“Hey ESET, Wait for the Leak”: Dissecting the “OctoberSeventh” Wiper targeting ESET customers in Israel

On October 2024, attackers targeted Israeli organizations by exploiting a trusted source: ESET’s local partner, Comsecure. Apparently they compromised Comsecure’s infrastructure and used it to send phishing emails disguised as official communications from ESET. These emails contained a malicious download link purported to be a legitimate tool but actually housed Continue Reading

Ransomware Report: Unveiling Trends in Attack Payouts and Negotiations

Ransomware attacks represent a significant cybersecurity threat, affecting various sectors and individuals. This study examines a comprehensive dataset of ransomware payments and chat logs to better understand the strategies and patterns of attackers. The analysis focuses on major ransomware groups, including LockBit, Hive, BlackMatter, and Conti, covering 200 incidents from Continue Reading

Malware’s Shared Secrets: Code Similarity Insights for Ransomware Gangs Activities Tracking

On July 1, 2024, the cyber security vendor Halcyon, Inc., identified a novel ransomware strain they named LukaLocker (ref. here). In the article researchers from Halcyon reported a new ransomware operator, dubbed Volcano Demon, specialized in attacks using the LukaLocker encryptor. According to the source, the threat actor targets both Continue Reading

Unveiling Obfuscated Batch Scripts: From UTF-8 to UTF-16 BOM Conversion

This morning I observed an Internet Shortcut file (sha256:0817cd8b0118e2f023342ad016ef443fd4c2e4657a373f9023807a231d16b0fa – Fattura Elettronica 11817929720.url) designed to compromise an Italian organization, containing these instructions: The .lnk file in its turn showed the following commands: This instructions are designed to perform two main actions: it moves a file and then starts it. First, Continue Reading