APT Group Gamaredon Intensifies Cyber Offensive in Ukraine (Part 1)
setembro 28, 2022
Overview Beginning in the second quarter of this year, NSFOCUS Security Labs discovered that the APT group Gamaredon began frequently using a number of different types of attacks to conduct cyberattacks against military and police targets in Ukraine’s Kherson, Donetsk and other regions. In this attack cycle, Gamaredon mainly used attack tools such as malicious […]
APT Group Evilnum Launched a New Round of Cyberattacks on Online Transactions
setembro 26, 2022
Overview NSFOCUS Security Labs detected a string of related phishing attacks recently. The analysis confirmed that these activities were staged by the APT group Evilnum and they were a continuation of the group’s recent operation DarkCasino. This round of cyberattacks occurred in late July and lasted until early August. Evilnum attackers maintained consistent attack methodology […]
Description of the Server Name Indication Feature on NSFOCUS WAF
setembro 22, 2022
The early SSLv2 was designed based on the classic public key infrastructure. By default, a server or an IP address could provide only one service so that the server could know which certificate to serve during the SSL handshake. The widespread use of virtual hosts leads to the situation where multiple domain names are mapped […]
Mind the Sec 2022
setembro 22, 2022
The 8th edition of Mind The Sec was held from September 20 to 22, 2022 at the Transamerica Expo, in São Paulo. it is one of the largest and most qualified corporate events of information security and cyber security in Latin America. Mind The Sec presents three tracks of content, covering from management to technical […]
Security Knowledge Graph | Application in Integration of Functional Safety with Information Security in Industrial Control Systems
setembro 22, 2022
The security knowledge graph, a knowledge graph specific to the security domain, is the key to realizing cognitive intelligence in cyber security, and it also lays an indispensable technological foundation for dealing with advanced, continuous and complex threats and risks in cyberspace. NSFOCUS published a series of articles about the application of the security knowledge […]
Operation DarkCasino: In-Depth Analysis of Attacks by APT Group Evilnum (Part 2)
setembro 20, 2022
Operation DarkCasino: In-Depth Analysis of Attacks by APT Group Evilnum (Part 1) Components Evilnum mainly used a new customized trojan in this operation. NSFOCUS Security Labs named it DarkMe based on the particular string in the trojan program. NSFOCUS Security Labs also discovered another new trojan program that had a close connection to this operation […]
Operation DarkCasino: In-Depth Analysis of Attacks by APT Group Evilnum (Part 1)
setembro 19, 2022
Overview Recently, NSFOCUS Security Labs observed a series of phishing activities against European countries. Those activities mainly targeted online gambling platforms as well as active online trading behaviors, aiming to steal transaction credentials of service providers and customers for illegal profits. The in-depth analysis revealed that it was a continuation of recent attacks staged by […]
NSFOCUS Case Study on Protection Against Carpet-Bombing Attacks
setembro 16, 2022
Introduction According to the H1 2022 NSFOCUS Global DDoS Attack Landscape report released on 6 Sept 2022, DDoS attacks made a surprising 205% increase compared with the first half of 2021. When it comes to the carpet-bombing attacks prevalent in recent years, more than 100,000 IP addresses on hundreds of network segments were hit by […]
Configuring Collaboration Between NTA and ADS
setembro 15, 2022
This document describes how to configure collaboration between ADS and NTA. NTA offers network monitoring and DDoS attack detection. If a DDoS attack is detected, NTA starts collaboration with ADS according to pre-defined rules to notify ADS. Then ADS starts the traffic diversion mechanism to divert suspicious traffic from the router or switch to ADS. […]
Viewing BGP Status of ADS and Troubleshooting
setembro 14, 2022
Viewing the BGP neighbor status of ADS Choose Diversion & Injection > Diversion Route > BGP Route. In the Route Daemon list, click the Neighbor Status button in the Operation column to view the status of a specified BGP route, as shown in the screenshot below. The displayed page shows the information of BGP neighbors. […]
