Information

ESET has collaborated with the Federal Police of Brazil in an attempt to disrupt the Grandoreiro botnet. ESET contributed to the project by providing technical analysis, statistical information, and known command and control (C&C) server domain names and IP addresses. Due to a design flaw in Grandoreiro’s network protocol, ESET researchers were also able to get a glimpse into the victimology. ESET automated systems have processed tens of thousands of Grandoreiro samples. The domain generation…

Digital Security In today’s digitally interconnected world, advanced cyber capabilities have become an exceptionally potent and versatile tool of tradecraft for nation-states and criminals alike Andy Garth 29 Jan 2024  •  , 4 min. read For thousands of years, nations have engaged in espionage, spying on their neighbors, allies, and adversaries. Traditionally, this realm of “espionage” relied heavily on human intelligence, but that started changing in the early 1890s with the advent of technologies like…

Business Security Blindly trusting your partners and suppliers on their security posture is not sustainable – it’s time to take control through effective supplier risk management Phil Muncaster 25 Jan 2024  •  , 5 min. read The world is built on supply chains. They are the connective tissue that facilitates global trade and prosperity. But these networks of overlapping and inter-related companies are increasingly complex and opaque. Most involve the supply of software and digital…

Video The previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UK 26 Jan 2024 This week, ESET researchers released their findings about an attack where a previously unknown threat actor deployed a sophisticated multistage implant, which ESET named NSPX30, through adversary-in-the-middle (AitM) attacks hijacking update requests from legitimate software such as Tencent QQ, WPS Office, and Sogou Pinyin. Blackwood, the name…

ESET researchers provide an analysis of an attack carried out by a previously undisclosed China-aligned threat actor we have named Blackwood, and that we believe has been operating since at least 2018. The attackers deliver a sophisticated implant, which we named NSPX30, through adversary-in-the-middle (AitM) attacks hijacking update requests from legitimate software. Key points in this blogpost: We discovered the NSPX30 implant being deployed via the update mechanisms of legitimate software such as Tencent QQ,…

Scams As AI-powered voice cloning turbocharges imposter scams, we sit down with ESET’s Jake Moore to discuss how to hang up on ‘hi-fi’ scam calls – and what the future holds for deepfake detection Cameron Camp 23 Jan 2024  •  , 4 min. read Would you fall for a faked call from your CEO asking you to wire money? As our colleague Jake Moore found out, you might. As computers with spare compute cycles get…