Recently, NSFOCUS Security Labs captured a fishing document with the theme "ПÐРТÐЕРИ КУЛЬТУРÐОЇ ДИПЛОМÐТІЇ МЗС УКРÐЇÐИ" (Cultural Diplomatic Partner of the Ukrainian Ministry of Foreign Affairs), and confirmed that the producer of the document was Gamaredon, a Russia-based advanced persistent threat group. The phishing document contains highly credible bait content, and...
Tag: APT
APT Retrospection: Lorec53, An Active Russian Hack Group Launched Phishing Attacks Against Georgian Government
Summary In July 2021, several phishing documents created in Georgian were discovered by NSFOCUS Security Labs. In these phishing documents, the attackers used current political hotspots in Georgia to create bait and deliver a secret stealing Trojan to specifically targeted victims aiming to steal various documents from their computers. Correlation...
Overseas APT Organization Exploits Vulnerabilities to Breach Sangfor SSL VPNs and Deliver Malicious Code Threat Alert
Overview On April 6, Sangfor released an advisory, announcing that an overseas APT organization illegally took control of some of their SSL VPN devices and sent malicious files to clients by exploiting a client upgrade vulnerability. NSFOCUS has kept a close eye on this issue and conducted overall analysis. We...
Analysis of Phishing Attacks Targeting Ukrainian Banks
Overview On August 17, 2017, the National Bank of Ukraine (NBU) warned financial institutions in the country about a potential cyberattack. The virus would exploit the CVE-2015-2545 vulnerability to cause remote code execution by sending emails with the code disguised as a Microsoft Word document. Subsequently, a cybersecurity institution found...
Modern DDoS attacks: When Moore’s law meets Darwin’s Theory of Evolution
Track: General Security Author: Dave Martin, Director of Product Marketing, NSFOCUS What would happen if you combined Moore’s law with Darwin’s Theory of Evolution and applied them to DDoS attacks? Unfortunately, modern DDoS attacks seem to embody this idea perfectly as both the frequency and complexity of these attacks have become...
