A Threat Actor Targeting Cryptocurrency Exchanges In this research, we present a hidden and persistent group, that has been targeting crypto-exchanges, mainly in the US and Japan since as early as 2018. The actor has successfully stolen millions’ worth of cryptocoins. We named it as “CryptoCore” (or “Crypto-gang”), aka “Dangerous Password”, “Leery Turtle”. The CryptoCore […]
Read MoreClearSky Q1 summary report
We have published our quarterly report for the first quarter of 2020. We mark the outbreak of the COVID-19 virus as a systematic change for most businesses around the world. The immense pressure felt by many companies and organizations has the potential of evolving into “The perfect storm” in terms of ripe conditions for cyber-attacks, combining […]
Read MoreFox Kitten – Widespread Iranian Espionage-Offensive Campaign
During the last quarter of 2019, ClearSky research team has uncovered a widespread Iranian offensive campaign which we call “Fox Kitten Campaign”; this campaign is being conducted in the last three years against dozens of companies and organizations in Israel and around the world. Read the full Report: Fox Kitten – Widespread Iranian Espionage-Offensive Campaign […]
Read MorePowDesk: PowerShell Script for LANDesk Management Agent Hosts
PowDesk is a simple PowerShell-based script for hosts that run LANDesk Management Agent. This script is compatible with both 32-bit and 64-bit systems and exfiltrates the computer’s name through a PHP page stored at a certain domain name. After analyzing the script behavior, we assess that potential attackers might create a whitelist of companies that […]
Read MoreThe Kittens Are Back in Town 2 – Charming Kitten Campaign Keeps Going on, Using New Impersonation Methods
On the 15th of September 2019, we have published a report[1] about a sharp increase in Charming Kitten attacks against researchers from the US, Middle East, and France, focusing on Iranian academic researchers, Iranian dissidents in the US. In our last report, we exposed a new cyber espionage campaign that was conducted in July 2019. […]
Read MoreThe Kittens Are Back in Town Charming Kitten – Campaign Against Academic Researchers
In 2019 ClearSky Cyber Security observed a sharp increase in Charming Kitten attacks, after an absence of a few months and after 2019 Microsoft official complaint against the group for “establishing an internet-based cybertheft operation referred to as ‘Phosphorus’“. Read the full report: The Kittens Are Back in Town Charming Kitten – Campaign Against Academic […]
Read More2019 H1 Cyber Events Summary Report
We are happy to present our half-year report summarizing cyber events for the first half of 2019. This report provides an in-depth review of significant trends, as well as major attack events in the cyber landscape – a combined effort of our intelligence research, threat-hunting and analyst teams. Read the full report: 2019 H1 Cyber […]
Read MoreYemen-Based Disinformation Campaign Distributing Fake News in Israel and the Arab World
On July 25th, 2019, several social media profiles propagated fake news claiming that two famous Israeli women, Yona Elian And Roni Dalumi (an actor and a singer, respectively), have died. These accounts posted the story on Israeli media outlets pages, as well as a number of Israeli social media groups, primarily on Facebook. Read the […]
Read MoreIranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal
In recent months, there has been considerable unrest in the Iranian cybersphere. Highly sensitive data about Iranian APT groups were leaked, exposing abilities, strategies, and attack tools. The main medium for this leak was a telegram channel. The first leak uncovered attack frameworks and web shells of APT-34 (Known as OilRig group). This was followed […]
Read More