Energy reserves in the Eastern Mediterranean Sea and the “MEDEAST” gas pipeline: The Mediterranean Sea has become an increasingly relevant geostrategic topic for the Ministries of Foreign Affairs of Turkey, Greece, Cyprus, Israel and even China due to the controversies generated during the last decade for the discoveries of natural gas resources located in the […]
How Lab52 free service can protect your organization
Advanced Persistent Threats (APT) represent a risk to organizations, but they can not be deal with the same tools as generic malware. The main difference lies in the financial support they have (for example, governments or organized crime) Among the activities of the APT, one could highlight both espionage that provides strategic and political advantage […]
China: From culture to conflict in the cyberspace
Since in 2013 the US cybersecurity consultancy Mandiant published its famous report about APT1, showing its links with different agencies presumably associated with the Chinese government, the news about its actions in cyberspace has been significantly increased. Among others, we find APT15, APT27 or Winnti Group (APT41); the US DoJ’s allegations of cyber espionage towards […]
APT-C-36 new anti-detection tricks
Lab52 has recently detected an increase in the efforts carried out by APT-C-36 to improve their capabilities to remain undetected by Anti Malware software, using a more complex infection chain than a simple packer, as they have been doing so far. The sample detected using this new detection evasion technique has a name and icon […]
The role of China in the Persian Gulf and potential cyberthreats:
After the rise of tensions between the US and Iran due to the US military operation that ended the life of the Iranian General Qasem Soleimani and the Iraqi Commander Abu Mahdi al-Muhandis ([12]), Iran carried out an attack with missiles against two US military bases located in Iraq ([13]). These events have generated a […]
Intelligence operation against targets in Indonesia
Lab52 has detected malicious activity targeting Indonesian victims. This activity could be linked to an intelligence operation. We have been tracking this activity since December 27th of 2019 The main tools of this threat actor, are built as DLL files, and launched with this commands: “C:\Windows\System32\rundll32.exe” shell32.dll,ShellExec_RunDLL regsvr32 /s C:\ProgramData\pubpool.dll /i:process104.dll “C:\WINDOWS\system32\regsvr32.exe” /s C:\ProgramData\pubpool.dll /i:process104.dll […]