Watering hole threat analysis in the public sector of Kazakhstan

The study of the threat landscape in Kazakhstan as part of the Threat Intelligence stage led T&T Security experts to an interesting family of malware, the so-called Razy.


Analysis of the Spear Phishing Threats on the Banking Segment of Kazakhstan

On March 24-25, 2021, three letters with a malicious attachment were sent from K.T ******** [@] jysanbank.kz email to various addresses. This document contains a malicious Excel sheet with a VBA macros.


Analysis of packed variation of Agent Tesla

In December 2020, one of our tLab system clients, the Center for the Development of Human Resources JSC, received malicious software on their corporate email. The malware was not detected at the static, signature level by antivirus software, but at the behavioral and heuristic levels by the tLab system. The examination results revealed it was a zero-day threat. The date of creation of the sample matches the day of its discovery.


AveMaria/WARZONE RAT Analysis

On 13 October 2020reported a massive attack on Kazakhstan citizens caused by AveMaria malware. The trojan is used by cybercriminals to remotely access the victim’s computer and obtain sensitive data. AveMaria has many variations with different malicious payload.f


Analysis of Rising Sun backdoor from APT Lazarus in the tLab system

In December 2018, McAfee released a report on a large malware campaign targeting the financial, energy, and other sectors of the economy, called Operation Sharpshooter. The North Korean APT group Lazarus is responsible for the numerous attacks.


WannaCry cryptoworm analysis in tLab system

In May 12, 2017 a mass attack by WannaCry virus-cryptographer aimed almost all versions of MS Windows took place. As a result of the attack more than 75,000 computers were infected around the world, including countries like UK, Spain, Germany, Russia. In addition officially computers in large companies in Kazakhstan were victims to the attack.


New cyber attack trend - "Spy in the browser" (malicious Google Chrome extension)

This article was prepared by a team of malware analysts of the company & T Security T, T&T Team RE {Arny, Cyberhunter, Griner}. In 2014, Google for the first time removed malicious Chrome browser extensions from their online store. Since then, the trend of malicious application or extension creation for Chrome is increasing.