Filter news by
March 29, 2023
SwiftSlicer: A simple yet dangerous data wiper
On January 25, 2023, ESET Research found a new data wiper in the network of Ukrinform, Ukraine’s national news agency. Later, the Computer Emergency Response Team of Ukraine (CERT-UA) added that as of January 27, five additional, different malware samples were spotted in the network.
March 06, 2023
IcedID (BokBot): From banking trojan to backdoor
IcedID, also known as BokBot, was initially a banking trojan when it was discovered in 2017. Now it is mostly used as an initial access broker for other malware. This malware typically uses malicious email attachments to infect victims' machines. It has been known to use various types of attachments — such as archives, Word and Excel files — but the latest attacks used OneNote files.
February 13, 2023
CaddyWiper makes Windows machines unusable
CaddyWiper is an example of data-wiping malware, whose purpose is to corrupt the operating system and leave the targeted device unusable. It was first spotted in Ukraine in mid-March 2022 by the ESET research team.
February 06, 2023
DoubleZero: A data wiper deployed against Ukraine
The DoubleZero wiper — so named for its tactic of zeroing files — was first discovered on March 17, 2022 by CERT-UA (the Computer Emergency Response Team of Ukraine). The malware was designed in order to wipe out system files, non-system files and entire registry branches, and was spread by spear phishing emails with an attached ZIP that contains the malware file.
October 10, 2022
Data stolen from organization serving U.S. defense in multi-payload attack
A custom CovalentStealer malware, the Impacket framework, the HyperBro remote access trojan (RAT), and over a dozen China Chopper webshell samples were used by attackers to steal sensitive data from a U.S. organization in the Defense Industrial Base (DIB) sector.
October 10, 2022
Phishing campaign uses fake government job offers as lure
Researchers discovered a new phishing campaign targeting U.S. and New Zealand job seekers. Victims receive emails supposedly presenting them with a lucrative job offer, but which actually contain malicious files.