BlackCat / ALPHV is known for high-profile attacks like those conducted against the italian luxury brand Moncler, the aviation company Swissport and more recently against GSE (Gestore Servizi Energetici SpA). The ransomware payload includes a lot of advanced features and is able to support a wide range of offensive operations and to impact different environment . It’s command-line driven Continue Reading
Reverse and Hunt: Between the jumps of ArguePatch
ARGUEPATCH is a patched version of a legitimate component of the Hex-Rays IDA Pro software. In detail it’s the remote IDA debugger server named win32_remote.exe and it’s basically designed to act as a loader by reading and decrypting an encrypted payload written to disk (CaddyWiper). It has been used against Ukrainian targets in destructive attacks and it’s believed to Continue Reading
Industroyer2: The ICS-capable malware re-emerges in order to cause critical services disruption
A few days ago a new variant of an ICS-capable malware known as Industroyer has been employed during a cyber-attack conducted against industrial control systems (ICS) responsible for the management and control of power plants subsystems in Ukraine. This new version has been named Industroyer2 and represents the evolution of a malware family already observed in December 2016 working Continue Reading