Chinese APT Targets Victims with Social Engineering and ShimRat Malware

"Mofang ("to intimidate" in Chinese) is the name of a newly discovered
cyber-espionage group that targeted various countries around the globe
since February 2012, when the group's main malware, called ShimRat, was
found by security firm Fox-IT.

While t

Rabu, 22 Jun 2016
Bears in the Midst: Intrusion into the Democratic National Committee

CrowdStrike Services Inc., our Incident Response group, was called by
the Democratic National Committee (DNC), the formal governing body for
the US Democratic Party, to respond to a suspected breach. We deployed
our IR team and technology and immediately identified two sophistic

Rabu, 22 Jun 2016
Fighting a war without being at war

"Cyber-warfare is not replacing conventional warfare, but becoming an
integral part of the military toolbox to be used in hybrid-warfare, but
- so far, more for disruption than destruction, as Jarno Limnéll explains.

Cyber-warfare is a hot topic. The evolution of w

Rabu, 22 Jun 2016
Hacker who aided IS faces lengthy jail term

"A hacker who passed a list of American military personnel to the
so-called Islamic State group could face up to 25 years in jail.

Kosovan Ardit Ferizi pleaded guilty to charges of providing material
support to America's enemies, in a court hearing in Virginia.

Rabu, 22 Jun 2016
Indonesia, South Korea central bank websites hit by cyber attacks; no losses

"The central banks of Indonesia and South Korea have been hit by cyber
attacks on their public websites since activist hacking group Anonymous
pledged last month to target banks across the world, senior officials in
the two countries told Reuters.

In response to the

Rabu, 22 Jun 2016
Angler Exploit Kit Evading Emet

"We recently encountered some exploits from Angler Exploit Kit (EK) that
are completely evading Microsoft’s Enhanced Mitigation Experience
Toolkit (EMET). This is something we are seeing for the first time in
the wild, and we only observed it affecting systems running

Rabu, 15 Jun 2016
Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript

We have recently observed new campaigns of Locky and have described
them below.

XOR obfuscation

Locky arrives through a spam email attachment that evades antispam
filters and attempts to trick users via social engineering into opening
the attachment. In general p

Rabu, 15 Jun 2016
On-Demand Polymorphic Code in Ransomware

"Virlock is a ransomware that has metamorphic algorithm, as discussed in
the blog post cited above. It also has what I have coined as an
on-demand polymorphic algorithm.

Similar to a regular polymorphic malware using a key, it decrypts the
malware code into t

Rabu, 15 Jun 2016
Ransomware Leaves Server Credentials in its Code

While SNSLocker isn’t a stand-out crypto-ransomware in terms of routine
or interface, its coarse and bland façade hid quite a surprise. After
looking closer at its code, we discovered that this ransomware contains
the credentials for the access of its own server.

Rabu, 15 Jun 2016
Key player in Silk Road successor site gets eight years in U.S. prison

"A Washington state man was sentenced on Friday to eight years in prison
for his role in helping the management of the successor website to Silk
Road, an online black market where illegal drugs and other goods were sold.

Brian Farrell, who prosecutors say was a staff memb

Selasa, 14 Jun 2016
Disclaimer | Copyright © 2013 - Id-SIRTII/CC
Id-SIRTII/CC - Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center
Menara Ravindo Lt. 17, Jl. Kebon Sirih No. 75 Jakarta Pusat, 10340, Indonesia
Member of: