Enterprise Malware-as-a-Service: Lazarus Group and the Evolution of Ransomware

In an interesting twist to the use of ransomware, an attacker leveraged a vulnerability in a plug-in for a remote-monitoring tool, Kaseya VSA, to gain access to a small Managed Services Provider, and infect approximately 80 companies with the GandCrab ransomware. This is a notable shift in tactics for Continue reading “Enterprise Malware-as-a-Service: Lazarus Group and the Evolution of Ransomware”

Pegasus/Buhtrap analysis of the malware stage based on the leaked source code

In April of 2015, Kaspersky released a report on a Trojan / Remote Access Tool (RAT) targeting financial institutions in Russia and Ukraine, named BUHTRAP, also known as Pegasus and Carbanak. Kaspersky reported BUHTRAP has been active since 2014, but the first attacks were not detected until August 2015. Continue reading “Pegasus/Buhtrap analysis of the malware stage based on the leaked source code”