Silence of the Moles
Kaspersky Labs published a technical analysis of a new malware, Silence that is aimed at attacking financial institutions. After uploading the loader of this malware to Intezer Analyze™, we have found a possible connection through code reuse to the loader of another campaign of malware, Mole previously discovered by Unit 42 of Palo Alto Networks. This […]
Intezer Uncovers Connection Between CCleaner Hack & Chinese Hackers: Aurora Operation
Since my last post, we have found new evidence in the next stage payloads of the CCleaner supply chain attack that provide a stronger link between this attack and the Axiom group. First of all, our research team would like to thank the entire team at Cisco Talos for their excellent work on this attack […]
NotPetya Returns as Bad Rabbit
Large scale cyber attacks seem to be happening once a month these days. Originally discovered by ESET (https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/), Ukrainian and Russian organizations have been hit with the latest ransomware attack named Bad Rabbit. At the time of writing this post, the ransomware has believed to have originated from compromised webpages with a fake popup for […]
Cyber Threat Diversion: Managing the False Positive Madness
Security teams have a lot of noise to deal with in their day-to-day jobs. Every organization is managing thousands of alerts each month — and that’s in an ideal scenario. Some are dealing with this volume on a daily basis, making it nearly impossible to stay ahead of possible threats. Each alert has the potential […]
False Positive Madness: Reducing the Burden of Time-Wasting Alerts
Security teams have a lot of noise and false positives to deal with in their day-to-day jobs. Every organization is managing thousands of alerts each month — and that’s in an ideal scenario, with cybersecurity monitoring and detection systems picking up anything potentially suspicious. Some organizations are dealing with this volume on a daily basis, […]
Meet the Founders: Alon Cohen
Serial entrepreneur Alon Cohen co-founded and grew one of the world’s first cyber security startups, CyberArk, which eventually became a ‘unicorn’. Now, he serves as co-founder and chairman of the board of Intezer—and his perspective on leadership hasn’t changed. “There’s no doubt that my long and exciting journey of 15 years building CyberArk with my […]
North Korea and Iran Use CodeProject to Develop Their Malware
Software developers and malware authors share a desire to work smart, not hard In the software development world, engineers frequently use ready-made code for various tasks, whether it involves copying a snippet from Stack Overflow, taking a library from Github, or reusing a company’s own rich, legacy code base. On the darker side of things, […]
Evidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers
Since my last post, we have found new evidence in the next stage payloads of the CCleaner supply chain attack that provide a stronger link between this attack and the Axiom group. First of all, our researchers would like to thank the entire team at Cisco Talos for their excellent work on this attack (their […]
Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner
Check out our follow up blog here: Evidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers Recently, there have been a few attacks with a supply chain infection, such as Shadowpad being implanted in many of Netsarang’s products, affecting millions of people. You may have the most up […]
Intezer Community Tip: How to Optimize ssdeep Comparisons with ElasticSearch
Why Standard Hash Functions Aren’t Helpful In Memory At Intezer, we specialize in analyzing code from memory to deal with injections, process hollowing, and other memory attacks. When doing so, we extract different memory items that need to be investigated. As code is loaded to memory from a file, it differs somewhat from its original […]