SharpPanda: Chinese APT Group Targets Southeast Asian Government With Previously Unknown Backdoor

June 3, 2021 1:00 pm

Introduction Check Point Research identified an ongoing surveillance operation targeting a Southeast Asian government. The attackers use spear-phishing to gain initial access and leverage old Microsoft Office vulnerabilities together with the chain of... Click to Read More

Uyghurs, a Turkic ethnic minority in China, targeted via fake foundations

May 27, 2021 12:59 pm

Introduction During the past year, Check Point Research (CPR), in cooperation with Kaspersky’s GReAT, have been tracking an ongoing attack targeting a small group of Uyghur individuals located in Xinjiang and Pakistan. Considerable... Click to Read More

Iran’s APT34 Returns with an Updated Arsenal

April 8, 2021 1:27 pm

Introduction Check Point Research discovered evidence of a new campaign by the Iranian threat group APT34 (aka OilRig), against what appears to be a Lebanese target, employing a new backdoor variant we dubbed... Click to Read More

SUNBURST, TEARDROP and the NetSec New Normal

December 22, 2020 5:35 pm

Foreword In December 2020, a large-scale cyberattack targeting many organizations – predominantly tech companies, mainly in the United States, but not only there – was discovered to have been going on for several... Click to Read More

Bandook: Signed & Delivered

November 26, 2020 2:21 pm

Introduction Check Point Research recently observed a new wave of campaigns against various targets worldwide that utilizes a strain of a 13-year old backdoor Trojan named Bandook. Bandook, which had almost disappeared from... Click to Read More

Pay2Key – The Plot Thickens

November 12, 2020 12:58 pm

Introduction Last weekend we issued a ransomware alert about a wave of attacks using a never-seen-before strain dubbed ‘Pay2Key.’ Our investigation suggested the ransomware operators were mostly targeting Israeli companies.  The ransomware used... Click to Read More

Exploit Developer Spotlight: The Story of PlayBit

October 26, 2020 1:00 pm

Research By: Eyal Itkin and Itay Cohen Introduction Exploits have always been an important and integral part of malicious attacks. They allow attackers to gain capabilities that are not easy to achieve otherwise.... Click to Read More

Rampant Kitten – An Iranian Espionage Campaign

September 18, 2020 12:58 pm

Introduction Check Point Research unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by... Click to Read More

Gozi: The Malware with a Thousand Faces

August 28, 2020 12:57 pm

Introduction Most of the time, the relationship between cybercrime campaigns and malware strains is simple. Some malware strains, like the gone-but-not-forgotten GandCrab, are intimately tied to a single actor, who is using the... Click to Read More

10th August – Threat Intelligence Bulletin

August 10, 2020 6:47 am

For the latest discoveries in cyber research for the week of 10th August 2020, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Reddit has suffered an attack, in which tens of... Click to Read More

Don’t be silly – it’s only a lightbulb

August 7, 2020 1:28 pm

Research by: Eyal Itkin Background Everyone is familiar with the concept of IoT, the Internet of Things, but how many have heard of smart lightbulbs? You can control the light in your house, and... Click to Read More

CPR Anti-Debug Encyclopedia: The Check Point Anti-Debug Techniques Repository

August 5, 2020 1:34 am

Debugging is the essential part of malware analysis. Every time we need to drill down into malware behavior, restore encryption methods or examine communication protocols – generally, whenever we need to examine memory... Click to Read More

Hacker, 22, seeks LTR with your data: vulnerabilities found on popular OkCupid dating app

July 29, 2020 2:00 am

No Actual Daters Harmed in This Exercise   Research by Alon Boxiner, Eran Vaknin With over 50 million registered users since its launch, and the majority aged between 25 and 34, OkCupid is... Click to Read More

Office 365 Phishing Campaign Exploits Samsung, Adobe and Oxford Servers

June 18, 2020 2:05 am

Introduction Over the last few years, the adoption of Office 365 in the corporate sector has significantly increased. Its popularity has attracted the attention of cybercriminals who launch phishing campaigns specifically to attack... Click to Read More

GuLoader? No, CloudEyE.

June 8, 2020 1:59 am

Italian company exposed on Clearnet earned up to $ 500,000 helping cybercriminals to deliver malware using cloud drives. Recently, we wrote about the network dropper known as GuLoader, which has been very actively... Click to Read More