Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA

Over the past few months ClearSky has been collaborating with Palo Alto Networks on preventing and detecting targeted attacks in the Middle East using two relatively new Microsoft Windows malware families which we call KASPERAGENT and MICROPSIA. In addition, our research has uncovered evidence of links between attacks using these two new malware families and […]

Read More

Jerusalem Post and other Israeli websites compromised by Iranian threat agent CopyKitten

On 29 March 2017 the German Federal Office for Information Security (BSI) said in a statement that the website of Israeli newspaper Jerusalem Post was manipulated and linked to a harmful third party. Below is a Google translation of the statement: “After the cyber attack on the German Bundestag in 2015, some protective functions that the BSI […]

Read More

Operation Electric Powder – Who is targeting Israel Electric Company?

Attackers have been trying to breach IEC (Israel Electric Company) in a year-long campaign. From April 2016 until at least February 2017,  attackers have been spreading malware via fake Facebook profiles and pages, breached websites, self-hosted and cloud based websites. Various artifacts indicate that the main target of this campaign is IEC – Israel Electric Company. These […]

Read More

Attacks Against Customer Service Centers by Impersonation of Potential Clients

Hundreds of customer service centers have been targeted In a campaign going back at least to August 2016. An email is sent to the “contact us” or “customer support” address of an online shop. The sender pretends to be a a customer that has a problem with the online shopping cart or is just asking to […]

Read More

Business Email Compromise fraud Against Global Shipping Companies

Clearsky Security regularly monitors and tracks phishing and fraud  campaigns by looking for impersonating domain names. Recently we detected multiple domains impersonating shipping and logistics companies being registered. We suspect that these companies have become the target of Business Email Compromise scams (aka BEC or “CEO fraud”) Targeted organisations include Singaporean Executive Ship Management, VersaCold […]

Read More

Magecart – a malicious infrastructure for stealing payment details from online shops

Since March 2016, numerous credit cards and other details have been stolen during payment from dozens of online shops worldwide. Malicious JavaScript code acting as a form grabber or a simple “cloud based” keylogger was injected into breached shops. As buyers filled in their payment details, the data was captured and sent in real time to […]

Read More