PowDesk is a simple PowerShell-based script for hosts that run LANDesk Management Agent. This script is compatible with both 32-bit and 64-bit systems and exfiltrates the computer’s name through a PHP page stored at a certain domain name. After analyzing the script behavior, we assess that potential attackers might create a whitelist of companies that […]
Read MoreThe Kittens Are Back in Town Charming Kitten – Campaign Against Academic Researchers
In 2019 ClearSky Cyber Security observed a sharp increase in Charming Kitten attacks, after an absence of a few months and after 2019 Microsoft official complaint against the group for “establishing an internet-based cybertheft operation referred to as ‘Phosphorus’“. Read the full report: The Kittens Are Back in Town Charming Kitten – Campaign Against Academic […]
Read More2019 H1 Cyber Events Summary Report
We are happy to present our half-year report summarizing cyber events for the first half of 2019. This report provides an in-depth review of significant trends, as well as major attack events in the cyber landscape – a combined effort of our intelligence research, threat-hunting and analyst teams. Read the full report: 2019 H1 Cyber […]
Read MoreIranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal
In recent months, there has been considerable unrest in the Iranian cybersphere. Highly sensitive data about Iranian APT groups were leaked, exposing abilities, strategies, and attack tools. The main medium for this leak was a telegram channel. The first leak uncovered attack frameworks and web shells of APT-34 (Known as OilRig group). This was followed […]
Read MoreIranian Nation-State APT Groups – “Rana Institute” Leak
Over the last few weeks, several significant leaks regarding a number of Iranian APTs took place. After analyzing and investigating the documents we conclude that they are authentic. Consequently, this causes considerable harm to the groups and their operation. The identity of the actor behind the leak is currently unknown, however based on the scope […]
Read MoreYear of the Dragon – Summary report of cyber events for 2018
We are happy to present our yearly summary report of cyber events for 2018. This report is a combined effort of our intelligence research, threat-hunting and analyst teams. One of the biggest challenges in cyber space is the overwhelming, and at times contradicting amount of data we are confronted with on a daily basis. As […]
Read MoreMuddyWater Operations in Lebanon and Oman
Abstract MuddyWater is an Iranian high-profile threat actor that’s been seen active since 2017. The group is known for espionage campaigns in the Middle East. Over the past year, we’ve seen the group extensively targeting a wide gamut of entities in various sectors, including Governments, Academy, Crypto-Currency, Telecommunications and the Oil sectors. MuddyWater has recently […]
Read MoreCharming Kitten: Iranian Cyber Espionage Against Human Rights Activists, Academic Researchers and Media Outlets
Charming Kitten is an Iranian cyberespionage group operating since approximately 2014. This report exposes their vast espionage apparatus, active during 2016-2017. We present incidents of company impersonation, made up organizations and individuals, spear phishing and watering hole attacks. We analyze their exploitation, delivery, and command-and-control infrastructure, and expose DownPaper, a malware developed by the attackers, […]
Read MoreOperation Wilted Tulip – Exposing a Cyber Espionage Apparatus
CopyKittens is a cyberespionage group that has been operating since at least 2013. In November 2015, ClearSky and Minerva Labs published the first public report exposing its activity [1]. In March 2017, ClearSky published a second report exposing further incidents, some of which impacted the German Bundestag [2]. In this report, Trend Micro and ClearSky expose […]
Read MoreOperation DustySky – Part 2
Operation DustySky – Part 2 is a follow-up on our DustySky operation report from January 2016. It analyses new attacks by Molerats against targets in Israel, The United States, Egypt, Saudi Arabia, United Arab Emirates and The Palestinian Authority. We elaborate on the scope and targeting of the DustySky campaign and expose new infrastructure and […]
Read More