Clik here to view.
(Cyber) III Cold War: Hack the vote?
As you now, the DHS (Department of Homeland Security) along with the ODNI (Office of the Director of National Intelligence) formally accused Russia of meddling in the past US presidential elections...
View ArticleClik here to view.
The Russian ICC (VI): SVR
The SVR (Sluzhba Vneshney Razvedki) was the first heir of the KGB with its own entity, inheriting the attributions of the First General Directorate; is responsible for Russian foreign intelligence,...
View ArticleClik here to view.
Is your NAS exposed to the Internet?
The widespread use of devices connected to the network, such as cars, medical equipment, industrial controllers (PLCs), appliances, etc., has brought with it a new and extremely vulnerable landscape....
View ArticleWhat is a TDS (Traffic Director System)?
The idea to write this post came from investigating multiple cases of infections in computers because of the ubiquitous Exploit Kits (EK). A visit to a website that apparently should not carry any risk...
View ArticleClik here to view.
The Russian ICC (VII): FSO
Another of the heirs of the FAPSI is the FSO (Federal’naya Sluzhba Okhrani), identified in [1] as military unit 32152 and headed since May of this year by Major General Dmitry Kochnev (his predecessor,...
View ArticleClik here to view.
The Russian ICC (VIII): GRU
The only major Russian service which, as we have indicated, is not a direct heir of the KGB is the GRU (Glavnoye Razvedyvatelnoye Upravlenie), military unit 44388, whose aim is to provide intelligence...
View ArticleClik here to view.
The Russian ICC (IX): APT groups
We have talked so far about the main services that make up the Russian intelligence community in its cyber domain and we will continue to describe in successive posts the rest of the complex Russian...
View ArticleClik here to view.
Shadow Brokers: exploiting Eternalblue + Doublepulsar
(Just one month after publishing this post in spanish, these exploits were used in conjunction with the WanaCry ransomware to perform one of the largest worldwide cyber attacks of the last few years....
View ArticleClik here to view.
Mirai meets OpenSSL
It is not a surprise that new variants of Mirai and more come to light, being available to anyone the source code of the bot, the CnC server and the download server. However, they all had relatively...
View ArticleClik here to view.
MOSH, beyond SSH
Today, I do not think it necessary to mention what the SSH (Secure Socket Shell) protocol is, since it would be really difficult to live without it today. Therefore, SSH is considered globally as the...
View ArticleClik here to view.
The Evolution of Trickbot
From the malware lab of S2 Grupo we have been monitoring the movements of a Trojan known as Trickbot. Its relationship with Dyre, another older Trojan with which it shares many design features, and...
View ArticleClik here to view.
The mimi (mimikatz) side of #NotPetya
(Please note some of the internal links are in Spanish) One of the things that most caught our attention from the #NotPetya malware lab is the module that appears to contain code from the mimikatz...
View ArticleClik here to view.
Personal Countersurveillance (I): Facial Recognition
(Please note some of the internal links are in Spanish) Those of us who work in the cybersecurity sector are accustomed to hearing about threats and defense measures, but almost always referring to a...
View ArticleClik here to view.
JAFF Ransomware via PDF attachment with Doc
We continuously receive phishing emails coming from a variety of sources, often containing attachments with malicious payloads. In this case the attachment was a bit more interesting because it...
View ArticleClik here to view.
Analysis of Linux.Helios
For several weeks we have been detecting a new variant of malware for Linux and IoT architectures from the malware laboratory of S2 Grupo, registered for the first time on the VirusTotal platform on...
View ArticleClik here to view.
Phishing: improving our campaigns
One of the most important things when carrying out a phishing campaign [Obviously, always from legal terms Ed.] is to ensure that our mail gets to evade the anti-spam filters and thus be able to reach...
View ArticleClik here to view.
Droppers from Locky Ransomware with extra anti-Sandboxing
Recently an old acquaintance has returned to his old ways. This is the Ransomware “Locky”, which about a year ago was very active through #Malspam campaigns (Spam Mail with the purpose of installing...
View ArticleClik here to view.
Templates with bad intentions
A few days ago while analyzing several emails I came across one that contained a suspicious attachment. It was a .docx document that at first glance had nothing inside but it occupied 10 kb. The mail...
View ArticleClik here to view.
Miners, miners everywhere!
It is evident that cryptocurrencies are fashionable. The price increase of, for example, Bitcoin with respect to last year is exponential, as can be seen in the following Coinbase graph: Everyone,...
View ArticleClik here to view.
The Russian ICC (X): the intelligence ecosystem
We cannot conceive the Russian intelligence community, described in this series, as a set of services dependent on political or military power. The degree of penetration of these services throughout...
View Article