SUMMARY When it comes to Macro Malware, several people try to finish it off with two workarounds, Disable Macro (GPO) and user awareness. That said what if a malicious document doesn’t use Macro codes to do its malicious tasks? What if a document is exploiting a vulnerability to do its malicious activities? That said, Let […]
In my previous blog posts I posted details of cyber attacks targeting Indian Ministry of External Affairs and Indian Navy’s Warship and Submarine Manufacturer. This blog post describes another attack campaign where attackers impersonated identity of Indian think tank IDSA (Institute for Defence Studies and Analyses) and sent out spear-phishing emails to target officials of […]
Text: Audience Level: Beginner to Medium. Few months back we released our new tool APITacker. The idea behind the tool is more mature than the tool itself. Using APITracker we can hook APIs on large scale from DLLs to track the execution of the sample. APITracker is based on pydbg python debugger. Before we move […]
In my previous blog posts I described attack campaigns targeting Indian government organizations, and Indian Embassies and Ministry of External affairs. In this blog post I describe a new attack campaign where cyber espionage group targeted the users of Mazagon Dock Shipbuilders Limited (also called as ship builder to the nation). Mazagon Dock Shipbuilders Limited […]
In my previous blog I posted details of a cyber attack targeting Indian government organizations. This blog post describes another attack campaign where attackers used the Uri terror attack and Kashmir protest themed spear phishing emails to target officials in the Indian Embassies and Indian Ministry of External Affairs (MEA). In order to infect the […]
This blog post describes an attack campaign where NIC (National Informatics Centre) Cyber Security themed spear phishing email was used to possibly target Indian government organizations. In order to infect the victims, the attackers distributed spear-phishing email, which purports to have been sent from NIC’s Incident response team, the attackers spoofed an email id that […]