1 hour agoRare Wolf preys on sensitive data using fake 1C:Enterprise invoices as lureHow adversaries create diversions and stay invisible BI.ZONE Threat Intelligence specialists have discovered a cybercriminal group that has been active since at least 2019. While this cluster of activity was previously directed against the countries neighboring Russia, now such attacks have reached Russia itself. The attackers use phishing emails to…Information Security5 min readInformation Security5 min read
Oct 13Sticky Werewolf attacks public organizations in Russia and BelarusOur cyber threat intelligence experts discover a new group that uses presumably legitimate software to interfere with government organizations. A characteristic feature of these attackers is the use of popular tools that are easy to detect and block. Nevertheless, this has not stopped Sticky Werewolf from succeeding. The group’s activity…Information Security5 min readInformation Security5 min read
Aug 8White Snake spotted in emails: the stealer was disguised as official state requirementsAny threat actor with $140 can utilize this malware. For that price, they get a complete end-to-end attack kit: i) a builder to create malware samples, ii) access to the control panel of compromised devices, iii) updates and messenger support. Keep reading for more information about the popular stealer targeting…Information Security6 min readInformation Security6 min read
Jul 17Hacker group Quartz Wolf leverages legitimate software for cyberattacksCybercriminals have modified the standard “phishing email + remote access” combo with an unexpected hook — the leveraging of legitimate Russian software. BI.ZONE CESP has detected and prevented one such attack that targeted hospitality organizations. We are taking an in-depth look at the attack to explain why the potential victims…Information Security3 min readInformation Security3 min read
Jun 28Hunting the hunter: BI.ZONE traces the footsteps of Red WolfThe cyber spies who had been on hiatus since 2022 make a surprising comeback. Red Wolf has been spotted penetrating company infrastructures for espionage purposes. By slowly moving forward in the compromised environments and not drawing much attention, the group managed to stay invisible for up to six months. BI.ZONE…Information Security4 min readInformation Security4 min read
Apr 10Watch Wolf weaponizes SEO against accountantsDelivering attacks through emails is so last century, or at least so seem to think the Watch Wolf group hackers who switched to spreading their malware through SEO poisoning. We discovered that they deliver the Buhtrap trojan through fake websites posing as legitimate resources for accountants. Context ads help to…Information Security5 min readInformation Security5 min read
Mar 22BI.ZONE detects destructive attacks by the Key Wolf groupA new threat has been uncovered. The Key Wolf hacker group is bombarding Russian users with file-encrypting ransomware. Interestingly enough, the attackers do not demand any ransom. Nor do they provide any options to decrypt the affected files. Our experts were the first to detect the proliferation of the new…Threat Intelligence5 min readThreat Intelligence5 min read
Mar 21, 2022Masscan with HTTPS supportBy Konstantin Molodyakov Masscan is a fast network scanner that is good for scanning a large range of IP addresses and ports. We’ve adapted it to our needs by giving it a little tweak. The biggest inconvenience in the original version was the inability to collect banners from HTTPS servers…Masscan10 min readMasscan10 min read
Feb 21, 2022Vulnerabilities in J-Link licensing system, or Why researching device security mattersUnlike software vulnerabilities, hardware security flaws are not always possible to fix. However, this is no reason to be frustrated! The security of IoT, phones, tablets, control units, etc. still needs to be researched. …11 min read11 min read
Dec 14, 2021Our New Log4j Scanner to Combat Log4ShellLog4Shell is a critical vulnerability in the Log4j logging library, which is used by many Java web applications. In protecting against the exploit of Log4Shell, you need to know what applications are vulnerable to this attack, which is a rather difficult task. To make things easier, we have developed a…Vulnerability2 min readVulnerability2 min read