Google, WhatsApp, and Signal. To date, ProtonMail’s free VPN service for Android phones, and Psiphon, an app that circumnavigates network firewalls, are the only means of providing anonymity for Iranian citizens.

TACTICAL CYBER INTELLIGENCE REPORT

Actor Type: II
Serial: TR-18-009-001
Countries: IN, CN
Report Date: 20180109

Bypassing Antivirus using Amber (Reflective PE Packer)

Amber is a proof-of-concept tool used for bypassing antivirus software.  Amber uses techniques that convert Portable Executables (PEs) to reflectively load those PEs.  This can be used as a multi-stage payload for infection on a target system.  It was developed by Ege Balci and takes advantage of in-memory execution methods.  In-m

Views: 536
Comments: 0

 

TACTICAL CYBER INTELLIGENCE REPORT

**********CORRECTED COPY 15 JAN 18. DISREGARD ALL OTHERS**********

Actor Type: II
Serial: TR-18-014-001
Countries: All, KP, KR
Report Date: 20180114

Pyeongyang Olympics Volunteers Targeted with Malware

Wapack Labs observed two specimens of a macro-malware believed to be targeting volunteers at the 2018 Winter Olympics, Pyeongyang, South Korea.  Two XLSM documents were uploaded to Virus Total from Korea in late November.  The documents are trojanized ver

Meltdown and Spectre are two major flaws that affect all modern computers based on processors from Intel, AMD and ARM. Discovered and named by the team of security researchers as part of Google Project Zero, both of these flaws potentially allow hackers to steal personal data from computers, including cloud servers and mobile devices. The disclosure date for the flaws was January 9, 2018 but due to premature reports, growing speculation and risk of exploitation, the information was revealed s