Mastodawn

Jonathan D. Abolins Jan 24, 2023

«#Gamaredon (Ab)uses #Telegram to Target Ukrainian Organizations» #RussianMalware #MalwareObsfuscation #Malware Analysis #IOCs

https://blogs.blackberry.com/en/2023/01/gamaredon-abuses-telegram-to-target-ukrainian-organizations

Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations

The Gamaredon Group has been actively targeting the Ukrainian government lately, relying on the infrastructure of the popular messaging service Telegram to bypass traditional network traffic detection techniques without raising obvious flags. This new report from BlackBerry provides an analysis.

BlackBerry

Jonathan D. Abolins Jan 4, 2023

Palo Alto Networks Unit 42 - «Navigating the Vast Ocean of #SandboxEvasions» Good overview of #Malware evasion techniques in #VM #MalwareAnalysis environments. #CTI #CyberThreatAnalysis

https://unit42.paloaltonetworks.com/sandbox-evasion-memory-detection/

Navigating the Vast Ocean of Sandbox Evasions

After creating a bespoke sandbox environment, we discuss techniques used to target malware evasions with memory detection and more.

Unit 42

Jonathan D. Abolins Dec 28, 2022

#GuLoader implements new evasion techniques. Checks to see if it’s running in a VM. Article from @securityaffairs https://securityaffairs.com/140028/cyber-crime/guloader-evasion-techniques.html

Show thread

Jonathan D. Abolins Dec 5, 2022

Also https://www.fayobserver.com/story/news/crime/2022/12/04/moore-county-power-outage-investigated-as-vandalism/69699328007/

'Intentional, willful and malicious': 40K without power after substation attacks in Moore County

The Sheriff's Office says they haven't found a connection between protests over a drag show and the attacks on the power substations.

The Fayetteville Observer

Jonathan D. Abolins Dec 5, 2022

«Emergency Declared and Curfew Ordered Following Moore Power Grid Attack» | News | thepilot.com #NorthCarolina #Infrastructure #ElectricalTransmission #Sabotage #Electricity #US #InfrastructureSecurity #Security

https://www.thepilot.com/news/emergency-declared-and-curfew-ordered-following-moore-power-grid-attack/article_b3b19780-7370-11ed-865d-c78d0de5d921.html

Emergency Declared and Curfew Ordered Following Moore Power Grid Attack

Much of Moore County — more than 40,000 homes and businesses — remain without power following an attack to electrical substations. Authorities have confirmed that at least two substations were

The Pilot Newspaper

Jonathan D. Abolins Dec 4, 2022

«Preparing for a Russian #cyber offensive against #Ukraine this winter» - Microsoft, Clint Watts. #Cybersecurity #Ukraine #RussianCyber #кибервойна #Infrastructure #Ransomware https://blogs.microsoft.com/on-the-issues/2022/12/03/preparing-russian-cyber-offensive-ukraine/

Preparing for a Russian cyber offensive against Ukraine this winter - Microsoft On the Issues

As we report more fully below, in the wake of Russian battlefield losses to Ukraine this fall, Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support, domestic and foreign. This approach has included destructive missile and cyber strikes on civilian infrastructure in Ukraine, cyberattacks on Ukrainian...

Microsoft On the Issues

Jonathan D. Abolins Nov 30, 2022

«RansomBoggs: New #ransomware targeting #Ukraine» - #Eset Resemblance to #Sandworm #APT #CTI https://www.welivesecurity.com/2022/11/28/ransomboggs-new-ransomware-ukraine/

RansomBoggs: New ransomware targeting Ukraine | WeLiveSecurity

ESET researchers spot a new ransomware campaign that targets multiple Ukrainian organizations and has Sandworm's fingerprints all over it.

WeLiveSecurity

Other Mastodon	[email protected]
Twitter	@jabolns
Languages (varying fluencies)	English, Latvian, German, Hebrew, Bisl Yiddish, Russian, Ukrainian, a bit of Arabic.