Countries targeted by TA505 using ServHelper    Introduction ServHelper is a backdoor first spotted at the end of 2018 by Proofpoint and linked to TA505. This threat actor is known to have distributed Dridex and Locky in the past, in addition to FlawedAmmyy, FlawedGrace and Get2/SDBBot more recently, amongst others.   This blog post will offer some analysis on developments relating to ServHelper, including detail...

On 4th November 2019 researchers and the media reported a massive ransomware attack against several Spanish companies. Some of this news was exaggerated as it transpired that just two companies confirmed a security incident. However, both companies were attacked by a different threat actor.  This blog post will seek to clarify some details concerning the attack against Everis, which was different to...

  Table of contents Introduction Modular Design Worker Module Onliner Custom XOR key generation algorithm Checker SMTP Module Mailer Module Conclusion IOCs   Introduction Successful cybercrime campaigns make use of different elements working together to achieve their common goal. In the case of Onliner, the spambot appears to be...

Introduction On August 15, 2012, a computer attack left “out of the box” about 30,000 Windows systems of the Saudi Aramco oil company. The incident had a significant impact on businesses processes and production at the company, which took weeks to return to normal activity. The malware deployed in...

Malware advances no longer focused on ‘traditional’ enterprise targets as cybercriminals expand their scope Today we release our Annual Cyberthreat Report, compiling actionable intelligence from Threat Compass with expert insight from our analyst team. We conclude that a higher level of collaboration and intelligence-sharing between industries is ever-more crucial...

Here you are the main conclusions of the just analyzed Cyber Threats which have been apparent on a global level during the second quarter of 2014, comparing them with the first quarter of the year. The main point is that Cyber Threats continue to be increasingly more frequent and...