SharpPanda: Chinese APT Group Targets Southeast Asian Government With Previously Unknown Backdoor

June 3, 2021 1:00 pm

Introduction Check Point Research identified an ongoing surveillance operation targeting a Southeast Asian government. The attackers use spear-phishing to gain initial access and leverage old Microsoft Office vulnerabilities together with the chain of... Click to Read More

Uyghurs, a Turkic ethnic minority in China, targeted via fake foundations

May 27, 2021 12:59 pm

Introduction During the past year, Check Point Research (CPR), in cooperation with Kaspersky’s GReAT, have been tracking an ongoing attack targeting a small group of Uyghur individuals located in Xinjiang and Pakistan. Considerable... Click to Read More

Melting Ice – Tracking IcedID Servers with a few simple steps

May 26, 2021 8:51 pm

Research by: Alex Ilgayev Introduction Tracking botnets usually demands a significant amount of effort, time, and threat intelligence know-how. The barrier to entry grows even larger in cases of multi-staged complex malware families... Click to Read More

Security probe of Qualcomm MSM data services

May 6, 2021 12:59 pm

Research By: Slava Makkaveev Introduction Mobile Station Modem (MSM) is an ongoing series of a 2G/3G/4G/5G-capable system on chips (SoC) designed by Qualcomm starting in the early 1990s. MSM has always been and... Click to Read More

Pwn2Own Qualcomm DSP

May 6, 2021 12:59 pm

Research By: Slava Makkaveev Introduction Snapdragon is a suite of system on a chip (SoC) semiconductor products for mobile devices designed and marketed by Qualcomm Technologies Inc. A single SoC may include multiple... Click to Read More

Iran’s APT34 Returns with an Updated Arsenal

April 8, 2021 1:27 pm

Introduction Check Point Research discovered evidence of a new campaign by the Iranian threat group APT34 (aka OilRig), against what appears to be a Lebanese target, employing a new backdoor variant we dubbed... Click to Read More

Playing in the (Windows) Sandbox

March 11, 2021 2:30 pm

Research By: Alex Ilgayev Introduction Two years ago, Microsoft released a new feature as a part of the Insiders build 18305 – Windows Sandbox. This sandbox has some useful specifications: Integrated part of... Click to Read More

Clast82 – A new Dropper on Google Play Dropping the AlienBot Banker and MRAT

March 9, 2021 2:00 pm

Research by: Aviran Hazum, Bohdan Melnykov, Israel Wernik Check Point Research (CPR) recently discovered a new Dropper spreading via the official Google Play store, which downloads and installs the AlienBot Banker and MRAT.... Click to Read More

The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day

February 22, 2021 2:00 pm

Research by: Eyal Itkin and Itay Cohen There is a theory which states that if anyone will ever manage to steal and use nation-grade cyber tools, any network would become untrusted, and the... Click to Read More

ApoMacroSploit : Apocalyptical FUD race

February 16, 2021 2:00 pm

1.1      Introduction At the end of November, Check Point Research detected a new Office malware builder called APOMacroSploit, which was implicated in multiple malicious emails to more than 80 customers worldwide. In our... Click to Read More

TikTok fixes privacy issue discovered by Check Point Research

January 26, 2021 1:55 pm

 Research by Eran Vaknin, Alon Boxiner In January 2020, we have published a research on TikTok, reporting we have found that a threat actor could reveal personal information saved on the account and... Click to Read More

Going Rogue- a Mastermind behind Android Malware Returns with a New RAT

January 12, 2021 1:49 pm

Research by: Aviran Hazum, Alex Shamshur, Raman Ladutska, Ohad Mana, Israel Wernik Introduction Now more than ever, we rely on our smartphones to keep in touch with our work, our families and the... Click to Read More

SUNBURST, TEARDROP and the NetSec New Normal

December 22, 2020 5:35 pm

Foreword In December 2020, a large-scale cyberattack targeting many organizations – predominantly tech companies, mainly in the United States, but not only there – was discovered to have been going on for several... Click to Read More

Game On – Finding vulnerabilities in Valve’s “Steam Sockets”

December 10, 2020 1:55 pm

Research by: Eyal Itkin Overview The beautiful thing about video games is that there’s something for everyone. You can play as a 19-year-old Canadian redhead trying to climb a difficult mountain; or as an... Click to Read More

Vulnerability in Google Play Core Library Remains Unpatched in Google Play Applications

December 3, 2020 1:58 pm

Research by: Aviran Hazum, Jonathan Shimonovich Overview: A new vulnerability for the Google Play Core Library was published in late August, which allows Local-Code-Execution (LCE) within the scope of any application that has... Click to Read More