Results for targeted attack

Threat Research

Over 100,000 South Korean Users Affected by BlackMoon Campaign

Introduction The FortiGuard Virtualization Execution X (VEX) system – a behaviour-based, in-house framework designed to identify zero-day samples – has detected a previously undiscovered iteration of the BlackMoon Trojan. BlackMoon Trojan is a banking trojan that is designed to phish user credentials from various South Korean banking institutions. It was discovered in early 2014 and was named after a debug string, “BlackMoon”, that was present in its code. While the BlackMoon malware code has been constantly updated...

Threat Research

Multi-COM Loading Methods Used In Targeted Attack

Introduction Last month, iSightPartners revealed a Microsoft Office zero-day leveraged in a targeted attack by a Russian cyber espionage team. This vulnerability has been patched in Microsoft bulletin MS15-070. CVE-2015-2424 was assigned to this vulnerability. In this blog post, we will discuss the nature of the vulnerability to give some insights to other researchers for understanding and detecting this specific Word vulnerability. Multi-directory entries chaining We first extracted the embedded objects inside the exploit document...

By Wayne Chin Yick LowSeptember 01, 2015