A high-stakes game of attribution started by a group claiming to have a cache of exploits belonging to the Equation Group took a somewhat definitive turn Tuesday afternoon. Researchers at Kaspersky Lab yesterday confirmed a connection between the tools currently up for auction by the ShadowBrokers and Equation Group exploits and malware that researchers at...

Researchers today identified a series of ongoing targeted attacks primarily designed to steal sensitive corporate financial data from industrial and engineering organizations in the Middle East. The group behind the campaign, nicknamed Operation Ghoul by researchers at Kaspersky Lab’s Global Research and Analysis Team, has carried out attacks against 130 organizations in 30 countries to date according to...

A state-sponsored APT platform on par with Equation, Flame and Duqu has been used since 2011 to spy on government agencies and other critical industries. Known as ProjectSauron, or Strider, the platform has all the earmarks of advanced attackers who covet stealth, and rely on a mix of zero-day exploits and refined coding to exfiltrate...

LAS VEGAS – Kaspersky Lab today at Black Hat USA 2016 announced the launch of a public bug bounty, one of the few offered by a software vendor in the computer security industry. The bounty begins tomorrow on the HackerOne platform, and the first phase will run for six months. The company said that during...

Amid the connections being made between the Russian government and the attack on the Democratic National Committee (DNC), researchers on Tuesday reminded us of the challenges security experts have in correctly attributing advanced attacks. In a wide-ranging Reddit AMA, members of Kaspersky Lab’s Global Research and Analysis Team shared some insight into their day-to-day investigations...

The xDedic market has resurfaced, this time on a Tor network domain and with the inclusion of a new $50 USD enrollment fee. XDedic’s original domain (xdedic[.]biz) disappeared shortly after a June 16 Kaspersky Lab report describing how xDedic provided a platform for the sale of compromised RDP servers. At the time of the report, there...

We live in an increasingly connected world, but even in an age when DDoS attacks can take entire airlines offline, many critically sensitive industrial control systems (ICS) are still connected to the internet. A pair of reports released today by Kaspersky Lab reveal how dire the situation really is. In a scan, it found nearly...

For the second time since June 1, the handlers of CryptXXX ransomware have changed their ransom note and Tor payment site. More importantly to those developing detection signatures and administrators, this update no longer makes changes to the file extensions of encrypted files. “To make it more difficult for administrators, this release no longer uses...

Mike Mimoso and Chris Brook recap the news of the week, including a Bitcoin phishing campaign, the Kaspersky Lab ransomware report, misconfigured email servers, and a decline in Angler exploit kit traffic. Download: Threatpost_News_Wrap_June_24_2016.mp3 Music by Chris Gonsalves

New data anonymously shared with Kaspersky Lab researchers may enlarge the scope of and provide additional context to the hacked RDP servers for sale on the now defunct xDedic marketplace. The underground marketplace was disclosed in a report published last Tuesday describing an eBay-style platform of more than 70,000 hacked servers, some of which could...