New Strain of Olympic Destroyer Droppers

November 15, 2018 2:28 pm

Over the last few weeks, we have noticed new activity from Hades, the APT group behind the infamous Olympic Destroyer attack. Moreover, this new wave of attack shares a lot with those previously... Click to Read More

DJI Drone Vulnerability

November 8, 2018 5:14 am

Research by: Oded Vanun, Dikla Barda and Roman Zaikin DJI is the world’s leader in the civilian drone and aerial imaging technology industry. Besides from consumers, though, it has also taken a large... Click to Read More

New Ramnit Campaign Spreads Azorult Malware

November 1, 2018 12:58 am

Research by: Nikita Fokin and Alexey Bukhteyev This summer we wrote about the Ramnit malware and its underlying “Black” botnet campaign which was used for distributing proxy malware. Much to our surprise, the C&C servers... Click to Read More

Zooming In On “Domestic Kitten”

October 23, 2018 7:29 am

In recent years, Iran has been channeling significant resources into cyber warfare, devoting designated entities within multiple government agencies to conduct extensive espionage campaigns against foreign countries such as the United States, Israel... Click to Read More

The Emergence of the New Azorult 3.3

October 17, 2018 1:33 pm

Research by: Israel Gubi During the last week, Check Point Research spotted a new version of Azorult in the wild being delivered through the RIG exploit kit, as well as other sources. Azorult... Click to Read More

Godzilla Loader and the Long Tail of Malware

October 14, 2018 11:41 pm

Research by: Ben Herzog To most victims, malware is a force of nature. Zeus, Wannacry, Conficker are all vengeful gods, out to punish the common man for clicking the wrong link. Even for... Click to Read More

Domestic Kitten: An Iranian Surveillance Operation

September 7, 2018 6:03 am

Chinese strategist Sun Tzu, Italian political philosopher Machiavelli and English philosopher Thomas Hobbes all justified deceit in war as a legitimate form of warfare. Preceding them all, however, were some in the Middle... Click to Read More

Ransom Warrior Decryption Tool

August 30, 2018 7:28 am

On August 8th, a new ransomware, dubbed ‘RansomWarrior’, was found by the Malware Hunter Team. Going by the ransom note shown to its victims, RansomWarrior seems to have been developed by Indian hackers, who... Click to Read More

CeidPageLock: A Chinese RootKit

August 28, 2018 12:36 am

Research by: Israel Gubi Over the last few weeks, we have been observing a rootkit named CEIDPageLock being distributed by the RIG Exploit kit. The rootkit was first discovered by 360 Security Center... Click to Read More

Interactive Mapping of APT-C-23

August 26, 2018 11:54 pm

Research by: Aseel Kayal Last month, we investigated the renewal of a targeted attack against the Palestinian Authority, attributed to the APT-C-23 threat group. Although this campaign was initially discovered in early 2017,... Click to Read More