Aura Over Rafah, Revealing Hackers Responsible for SMShing

August 25th, 2021

Scams have been spreading rapidly over the wire as financial gain is around the corner for hackers who go after the weakest link - victims. SMShing attacks impersonating the Israeli Post Office took shape and were targeting Israeli residents on a daily basis. Having recieved a shoutout from local security researchers and victims, we decided to dive into a research that will assist law enforcements to capture the individuals behind these attacks. In the report you could find the result of the research we conducted - READ FULL REPORT

Secrets Behind Ever101 Ransomware

June 22nd, 2021

A victim called the incident response teams of Global Threat Center, reporting a seemingly
new stream of ransomware attack. Upon investigation, we determined the extension of the
encrypted files was certainly new, but the malware displayed significant similarities with
several ransomware families—a combination that made attribution an interesting and difficult
riddle. The attack’s signature was a Music folder containing an arsenal of tools, which the
malware dropped and executed on each of the encrypted machines... READ MORE

May 5th, 2021

Cuba Ransomware On a Roll

At the end of 2020, our team made up of SecurityJoes and Profero incident responders, led an investigation into a complex attack in which hundreds of machines were encrypted, knocking the victim company offline completely. The threat actors behind the attack deployed the Cuba ransomware across the corporate network, using a mixture of PowerShell scripts, SystemBC, and Cobalt Strike to propagate it. Cuba Ransomware utilizes the symmetric ChaCha20 algorithm for encrypting files, and the asymmetric RSA algorithm for encrypting key information. As a result, the files could not be decrypted without the threat actor’s private RSA key... READ MORE

APT27 Turns To Ransomware

January 4th, 2021

At the peak of the COVID-19 pandemic and economic crisis, our Global Incident Response and Cyber Crisis Management teams were engaged on several fronts around the world, fighting cybercrime, and even nation-state actors. The following report tells the story of one of these engagements and how again, the thin line between nation-states and cybercrime was crossed.