Here are the topics of this newsletter edition: A well-known bot often used for cyber-attacks, the Qakbot The First responder Word FOCUS TECH QAKBOT Initially designed to steal banking credentials, Qakbot has evolved into a more versatile malware with multiple…
Author: CERT-W
An overview of the different cybercriminal uses case of ChatGPT The one year report about the cyber operations between Ukraine and Russia, by the CERT-EU CHATGPT What opportunities for the underground world of cybercrime ? Need a refresh about…
FOCUS TECH BLINDSIDE Facing the EDR behavioral supervision, attackers develop techniques for successful attacks by staying under the radars. One of these techniques is called Blindside. This technique works on many EDRs relying on a hook and was revealed by…
FOCUS TECH BRING YOUR OWN VULNERABLE KERNEL DRIVER (BYOVKD) Facing the EDR behavioral supervision, attacker develops techniques for successful attacks by staying under the radars. One of these techniques is called BYOVKD: Bring Your Own Vulnerable Kernel Driver. Even if…
EDITO What are the supply chain threats? What’s a picture of the current situation? Since 2019, there has been a growing focus on third-party attacks. With good reason: CyberArck estimates in a study from 2022 that 71% of organizations suffered…
FOCUS TECH MAUI Sources: https://www.cisa.gov/uscert/ncas/alerts/aa22-187a https://stairwell.com/wp-content/uploads/2022/07/Stairwell-Threat-Report-Maui-Ransomware.pdf https://securelist.com/andariel-deploys-dtrack-and-maui-ransomware/107063/ Ransomware Activity Presentation of the figures collected by our tool on the data given by the RaaS platforms about their successful attacks. This graph gives an estimation of the number of victims…
FOCUS TECH Bumblebee Initial Access (TA0001) Execution (TA0002) Persistence (TA0003) Privilege Escalation (TA0004) Phishing: Spearphishing Attachment T1566.001 Command and Scripting Interpreter: Visual Basic T1059.005 Scheduled Task/Job T1053 Process Injection: Dynamic-link Library Injection T1055.001 Phishing: Spearphishing Link T1566.002 Windows Management Instrumentation…
DECRYPTION The marketplaces of stolen data Which type of data are sold? The different platforms of marketplaces sell different types of data. While some platforms are really focused on selling one specific “product” (eg. hacking forums where Initial Access to…
Overview Spring is a lightweight opensource application framework for Java. It allows for easy development and testing of Java applications. Spring is used to create Java enterprise applications. It provides means to build applications and supports different scenarios.…
FOCUS TECH Conti Kill Chain SOURCES : CERT-W: FROM THE FRONT LINE The First Responder Word READING OF THE MONTH We recommend the interview of Pompompurin, a cyber activist who’s work ranges from leaking the data of thousands of…