Check Point Research

For the latest discoveries in cyber research for the week of 11th November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The FBI and CISA issued a joint statement detailing a major Chinese cyber-espionage campaign targeting U.S. telecommunications infrastructure, led by the APT group Salt Typhoon. This operation compromised networks to steal call […]

The post 18th November – Threat Intelligence Report appeared first on Check Point Research.

Key Findings: Introduction On October 30th, the FBI, the US Department of Treasury, and the Israeli National Cybersecurity Directorate (INCD) released a joint Cybersecurity Advisory regarding recent activities of the Iranian cyber group Emennet Pasargad. The group recently operated under the name Aria Sepehr Ayandehsazan (ASA) and is affiliated with the Iranian Islamic Revolutionary Guard Corps (IRGC). […]

The post Malware Spotlight:  A Deep-Dive Analysis of WezRat appeared first on Check Point Research.

Key findings: Introduction WIRTE is a Middle Eastern Advanced Persistent Threat (APT) group active since at least 2018. The group is primarily known for engaging in politically motivated cyber-espionage, focusing on intelligence gathering likely linked to regional geopolitical conflicts. WIRTE is believed to be a subgroup connected to Gaza Cybergang, a cluster affiliated with Hamas. Since late 2023, Check […]

The post Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 11th November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Memorial Hospital and Manor in Bainbridge, Georgia, has been a victim of a ransomware attack that resulted in the loss of access to its electronic health record system. The Embargo ransomware gang […]

The post 11th November – Threat Intelligence Report appeared first on Check Point Research.

Key findings While we finalized this blog post, a technical analysis of this activity was published by fellow researchers from Cisco Talos. While it overlaps with our findings to some extent, our report provides additional extended information about the activity. Introduction Since July 2024, Check Point Research (CPR) has been tracking an extensive and ongoing phishing campaign […]

The post CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 4th November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Free, the second-largest telecom company in France, has been hit by a cyberattack resulting in unauthorized access to personal data associated with certain subscriber accounts. The incident surfaced following an attempted sale […]

The post 4th November – Threat Intelligence Report appeared first on Check Point Research.

Introduction APT36, also known as Transparent Tribe, is a Pakistan-based threat actor notorious for persistently targeting Indian government organizations, diplomatic personnel, and military facilities. APT36 has conducted numerous cyber-espionage campaigns against Windows, Linux, and Android systems. In recent campaigns, APT36 utilized a particularly insidious Windows RAT known as ElizaRAT. First discovered in 2023, ElizaRAT has significantly […]

The post Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 28th October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Grupo Aeroportuario del Centro Norte (OMA), operator of 13 airports across Mexico, was hacked by the RansomHub ransomware gang, who threatened to leak 3TB of stolen data unless a ransom is paid. […]

The post 28th October – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 21st October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Boston Children’s Health Physicians, part of the Boston Children’s Hospital network, suffered a data breach in September, exposing sensitive patient information, including Social Security numbers, medical records, and health insurance details. The […]

The post 21st October – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 14th October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Nonprofit healthcare organization Axis Health System has been hit by a ransomware attack by the Rhysida gang, leading to the theft of sensitive data, including mental health and substance abuse records. Rhysida […]

The post 14th October – Threat Intelligence Report appeared first on Check Point Research.

Introduction Beginning in early August, Check Point Research observed a cyber-enabled disinformation campaign primarily targeting Moldova’s government and education sectors. Acting ahead of Moldova’s elections on October 20th, attackers behind this campaign likely seek to foster negative perceptions of European values and the EU membership process in addition to Moldova’s current pro-European leadership, with the […]

The post Operation MiddleFloor: Disinformation campaign targets Moldova ahead of presidential elections and EU membership referendum appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 7th October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Chinese state-sponsored hackers, dubbed “Salt Typhoon”, infiltrated US telecom companies such as Verizon, AT&T, and Lumen Technologies. The attackers gained access to systems used for court-authorized wiretaps, potentially remaining undetected for months […]

The post 7th October– Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 30th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American money transfer service MoneyGram has experienced a cyber-attack which led to significant network outages that disrupted its services globally. The attack has affected money transactions, particularly in the Caribbean, Jamaica and […]

The post 30th September – Threat Intelligence Report appeared first on Check Point Research.

Research by: Jiri Vinopal Have you ever wondered why there are so many vulnerable drivers and what might be causing them to be vulnerable? Do you want to understand why some drivers are prone to crossing security boundaries and how we can stop that? Vulnerable drivers not only put the system where they are installed at […]

The post Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks appeared first on Check Point Research.

Key takeaways Introduction Crypto drainers are malicious tools that steal digital assets like NFTs, and tokens from cryptocurrency wallets. They often use phishing techniques and leverage smart contracts to enhance their impact. Typically, users are tricked into visiting phishing websites that mimic legitimate cryptocurrency platforms. Drainers then initiate fraudulent transactions and deceive users into signing […]

The post Wallet Scam: A Case Study in Crypto Drainer Tactics appeared first on Check Point Research.

Introduction DLL Hijacking — a technique for forcing legitimate applications to run malicious code — has been in use for about a decade at least. In this write-up we give a short introduction to the technique of DLL Hijacking, followed by a digest of several dozen documented uses of that technique over the past decade […]

The post 10 Years of DLL Hijacking, and What We Can Do to Prevent 10 More appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 23rd September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Medusa ransomware gang has claimed responsibility for an attack on the Providence Public School District (PPSD) in Rhode Island. The school district is still grappling with ongoing internet outages since September 11, […]

The post 23rd September – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 16th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Port of Seattle has confirmed that the Rhysida ransomware group was responsible for a cyberattack in August 2024, which affected its critical systems, including Seattle-Tacoma International Airport. The ransomware attack caused […]

The post 16th September – Threat Intelligence Report appeared first on Check Point Research.

Key Findings Introduction Check Point Research (CPR) has been closely monitoring a campaign targeting the Iraqi government over the past few months. This campaign features a custom toolset and infrastructure for specific targets and uses a combination of techniques commonly associated with Iranian threat actors operating in the region. The toolset used in this targeted […]

The post Targeted Iranian Attacks Against Iraqi Government Infrastructure appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 9th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The German air traffic control agency, Deutsche Flugsicherung, has confirmed a cyberattack that impacted its administrative IT infrastructure. The extent of data accessed is still under investigation, and flight operations remained unaffected. […]

The post 9th September – Threat Intelligence Report appeared first on Check Point Research.