We are looking for a strategic threat intel analyst to join ESET Research. Interested in cyber-espionage and geopolitics? Apply! ca.linkedin.com/jobs/view/anal…

.Volexity shares #threatintel on how #StormBamboo compromised an ISP to conduct DNS poisoning attacks on targeted organizations & abuse insecure HTTP software updates, delivering custom malware on both macOS + Windows. Read the full analysis: volexity.com/blog/2024/08/0… #dfir

#ESETresearch has analyzed a single-click exploit for WPS Office for Windows being used in the wild by threat actor #APT-C-60. Analysis of the vendor’s silently released patch led to the discovery of another #vulnerability. 1/8 welivesecurity.com/en/eset-resear…

#ESETresearch dives into #CosmicBeetle’s activities over the last year, including its shift to custom ransomware deployment and the threat actor’s curious relationship with #LockBit and #RansomHub Jakub Souček welivesecurity.com/en/eset-resear… 1/7

By analyzing thousands of samples, #ESETresearch has conducted a comprehensive technical analysis of the toolset the 🇷🇺Russia-aligned #Gamaredon #APTgroup used in 2022 and 2023 to spy on Ukraine🇺🇦 . welivesecurity.com/en/eset-resear… 1/9

Since mid-2023, the Sekoia #TDR team has investigated an infrastructure which controls compromised edge devices transformed into Operational Relay Boxes (#ORBs) used to support operations of multiple 🇨🇳 intrusion sets. Check out the full report ⤵️ blog.sekoia.io/bulbature-bene…

#ESETresearch has discovered a new China-aligned APT group, which we named #CeranaKeeper, conducting massive data exfiltration in Southeast Asia. Today, we are sharing our findings about CeranaKeeper at the Virus Bulletin #VB2024 conference in Dublin. welivesecurity.com/en/eset-resear… 1/6

The winner of the 2024 Péter Szőr Award for the best technical security research is #ESETresearch and Marc-Etienne M.Léveillé for "Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain". More: welivesecurity.com/en/eset-resear… #VB2024

#ESETresearch investigated two previously undocumented toolsets used by the #GoldenJackal APT group, both of which target air-gapped systems. welivesecurity.com/en/eset-resear… 1/6

#ESETresearch analyzed new Rust-based tools, MDeployer and MS4Killer, used for deploying #Embargo ransomware and discovered when investigating attacks targeting US companies in July 2024. welivesecurity.com/en/eset-resear… 1/6

#ESETresearch analyzed CloudScout, a previously undocumented toolset used by Evasive Panda against a government entity and a religious institution in Taiwan. Deployed by #MgBot, it steals browser cookies to access and retrieve data from cloud services. welivesecurity.com/en/eset-resear… 1/4

After #OperationMagnus, the takedown of #RedLine Stealer and #META Stealer, #ESETresearch is publicly releasing our and Flare’s Flare 2023 research into RedLine's backend, along with recent discoveries made based on data shared with us by the Dutch National Police:

.Volexity has published a blog post detailing variants of LIGHTSPY & DEEPDATA malware discovered in the summer of 2024, including exploitation of a vulnerability in FortiClient to extract credentials from memory. Read more here: volexity.com/blog/2024/11/1… #dfir #threatintel

#ESET research has identified #Linux malware samples, one of which we named #WolfsBane and attribute with high confidence to #Gelsemium. This 🇨🇳 China-aligned APT group , active since 2014, has not previously been publicly reported to use Linux malware. welivesecurity.com/en/eset-resear…

#ESETresearch discovered an #exploit targeting Firefox and Windows zero days, used in the wild by Russia-aligned #RomCom. Browsing a specially crafted web page runs arbitrary code with the privileges of the user, compromising the PC. 🏴‍☠️ & R.Dumont welivesecurity.com/en/eset-resear… 1/7

#ESETresearch reveals the first Linux UEFI bootkit, Bootkitty. It disables kernel signature verification and preloads two ELFs unknown during our analysis. Also discovered, a possibly related unsigned LKM – both were uploaded to VT early this month. welivesecurity.com/en/eset-resear… 1/5

Based on our findings and those reported by governments and other security vendors, Microsoft Threat Intelligence assesses the Russian nation-state actor we track as Secret Blizzard has used the tools and infrastructure of at least 6 other threat actors during the past 7 years.

#ESETResearch is hiring a senior malware researcher for our 🇨🇦office. If you’d like to track some of the most impactful APTs/cybercrime campaigns, don’t wait and apply here 👇 jobs.eset.com/int/job-offer/… 1/3

#ESETresearch discovered and reported to CERT/CC a vulnerability that allows bypassing UEFI Secure Boot on most UEFI-based systems. This vulnerability, #CVE-2024-7344, was found in a UEFI app signed by Microsoft’s 3rd-party UEFI certificate. Martin Smolar welivesecurity.com/en/eset-resear… 1/4