Geek-Guy.com

Tag: Malware Analysis

CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations

On March 1, 2022, ESET reported a third destructive data wiper variant used in attacks against Ukrainian organizations dubbed as CaddyWiper. CaddyWiper’s method of destruction is by overwriting file data with “NULL” values. This is the fourth sample of malware IBM Security X-Force has released public content for which has been reportedly targeted systems belonging […]

The post CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations appeared first on Security Intelligence.

DiskKill/HermeticWiper and NotPetya (Dis)similarities

Many security researchers, professional cybersecurity analysts and cybsec organizations realized great analyses on DiskKill (HermeticWiper), some of my favorite are HERE, HERE and HERE. Today what I’d like to do, is to focus on specific HermeticWiper characteristics and looking for similarities (or differences) to another similar (and well known) cyber attack happened in Ukraine few […]

IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine

This post was written with contributions from IBM Security X-Force’s Christopher Del Fierro, Claire Zaboeva and Richard Emerson. On February 23, 2022, open-source intelligence sources began reporting detections of a wiper malware — a destructive family of malware designed to permanently destroy data from the target — executing on systems belonging to Ukrainian organizations. IBM […]

The post IBM Security X-Force Research Advisory: New Destructive Malware Used In Cyber Attacks on Ukraine appeared first on Security Intelligence.

APT28 SKINNYBOY: Cheat Sheet

APT28, also known as Sofacy Group is an (in)famous threat actor. It is a cyber espionage group believed to have ties to the Russian government. Likely operating since 2007, the group is known to target government, military, and security organizations and it has been characterized as an advanced persistent threat over the past years from […]

Nation State Threat Group Targets Airline with Aclip Backdoor

In March 2021, IBM Security X-Force observed an attack on an Asian airline that we assess was likely compromised by a state-sponsored adversary using a new backdoor that utilizes Slack. The adversary leveraged free workspaces on Slack, a legitimate messaging and collaboration application likely to obfuscate operational communications, allowing malicious traffic, or traffic with underlying […]

The post Nation State Threat Group Targets Airline with Aclip Backdoor appeared first on Security Intelligence.