Overview On August 2, 2017, ANTIY discovered a new DDoS trojan and dubbed it Moyou. After obtaining the related sample, NSFOCUS conducted a detailed analysis of the trojan. Sample Analysis The following figure shows the detection result of NSFOCUS Threat Analysis Center (TAC). The sample obtains the C&C server address (www.linux288.com) by reading data from […]

Overview This year a significant amount of security events such as WannaCry, Petya, and NotPetya occurred adversely affecting a wide variety of social and economic activities. To mitigate threats brought by such events IT and security teams have spared no effort in combating against such attacks for the security and protection of their organizations. It […]

AliCloud offers first ICSA and Veracode certified Web Application Firewall powered by NSFOCUS to secure more than 2 million customers SINGAPORE, August 22, 2017 – NSFOCUS, the leader in holistic hybrid security solutions, is now offering its comprehensive Web Application Security solution on Alibaba Cloud (AliCloud) to ensure enterprises are equipped with the most comprehensive […]

This July a remote access trojan (RAT) KONNI was discovered to be involved in a cyberattack targeting North Korea, which was presumably linked to South Korea. This RAT spreads mainly through phishing emails. Specifically, the attacker first tries to have a powershell script executed via an .scr file, and then downloads the malware of an […]

Overview This week WikiLeaks published a document outlining another leaked hacking tool developed by the CIA (Central Intelligence Agency). The exploit titled ‘Dumbo’ possesses the capability of remotely managing and altering video and audio recordings on Windows XP systems.  At the moment, the malware is only able to successfully run on 32-bit Windows XP, Vista, […]

Overview APT28 is a recognized state-sponsored threat actor operating out of Russia. Nefarious efforts and known exploits conducted by ATP28 (Advanced Persistent Threat) have been tracked as early as 2007 by various cyber-security experts in the field. The following information will outline the worldwide cyber warfare attacks that have been linked to APT28 throughout their […]

Overview The Blackmoon Bank Trojan that was originally identified in 2016 has since re-surfaced. Recently, more than 150,000 bank accounts were compromised in South Korea and the Blackmoon Trojan has been identified as the culprit. A new 2017 version has hit the financial industry and employs a new framework model primarily targeting the online banking […]

By: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS On May 15th, the NHS (UK’s National Health Service) suffered its single worst disruption to service in the history of the organisation. The disruption was due to a type of malicious software, known as ransomware, with the purpose of attempting to extort money from victims by encrypting their […]

By: Stephen Gates, Chief Research Intelligence Analyst, NSFOCUS It’s no secret that DDoS attacks are on the rise. Statistic-after-statistic, report-after-report, all say the same thing about DDoS. However, who are the companies that have perfected the technology, tactics, techniques, and procedures used in front-lines to defeat DDoS attacks every day? NSFOCUS is one such company that […]

Author: Cody Mercer – Senior Threat Intelligence Researcher Executive Overview A new mobile banking Trojan titled ‘Swearing Trojan’ has been discovered by Tencent Security and Checkpoint researchers. The odd name of the malware is in part attributed to the various Chinese swear words sparsely distributed in the source code. The primary attributes associated with the […]