Check Point Research

Introduction APT36, also known as Transparent Tribe, is a Pakistan-based threat actor notorious for persistently targeting Indian government organizations, diplomatic personnel, and military facilities. APT36 has conducted numerous cyber-espionage campaigns against Windows, Linux, and Android systems. In recent campaigns, APT36 utilized a particularly insidious Windows RAT known as ElizaRAT. First discovered in 2023, ElizaRAT has significantly […]

The post Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 28th October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Grupo Aeroportuario del Centro Norte (OMA), operator of 13 airports across Mexico, was hacked by the RansomHub ransomware gang, who threatened to leak 3TB of stolen data unless a ransom is paid. […]

The post 28th October – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 21st October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Boston Children’s Health Physicians, part of the Boston Children’s Hospital network, suffered a data breach in September, exposing sensitive patient information, including Social Security numbers, medical records, and health insurance details. The […]

The post 21st October – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 14th October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Nonprofit healthcare organization Axis Health System has been hit by a ransomware attack by the Rhysida gang, leading to the theft of sensitive data, including mental health and substance abuse records. Rhysida […]

The post 14th October – Threat Intelligence Report appeared first on Check Point Research.

Introduction Beginning in early August, Check Point Research observed a cyber-enabled disinformation campaign primarily targeting Moldova’s government and education sectors. Acting ahead of Moldova’s elections on October 20th, attackers behind this campaign likely seek to foster negative perceptions of European values and the EU membership process in addition to Moldova’s current pro-European leadership, with the […]

The post Operation MiddleFloor: Disinformation campaign targets Moldova ahead of presidential elections and EU membership referendum appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 7th October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Chinese state-sponsored hackers, dubbed “Salt Typhoon”, infiltrated US telecom companies such as Verizon, AT&T, and Lumen Technologies. The attackers gained access to systems used for court-authorized wiretaps, potentially remaining undetected for months […]

The post 7th October– Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 30th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American money transfer service MoneyGram has experienced a cyber-attack which led to significant network outages that disrupted its services globally. The attack has affected money transactions, particularly in the Caribbean, Jamaica and […]

The post 30th September – Threat Intelligence Report appeared first on Check Point Research.

Research by: Jiri Vinopal Have you ever wondered why there are so many vulnerable drivers and what might be causing them to be vulnerable? Do you want to understand why some drivers are prone to crossing security boundaries and how we can stop that? Vulnerable drivers not only put the system where they are installed at […]

The post Breaking Boundaries: Investigating Vulnerable Drivers and Mitigating Risks appeared first on Check Point Research.

Key takeaways Introduction Crypto drainers are malicious tools that steal digital assets like NFTs, and tokens from cryptocurrency wallets. They often use phishing techniques and leverage smart contracts to enhance their impact. Typically, users are tricked into visiting phishing websites that mimic legitimate cryptocurrency platforms. Drainers then initiate fraudulent transactions and deceive users into signing […]

The post Wallet Scam: A Case Study in Crypto Drainer Tactics appeared first on Check Point Research.

Introduction DLL Hijacking — a technique for forcing legitimate applications to run malicious code — has been in use for about a decade at least. In this write-up we give a short introduction to the technique of DLL Hijacking, followed by a digest of several dozen documented uses of that technique over the past decade […]

The post 10 Years of DLL Hijacking, and What We Can Do to Prevent 10 More appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 23rd September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Medusa ransomware gang has claimed responsibility for an attack on the Providence Public School District (PPSD) in Rhode Island. The school district is still grappling with ongoing internet outages since September 11, […]

The post 23rd September – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 16th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Port of Seattle has confirmed that the Rhysida ransomware group was responsible for a cyberattack in August 2024, which affected its critical systems, including Seattle-Tacoma International Airport. The ransomware attack caused […]

The post 16th September – Threat Intelligence Report appeared first on Check Point Research.

Key Findings Introduction Check Point Research (CPR) has been closely monitoring a campaign targeting the Iraqi government over the past few months. This campaign features a custom toolset and infrastructure for specific targets and uses a combination of techniques commonly associated with Iranian threat actors operating in the region. The toolset used in this targeted […]

The post Targeted Iranian Attacks Against Iraqi Government Infrastructure appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 9th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The German air traffic control agency, Deutsche Flugsicherung, has confirmed a cyberattack that impacted its administrative IT infrastructure. The extent of data accessed is still under investigation, and flight operations remained unaffected. […]

The post 9th September – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 26th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES California-based Patelco Credit Union has confirmed a data breach following a ransomware attack resulted in the exposure of sensitive personal information belongs to 726K clients and employees. The compromised data includes names, […]

The post 2nd September – Threat Intelligence Report appeared first on Check Point Research.

In the grand scheme of cybersecurity, the design issue in Foxit PDF Reader was really very minor. But it revealed a much larger and more impactful phenomenon that we’ll probably have to deal with for as long as there are computers around: the instinct to click ‘Ok’.

The post The Danger in Clicking ‘OK’ appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 26th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Halliburton, a leading U.S. oilfield services firm, was hit by a cyberattack that forced the company to take certain systems offline to contain the breach. Hackers gained access to some of the […]

The post 26th August – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 19th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The campaign of United States presidential nominee Donald Trump has had its internal communications hacked and leaked, allegedly by an Iranian threat actor. This aligns with Microsoft’s previous identification of a related […]

The post 19th August – Threat Intelligence Report appeared first on Check Point Research.

Key takeaways Introduction In the shadowy world of cybercrime, even the most cunning hackers can make blunders that expose their operations.  In this article CPR describes the discovery of Styx Stealer, a new malware variant derived from the notorious Phemedrone Stealer. Our investigation revealed critical missteps by the developer of Styx Stealer, including a significant […]

The post Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove appeared first on Check Point Research.

Executive Summary Research by Erez Goldberg Server-Side Template Injection (SSTI) vulnerabilities refer to weaknesses in web applications which attackers can exploit to inject malicious code into server-side templates. This allows them to execute arbitrary commands on the server, potentially leading to unauthorized data access, server compromise, or exploitation of additional vulnerabilities. Recently, SSTI vulnerabilities are […]

The post Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities appeared first on Check Point Research.