SecureList

NOVEMBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware 93

Malware Banking Energy and Utilities Accountability 93

Security Affairs

JULY 7, 2019

Cyber Defense Magazine – July 2019 has arrived. Firefox finally addressed the Antivirus software TLS Errors. China installs a surveillance app on tourists phones while crossing in the Xinjiang. Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH). LooCipher: The New Infernal Ransomware.

Scams 47

Scams Spyware DNS Advertising 47

SecureList

MAY 31, 2021

A41APT is a long-running campaign, active from March 2019 to the end of December 2020, that has targeted multiple industries, including Japanese manufacturing and its overseas bases. We believe this is a continuation of a campaign last summer, reported by Avast , in which the malware masqueraded as the Malwarebytes antivirus installer.

Malware 102

Malware Adware Encryption Architecture 102

SecureList

APRIL 27, 2021

One of the suspected FinFly Web servers was active for more than a year between October 2019 and December 2020. We investigated a long-running espionage campaign, dubbed A41APT, targeting multiple industries, including the Japanese manufacturing industry and its overseas bases, which has been active since March 2019.

Malware 142

Malware Spyware Government Social Engineering 142