Emanuele De Lucia – Page 2 – On Cyber Security

Industroyer2: The ICS-capable malware re-emerges in order to cause critical services disruption

Posted On 18 April 20222 April 2024 By edelucia

A few days ago a new variant of an ICS-capable malware known as Industroyer has been employed during a cyber-attack conducted against industrial control systems (ICS) responsible for the management and control of power plants subsystems in Ukraine. This new version has been named Industroyer2 and represents the evolution of a malware family already observed in December 2016 working Continue Reading

The BigBoss Rules: Something about one of the Uroburos’ RPC-based backdoors

Posted On 5 November 20212 April 2024 By edelucia

BigBoss is one of the RPC-based backdoors used by Uroburos (aka Turla, Snake, Venomous Bear, Pacifier). It was first spotted out in 2018 and was observed to include new features in the last quarter of 2020. During operations usually it’s used in combination with R.A.T. (Remote Administration Tools) such as Kazuar and Carbon. Several months ago I Continue Reading

Revil / Sodinokibi ransomware delivered through Kaseya VSA supply-chain attack

Posted On 2 July 20212 April 2024 By edelucia

On July 2, 2021, Kaseya issued a notice stating that the company was experiencing a potential cyber attack against the VSA suite. The company itself advised that the on-prem customers servers should be shut down immediately until further notice from them. VSA is a very common solution and usually used by Managed Service Continue Reading

Affiliates vs Hunters: Fighting the “DarkSide”

Posted On 25 January 20212 April 2024 By edelucia

On August 2020 a new type of malware, belonging to the Ransomware category, appeared in the cyber threat landscape. Threat actor responsible for its development called it “DarkSide” and , like others piece of malware of this type, is operated in Big Game Hunting (BGH) campaigns. Around more or less the same time, a DLS (Dedicated Leak Continue Reading

The mystery of “127.0.0.1:1” : A trick against “TheTrick”

Posted On 10 October 20202 April 2024 By edelucia

“TheTrick” is one of the community names with which we can refer to a criminal group that is responsible for the development and distribution of many malware variants, among wich “TrickBot“, “Ryuk“, “Conti“, “BazarLoader” and “BazarBackdoor“. However, the malware vector mainly used by this adversary is certainly “TrickBot“. TrickBot is Continue Reading

Load More Posts

The access violation that crashed the world: Technical insights of the BSOD in the CrowdStrike’s CSAgent.sys.

Unveiling AzzaSec Ransomware: Technical insights into the group’s locker.

Unveiling Obfuscated Batch Scripts: From UTF-8 to UTF-16 BOM Conversion

A Reverse Engineer’s journey with PowerShell and XWorm

Industroyer2: The ICS-capable malware re-emerges in order to cause critical services disruption

The BigBoss Rules: Something about one of the Uroburos’ RPC-based backdoors

Revil / Sodinokibi ransomware delivered through Kaseya VSA supply-chain attack

Affiliates vs Hunters: Fighting the “DarkSide”

The mystery of “127.0.0.1:1” : A trick against “TheTrick”