ESET Threat Report Q4 2020
A view of the Q4 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
Research
Expert content, for researchers by researchersResearch
Kobalos – A complex Linux threat to high performance computing infrastructure
ESET researchers publish a white paper about unique multiplatform malware they’ve named Kobalos
Operation NightScout: Supply‑chain attack targets online gaming in Asia
ESET researchers uncover a supply-chain attack used in a cyberespionage operation targeting online‑gaming communities in Asia
Vadokrist: A wolf in sheep’s clothing
Another in our occasional series demystifying Latin American banking trojans
Operation Spalax: Targeted malware attacks in Colombia
ESET researchers uncover attacks targeting Colombian government institutions and private companies, especially from the energy and metallurgical industries
Operation SignSight: Supply‑chain attack against a certification authority in Southeast Asia
ESET researchers have uncovered a supply-chain attack on the website of a government in Southeast Asia.
Operation StealthyTrident: corporate software under attack
LuckyMouse, TA428, HyperBro, Tmanger and ShadowPad linked in Mongolian supply-chain attack
Turla Crutch: Keeping the “back door” open
ESET researchers discover a new backdoor used by Turla to exfiltrate stolen documents to Dropbox
Lazarus supply‑chain attack in South Korea
ESET researchers uncover a novel Lazarus supply-chain attack leveraging WIZVERA VeraPort software
Hungry for data, ModPipe backdoor hits POS software used in hospitality sector
Backdoor authors show deep knowledge of the targeted POS software, decrypting database passwords from Windows registry values
ESET Threat Report Q3 2020
A view of the Q3 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
ESET takes part in global operation to disrupt Trickbot
Throughout its monitoring, ESET analyzed thousands of malicious samples every month to help this effort
XDSpy: Stealing government secrets since 2011
ESET researchers uncover a new APT group that has been stealing sensitive documents from several governments in Eastern Europe and the Balkans since 2011
LATAM financial cybercrime: Competitors‑in‑crime sharing TTPs
ESET researchers discover surprisingly many indicators of close cooperation among Latin American banking trojans’ authors
APT‑C‑23 group evolves its Android spyware
ESET researchers uncover a new version of Android spyware used by the APT-C-23 threat group against targets in the Middle East
Who is calling? CDRThief targets Linux VoIP softswitches
ESET researchers have discovered and analyzed malware that targets Voice over IP (VoIP) softswitches
KryptoCibule: The multitasking multicurrency cryptostealer
ESET researchers analyze a previously undocumented trojan that is spread via malicious torrents and uses multiple tricks to squeeze cryptocoins from its victims while staying under the radar
Grandoreiro banking trojan impersonates Spain’s tax agency
Beware the tax bogeyman – there are tax scams aplenty
Mekotio: These aren’t the security updates you’re looking for…
Another in our occasional series demystifying Latin American banking trojans
Stadeo: Deobfuscating Stantinko and more
We introduce Stadeo – a set of scripts that can help fellow threat researchers and reverse engineers to deobfuscate the code of Stantinko and other malware