Search

In early March 2019, ASERT Researchers uncovered a credential harvesting campaign targeting mostly South Asian governments. The actors behind this campaign we call LUCKY ELEPHANT use doppelganger webpages to mimic legitimate entities such as foreign governments, telecommunications, and military.

NETSCOUT Threat Intellgience Report - Security Findings from Second Half 2018. Special Report powered by ATLAS.

Internet of Things (IoT) botnets commonly propagate by exploiting vulnerabilities in IoT devices. Telemetry from our IoT honeypots show the number of exploit attempts originating from bots continues to increase.

Attackers have recently begun launching CoAP reflection/amplification DDoS attacks, a protocol primarily used today by mobile phones in China, but expected to grow with the explosion of Internet of Things (IoT) devices.

In May of last year, ASERT Researchers reported on LoJax, a double-agent leveraging legitimate software to phone home to malicious command and control (C2) servers. Since the publication of our research, we’ve monitored a number of new malware samples.

First discovered in May of 2018, Danabot is a Delphi written banking trojan that has been under active development throughout the year.

Internet of Things (IoT) botnet authors are adapting to a shift in more secure IoT devices, which has diverted attacker’s focus to exploiting vulnerabilities in IoT devices, either to supplement brute-forcing factory default passwords or completely supplant it.

ASERT has learned of an APT campaign, possibly originating from DPRK, we are calling STOLEN PENCIL that is targeting academic institutions since at least May 2018.

Botmasters have taken the lessons from developing Internet of Things (IoT) malware and shifted their focus to targeting commodity Linux servers.

Brute-forcing factory default usernames and passwords remains a winning strategy for Internet of Things (IOT) botnet propagation.

ASERT recently came across spear-phishing emails targeting the Office of the First Deputy Prime Minister of Bahrain.

Executive Summary Cobalt Group (aka TEMP.Metastrike), active since at least late 2016, have been suspected in attacks across dozens of countries. The group primarily targets...

Arbor ASERT has uncovered a new class of SSDP abuse where naïve devices will respond to SSDP reflection/amplification attacks with a non-standard port. The resulting flood of UDP...

Key Findings ASERT researchers discovered Kardon Loader being advertised on underground forums. Kardon Loader features functionality allowing customers to open their own botshop...

Executive Summary Mirai, seen as revolutionary for malware that targets the Internet of Things (IoT), has wrought destruction around the globe and popularized IoT based malware...

Written by Roland Dobbins, ASERT Principal Engineer and Matt Bing, ASERT Security Analyst. In this article: SSDP Diffraction Attacks aren’t new; they’ve been observed in the wild...

Executive Summary ASERT recently discovered Lojack agents containing malicious C2s. These hijacked agents pointed to suspected Fancy Bear (a.k.a. APT28, Pawn Storm) domains. The...

Overview ASERT recently identified a campaign targeting commercial manufacturing in the US and potentially Europe in late 2017. The threat actors used phishing and downloader(s) to...