Intelligence & Analytics April 27, 2023

Ex-Conti and FIN7 Actors Collaborate with New Backdoor

15 min read - Former Conti syndicate and FIN7 members have collaborated to use a new backdoor dubbed "Minodo" to deliver the Project Nemesis infostealer. Explore the intricate nature of cooperation among cybercriminal groups and their members with in-depth analysis from IBM Security X-Force…

Endpoint March 20, 2023

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

7 min read - In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will…

Security Services February 16, 2023

What are the Duties of a Malware Analyst?

3 min read - Malware breaches begin in many ways. Recently, multiple fake antivirus apps in the Google Play Store were infected with malware. Earlier this year, malware deployed through satellites shut down modems in Ukraine. Destructive malware attacks have an average lifecycle of…

Intelligence & Analytics September 1, 2022

Raspberry Robin and Dridex: Two Birds of a Feather

8 min read - IBM Security Managed Detection and Response (MDR) observations coupled with IBM Security X-Force malware research sheds additional light on the mysterious objectives of the operators behind the Raspberry Robin worm. Based on a comparative analysis between a downloaded Raspberry Robin…

Malware August 18, 2022

From Ramnit To Bumblebee (via NeverQuest): Similarities and Code Overlap Shed Light On Relationships Between Malware Developers

26 min read - A comparative analysis performed by IBM Security X-Force uncovered evidence that suggests Bumblebee malware, which first appeared in the wild last year, was likely developed directly from source code associated with the Ramnit banking trojan. This newly discovered connection is…

Intelligence & Analytics July 7, 2022

Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine

13 min read - Following ongoing research our team, IBM Security X-Force has uncovered evidence indicating that the Russia-based cybercriminal syndicate “Trickbot group” has been systematically attacking Ukraine since the Russian invasion — an unprecedented shift as the group had not previously targeted Ukraine.…

Malware March 15, 2022

CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations

3 min read - On March 1, 2022, ESET reported a third destructive data wiper variant used in attacks against Ukrainian organizations dubbed as CaddyWiper. CaddyWiper’s method of destruction is by overwriting file data with “NULL” values. This is the fourth sample of malware…

Malware February 24, 2022

New Destructive Malware Used In Cyber Attacks on Ukraine

8 min read - This post was written with contributions from IBM Security X-Force’s Anne Jobmann, Claire Zaboeva and Richard Emerson. February 25, 2022 Update On February 24 2022, Symantec Enterprise reported a ransomware dubbed as PartyTicket was deployed alongside the HermeticWiper malware. IBM…

Malware December 15, 2021

Nation State Threat Group Targets Airline with Aclip Backdoor

8 min read - IBM Security X-Force has observed a state-sponsored adversary using a new backdoor that utilizes Slack to attack airline organizations. The adversary leveraged free workspaces on Slack, a legitimate messaging and collaboration application likely to obfuscate operational communications, allowing malicious traffic,…

Advanced Threats May 14, 2020

X-Force IRIS Overcomes Broken Decryption Mechanism in Jest Ransomware

10 min read - IBM X-Force Incident Response and Intelligence Services (IRIS) recently helped a company fend off a ransomware attack by building a custom decryptor for a strain of ransomware known as "Jest."