Our cyber threat intelligence experts discover a new group that uses presumably legitimate software to interfere with government organizations. A characteristic feature of these attackers is the use of popular tools that are easy to detect and block. Nevertheless, this has not stopped Sticky Werewolf from succeeding. The group’s activity…

Any threat actor with $140 can utilize this malware. For that price, they get a complete end-to-end attack kit: i) a builder to create malware samples, ii) access to the control panel of compromised devices, iii) updates and messenger support. Keep reading for more information about the popular stealer targeting…

Cybercriminals have modified the standard “phishing email + remote access” combo with an unexpected hook — the leveraging of legitimate Russian software. BI.ZONE CESP has detected and prevented one such attack that targeted hospitality organizations. We are taking an in-depth look at the attack to explain why the potential victims…

The cyber spies who had been on hiatus since 2022 make a surprising comeback. Red Wolf has been spotted penetrating company infrastructures for espionage purposes. By slowly moving forward in the compromised environments and not drawing much attention, the group managed to stay invisible for up to six months. BI.ZONE…

Delivering attacks through emails is so last century, or at least so seem to think the Watch Wolf group hackers who switched to spreading their malware through SEO poisoning. We discovered that they deliver the Buhtrap trojan through fake websites posing as legitimate resources for accountants. Context ads help to…

A new threat has been uncovered. The Key Wolf hacker group is bombarding Russian users with file-encrypting ransomware. Interestingly enough, the attackers do not demand any ransom. Nor do they provide any options to decrypt the affected files. Our experts were the first to detect the proliferation of the new…

By Konstantin Molodyakov Masscan is a fast network scanner that is good for scanning a large range of IP addresses and ports. We’ve adapted it to our needs by giving it a little tweak. The biggest inconvenience in the original version was the inability to collect banners from HTTPS servers…

Unlike software vulnerabilities, hardware security flaws are not always possible to fix. However, this is no reason to be frustrated! The security of IoT, phones, tablets, control units, etc. still needs to be researched. …

Log4Shell is a critical vulnerability in the Log4j logging library, which is used by many Java web applications. In protecting against the exploit of Log4Shell, you need to know what applications are vulnerable to this attack, which is a rather difficult task. To make things easier, we have developed a…