Apr 10Watch Wolf weaponizes SEO against accountantsDelivering attacks through emails is so last century, or at least so seem to think the Watch Wolf group hackers who switched to spreading their malware through SEO poisoning. We discovered that they deliver the Buhtrap trojan through fake websites posing as legitimate resources for accountants. …Information Security5 min readInformation Security5 min read
Mar 22BI.ZONE detects destructive attacks by the Key Wolf groupA new threat has been uncovered. The Key Wolf hacker group is bombarding Russian users with file-encrypting ransomware. Interestingly enough, the attackers do not demand any ransom. Nor do they provide any options to decrypt the affected files. Our experts were the first to detect the proliferation of the new…Threat Intelligence5 min readThreat Intelligence5 min read
Mar 21, 2022Masscan with HTTPS supportBy Konstantin Molodyakov Masscan is a fast network scanner that is good for scanning a large range of IP addresses and ports. We’ve adapted it to our needs by giving it a little tweak. The biggest inconvenience in the original version was the inability to collect banners from HTTPS servers…Masscan10 min readMasscan10 min read
Feb 21, 2022Vulnerabilities in J-Link licensing system, or Why researching device security mattersUnlike software vulnerabilities, hardware security flaws are not always possible to fix. However, this is no reason to be frustrated! The security of IoT, phones, tablets, control units, etc. still needs to be researched. …11 min read11 min read
Dec 14, 2021Our New Log4j Scanner to Combat Log4ShellLog4Shell is a critical vulnerability in the Log4j logging library, which is used by many Java web applications. In protecting against the exploit of Log4Shell, you need to know what applications are vulnerable to this attack, which is a rather difficult task. …Vulnerability2 min readVulnerability2 min read
Oct 12, 2021A tale of Business Email CompromiseWe are seeing a surge in Business Email Compromise (BEC) attacks. BEC attacks are not new or uncommon, but this wave has caught our attention because of its scale. Many affected companies have been contacting us since June, and all the attacks share several key patterns. This article explains how…Cybersecurity9 min readCybersecurity9 min read
Jun 16, 2021Hunting Down MS Exchange Attacks. Part 2 (CVE-2020–0688, CVE-2020–16875, CVE-2021–24085)The article written by Anton Medvedev, reviewed by Vadim Khrykov Our previous article focused on the different techniques used to detect ProxyLogon exploitation. This time we will talk about the techniques used to detect other notorious MS Exchange Server vulnerabilities, namely CVE-2020–0688, CVE-2020–16875 and CVE-2021–24085. Although these vulnerabilities are not…Exchange10 min readExchange10 min read
Jun 8, 2021Measured Boot and Malware Signatures: exploring two vulnerabilities found in the Windows loaderBy Maxim Suhanov, 2021 Introduction to Boot Security There are two major concepts for boot security: verified boot and measured boot. The verified boot process ensures that components not digitally signed by a trusted party are not executed during the boot. This process is implemented as Secure Boot, a feature that blocks unsigned, not…Boot Security26 min readBoot Security26 min read
May 13, 2021From pentest to APT attack: cybercriminal group FIN7 disguises its malware as an ethical hacker’s toolkitThe article was prepared by BI.ZONE Cyber Threats Research Team This is not the first time we have come across a cybercriminal group that pretends to be a legitimate organisation and disguises its malware as a security analysis tool. …Cybersecurity17 min readCybersecurity17 min read
Apr 15, 2021Hunting Down MS Exchange Attacks. Part 1. ProxyLogon (CVE-2021–26855, 26858, 27065, 26857)By Anton Medvedev, Demyan Sokolin, Vadim Khrykov Microsoft Exchange is one of the most common mail servers used by hundreds of thousands of companies around the world. Its popularity and accessibility from the Internet make it an attractive target for attackers. Since the end of 2020, we have recorded a…Exchange14 min readExchange14 min read