New today from Mandiant (part of Google Cloud) detailing a new class of cyber physical attack from Sandworm to disrupt Ukraine's grid

This attack departs from the group’s history of using OT-specific malware, instead opting for a harder to detect living off the land approach

mandiant.com/resources/blog…

This Thursday at #CYBERWARCON I'll give an update on Sandworm's cybersabotage and Gamaredon's espionage. Come say hi! ESET Research CYBERWARCON

#ESETResearch discovered a zero-day XSS vulnerability ( #CVE -2023-5631) in Roundcube Webmail servers. It is actively used in the wild by #WinterVivern to target governments and a think tank in Europe. The exploit was contained in a legitimate-looking email about Outlook. 1/4

#ESETresearch discovered a #cyberespionage campaign against a governmental entity in 🇬🇾 Guyana, which we named #Operation Jacana. To gain initial access, the attackers used #spearphishing emails referencing the political affairs of the country. welivesecurity.com/en/eset-resear… 1/4

#ESETresearch document two #OilRig cyberespionage campaigns targeting Israeli organizations in 2021 and 2022: Outer Space and Juicy Mix welivesecurity.com/en/eset-resear… Zuzana Hromcova 1/5

#ESETresearch ’s Filip Jurčacko and Zuzana Hromcova will be presenting at LABScon this week. Join them in Arizona to hear about #Deadglyph , a new, sophisticated backdoor active in the Middle East, and #OilRig ’s persistent attacks on Israeli healthcare & local governments. 1/2

#ESETresearch will present at Black Hat USA 2023. On August 10th, __mat__ will talk about #MoustachedBouncer : AitM-Powered Surveillance via Belarus ISPs 🇧🇾 #BHUSA #BlackHat Stay tuned!

#ESETResearch publishes new findings about #AsylumAmbuscade , a threat actor at the border between cybercrime and cyberespionage. welivesecurity.com/2023/06/08/asy… 1/4

ESET Research took a closer look at #AceCryptor , a massively prevalent cryptor-as-a-service using its multistage approach to protect tens of malware families from static and dynamic detection. In 2021–2022 alone, ESET telemetry documented its activity in over 80,000 cases. 1/10

#ESETResearch analyze first in-the-wild UEFI bootkit bypassing UEFI Secure Boot even on fully updated Windows 11 systems. Its functionality indicates it is the #BlackLotus UEFI bootkit, for sale on hacking forums since at least Oct 6, 2022. Martin Smolar welivesecurity.com/2023/03/01/bla… 1/11

Today, we mark the one year anniversary of Russia's unprovoked invasion of #Ukraine 🇺🇦. #ESETResearch has put together a timeline of the disruptive wiper attacks we have observed in Ukraine since the beginning of 2022, shortly before the war started. welivesecurity.com/2023/02/24/yea…

Ahead of the 1 year anniversary of the war in Ukraine, WIRED’s Andy Greenberg (@agreenberg at the other places) featured ESET researchers Anton Cherepanov & @Robert_lipovsky in a story highlighting the increasing threat of wiper malware & its devastating impact on critical infrastructure. bit.ly/3XRUjoO

#BREAKING On January 25th #ESETResearch discovered a new cyberattack in 🇺🇦 Ukraine. Attackers deployed a new wiper we named #SwiftSlicer using Active Directory Group Policy. The #SwiftSlicer wiper is written in Go programing language. We attribute this attack to #Sandworm . 1/3

#ESETesearch discovered Dolphin, a sophisticated backdoor extending the arsenal of the #ScarCruft APT group. Dolphin has a wide range of spying capabilities and is deployed on selected targets only.
welivesecurity.com/2022/11/30/who… 1/6

Today's newsletter is now available as a podcast, with an appearance today from ESET's Robert Lipovsky and the company's work on tracking Polonium APT campaigns in Israel

risky.biz/RBNEWS67/

#Emotet ’s operators were busy updating their systeminfo module, with changes that enable malware operators to improve the targeting of specific victims and distinguish tracking bots from real users. #ESETresearch 1/7

#ESETresearch reveals new findings about POLONIUM, an APT group that has targeted more than a dozen organizations in Israel 🇮🇱 since at least September 2021, using at least seven different custom backdoors.
welivesecurity.com/2022/10/11/pol…
1/6

#ESETresearch has discovered #Lazarus attacks against targets in 🇳🇱 and 🇧🇪, spreading via spearphishing emails and exploiting the CVE-2021-21551 vulnerability to disable the monitoring of all security solutions on compromised machines Peter Kálnai welivesecurity.com/2022/09/30/ama…

#ESETresearch is happy to be back at Virus Bulletin in person! Today, Robert Lipovsky presented research by Matias Porolli about #POLONIUM ’s new implants deployed against targets in Israel 🇮🇱 #VB2022 virusbulletin.com/conference/vb2… 1/2

In July, #ESETresearch reported on macOS spyware we dubbed CloudMensis. In the blogpost, we left the malware unattributed. However, further analysis showed similarities with a Windows malware called #RokRAT , a #ScarCruft tool. Marc-Etienne M.Léveillé, Peter Kálnai 1/9 x.com/esetresearch/s…