Heimadal Security

JANUARY 16, 2023

The VPN market has grown considerably in the last few years due to the increasing popularity of VPN technologies. However, corrupted VPN installers have been used by threat actors to deliver a piece of spyware called EyeSpy, as part of a malware campaign that started in May 2022.

Spyware 80

Spyware VPN Marketing Technology 80

SecureList

NOVEMBER 1, 2022

This is our latest installment, focusing on activities that we observed during Q3 2022. On July 7, CISA issued an alert, “ North Korean State-Sponsored Cyber Actors Use Maui Ransomware To Target the Healthcare and Public Health Sector “, based on a Stairwell report about Maui ransomware.

Malware 142

Malware Ransomware Spyware Encryption 142

SecureList

APRIL 27, 2021

This is our latest installment, focusing on activities that we observed during Q1 2021. In our initial report on Sunburst , we examined the method used by the malware to communicate with its C2 (command-and-control) server and the protocol used to upgrade victims for further exploitation. The most remarkable findings.

Malware 142

Malware Spyware Government Social Engineering 142

SecureList

OCTOBER 26, 2021

This is our latest installment, focusing on activities that we observed during Q3 2021. The backdoor, dubbed Tomiris, bears a number of similarities to the second-stage malware, Sunshuttle (aka GoldMax), used by DarkHalo last year. Following this, they were tricked into downloading previously unknown malware. Russian-speaking activity.

Malware 143

Malware Government Surveillance Spyware 143