Author: Threat Research Team

About: Threat Research Team

Bio: BluVector’s Threat Report is written by BluVector’s expert security team, tasked with identifying the latest cybersecurity threats in the wild and when our solution would protect customers from those threats. Read more Threat Reports here.

Posts by Threat Research:

BitPaymer Ransomware Freezes the PGA and an Alaskan Town
Posted on: August 13, 2018

What Is It? While some cybersecurity pundits claim the demise of ransomware, their prognostications were at best a premature conclusion. In recent weeks, variants of BitPaymer ransomware have infected systems at the Professional Golfers Association of America (PGA) and the local government offices of Matanuska-Susitna, a municipal borough of greater Anchorage. BitPaymer, first identified in… Read more »

Windows Malware in Android Apps Highlights the Importance of Development Security
Posted on: August 07, 2018

What Is It? A recently released report from Palo Alto Networks’ Unit 42 research group described an interesting discovery. They found 145 Android apps on the Google Play Store infected with Windows executable malware. After they were reported to the Google security team, all that infected applications have since been removed from Google Play. The interesting… Read more »

New AZORult Malware Delivers Twice The Pain
Posted on: August 02, 2018

What Is It? Originally discovered by researchers from Proofpoint in mid-2016, AZORult malware is an information stealer and downloader. Recently the authors released a major update that was observed being used in a large malicious spam campaign within 24 hours of the updated version becoming available. The documentation for the new version of AZORult (v3.2)… Read more »

APT28’s Operation Roman Holiday Attack Targets Italy’s Navy
Posted on: July 24, 2018

What Is It? The Russian Advanced Persistent Threat (APT) group, known variously as APT28, Sofacy and Fancy Bear and active since 2007 or earlier, has been linked to various cyber espionage activities against government and public sector organizations, including the breach of the Democratic National Committee (DNC) during the 2016 U.S. presidential election cycle. Most… Read more »

Magniber Ransomware Expands Asian Language Support
Posted on: July 18, 2018

What Is It? The original version of Magniber would only install itself on the systems of South Korean users, deleting itself in all other cases, however this fact should not be used to assume where the attackers are located. The new version of Magniber ransomware expands the list of Asian languages on the devices that… Read more »

Gandcrab Ransomware Continues Agile Development With New 4.1 Version
Posted on: July 18, 2018

What Is It? Researchers have previously noted that the developers of Gandcrab ransomware appear to have adopted an agile development model as they’ve been releasing new versions that improve both the functionality and the underlying code. This trend appears to be continuing as security vendor Fortinet discovered version 4.1 of Gandcrab only two days after… Read more »

New GZipDe Malware Uses Metasploit
Posted on: June 25, 2018

What Is It? Researchers from AlienVault have published a report detailing a new piece of malware called GZipDe. They believe it may be part of a targeted cyber-espionage campaign with the final payload being a Metasploit backdoor. This attack is consistent with a growing trend by threat actors of utilizing standard tools, such as Metasploit,… Read more »

Zacinlo Adware Uses a Rootkit
Posted on: June 19, 2018

What Is It? Romanian-based anti-virus company Bitdefender has recently released a highly detailed report about a piece of malicious adware it has named Zacinlo (which may be a misnomer, as it translates from Slovenian as “temporary”). Though believed to have been originally released in 2012, the rootkit component that the adware’s authors have added in… Read more »

Satan Ransomware Rebrands as DBGer
Posted on: June 15, 2018

What Is It? Satan ransomware was first discovered by a French security researcher in January 2017, initially offered via Ransomware as a Service (RaaS). This allowed malicious actors to register, create a unique variant of Satan and distribute the malware as they saw fit. The RaaS handled the ransom payments and development of the malware… Read more »

Lazarus Group Uses KillDisk as a Distraction for SWIFT Attacks
Posted on: June 12, 2018

What Is It? The activities of the Lazarus Group, also known as Hidden Cobra, have been the subject of a previous Threat Report relating to its use of destructive malware. Recent reports regarding attacks on banks in Mexico and Chile describe Lazarus as continuing to use destructive malware as part of their threats. On May… Read more »