Black Basta and the Unnoticed Delivery

October 20, 2022 12:57 pm

Introduction As reported by Check Point at the end of H1 2022, 1 out of 40 organizations worldwide were impacted by ransomware attacks, which constitutes a worrying 59% increase over the past year.... Click to Read More

Bumblebee: increasing its capacity and evolving its TTPs

October 3, 2022 2:18 pm

Research by: Marc Salinas Fernandez Background & Key Findings The spring of 2022 saw a spike in activity of Bumblebee loader, a recent threat that has garnered a lot of attention due to... Click to Read More

The New Era of Hacktivism – State-Mobilized Hacktivism Proliferates to the West and Beyond

September 29, 2022 12:58 pm

Introduction Until last year, hacktivism has primarily been associated with groups like Anonymous – decentralized and unstructured collectives made up of private individuals with a variety of agendas. Anonymous has launched multiple campaigns... Click to Read More

7 Years of Scarlet Mimic’s Mobile Surveillance Campaign Targeting Uyghurs

September 22, 2022 1:10 pm

Introduction In 2022, Check Point Research (CPR) observed a new wave of a long-standing campaign targeting the Uyghur community, a Turkic ethnic group originating from Central Asia, one of the largest minority ethnic... Click to Read More

Native function and Assembly Code Invocation

September 21, 2022 2:45 pm

Author: Jiri Vinopal Introduction For a reverse engineer, the ability to directly call a function from the analyzed binary can be a shortcut that bypasses a lot of grief. While in some cases... Click to Read More

DangerousSavanna: Two-year long campaign targets financial institutions in French-speaking Africa

September 6, 2022 12:57 pm

Introduction Recent studies show that more than 85% of financial institutions in Central and Western Africa have repeatedly been victimized in multiple, damaging cyberattacks. In a quarter of these cases, intrusions into network... Click to Read More

CloudGuard Spectral detects several malicious packages on PyPI – the official software repository for Python developers

August 8, 2022 12:59 pm

Highlights: CloudGuard Spectral detects 10 malicious packages on PyPI, the leading Python package index used by developers for the Python programming language Malicious packages install info-stealers that enable attackers to steal developer’s private... Click to Read More

Chinese actor takes aim, armed with Nim Language and Bizarro AES

June 22, 2022 12:52 pm

Executive Summary In this article, Check Point Research shares findings on a group / activity cluster with ties to Tropic Trooper: The infection chain includes a previously undescribed loader (dubbed “Nimbda”) written in... Click to Read More

Iranian Spear-Phishing Operation Targets Former Israeli and US High-Ranking Officials

June 14, 2022 12:57 pm

Introduction Check Point Research uncovers a recent Iranian-based spear-phishing operation aimed against former Israeli officials, high-ranking military personnel, research fellows in research institutions, think tanks, and against Israeli citizens. The attacks use a... Click to Read More

XLoader Botnet: Find Me If You Can

May 31, 2022 2:37 pm

Research by: Alexey Bukhteyev & Raman Ladutska Introduction In July 2021, CPR released a series of three publications covering different aspects of how the Formbook and XLoader malware families function. We described how... Click to Read More

Twisted Panda: Chinese APT espionage operation against Russian state-owned defense institutes

May 19, 2022 1:22 pm

Introduction In the past two months, we observed multiple APT groups attempting to leverage the Russia and Ukraine war as a lure for espionage operations. It comes as no surprise that Russian entities... Click to Read More

State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage

March 31, 2022 12:58 pm

Introduction Geopolitical tensions often make headlines and present a golden opportunity for threat actors to exploit the situation, especially those targeting high-profile victims. In the past month while the Russian invasion of Ukraine... Click to Read More

AirDrop process of ApeCoin cryptocurrency found vulnerable, led to theft of millions of dollars in NFTs

March 19, 2022 2:10 pm

Research by : Dikla Barda, Roman Zaikin, Oded Vanunu Highlights: ApeCoin, one of the largest NTF’s today announced free token claim on launch Hackers found a way to claim free tokens on ApeCoin... Click to Read More

Leaks of Conti Ransomware Group Paint Picture of a Surprisingly Normal Tech Start-Up… Sort Of

March 10, 2022 10:04 pm

Introduction You’ve probably heard of the Conti ransomware group. After their 2020 emergence, they’ve accumulated at least 700 victims, where by “victims” we mean ‘big fish’ corporations with millions of dollars in revenue;... Click to Read More

EvilPlayout: Attack Against Iran’s State Broadcaster

February 18, 2022 1:09 pm

In the past few months, a new wave of cyberattacks has been flooding Iran. These attacks are far from minor website defacements – the recent wave is hitting national infrastructure and causing major... Click to Read More