Thread Defense

European supercomputers hacked to mine cryptocurrency

Several high-performance computers working on COVID-19 research have been forced offline following a string of attacks Multiple supercomputers across Europe that are working on COVID-19 research have been targeted by cryptocurrency-mining attacks over the past week. The reports of the incursions started pouring in last Monday, when supercomputers in the United Kingdom and Germany were […]

Week in security with Tony Anscombe

Share ESET research into malware taking aim at air-gapped networks – Dissecting a backdoor hitting high-profile targets in Asia – WannaCryptor three years later This week, ESET researchers published their findings about a previously unreported cyber-espionage toolkit that they dubbed Ramsay and that is designed to compromise, and steal documents from, air-gapped networks. In another […]

Microsoft fixes vulnerability affecting all Windows versions since 1996

Another vulnerability in the same Windows component was abused by Stuxnet a decade ago Share Another vulnerability in the same Windows component was abused by Stuxnet a decade ago A vulnerability in a decades-old Windows component that controls printing on machines running the operating system could be abused by malicious actors to gain elevated privileges […]

Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia

ESET researchers dissect a backdoor deployed in attacks against multiple government agencies and major organizations operating in two critical infrastructure sectors in Asia In this joint blogpost with fellow researchers from Avast, we provide a technical analysis of a constantly developed RAT that has been used in various targeted campaigns against both public and private […]

RATicate: an attacker’s waves of information-stealing malware

In a series of malspam campaigns dating back to November of 2019, an unidentified group sent out waves of installers that drop remote administration tool (RAT) and information stealing malware on victims’ computers. We’ve identified five separate campaigns between November, 2019 and January, 2020 in which the payloads used similar packing code and pointed to […]

Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks

ESET researchers uncover several instances of malware that uses various attack vectors to target systems isolated by an air gap ESET researchers have discovered a previously unreported cyber-espionage framework that we named Ramsay and that is tailored for collection and exfiltration of sensitive documents and is capable of operating within air‑gapped networks. We initially found […]