Affected platforms: Microsoft Windows
Impact: Collects Victims’ Information
Severity level: Critical
Ursnif (also known as Gozi) is identified as a banking Trojan, but its variants also include components (backdoors, spyware, file injectors, etc.) capable of a wide variety of behaviors.
The Ursnif Trojan has been observed targeting Italy over the past year. A few days ago, FortiGuard Labs detected a phishing campaign in the wild that was spreading a fresh variant of the Ursnif Trojan via an attached MS Word document that is continuously targeting Italy.
Although Ursnif is identified as a banking Trojan, due to its C2 server’s shutdown, this latest variant has been unable download the malicious banking module it needs to steal banking information from the victim, causing it to fail to start the second stage of its attack. As a result, in this post I will share my findings around the first stage of
| UPDATED: 12:38, Wed, Dec 23, 2020
Link copied
The Great Conjunction: Google celebrate event with Doodle Sign up to receive our rundown of the day s top stories direct to your inbox
SUBSCRIBE Invalid email
When you subscribe we will use the information you provide to send you these newsletters.
Sometimes they ll include recommendations for other related newsletters or services we offer.
Our Privacy Notice explains more about how we use your data, and your rights.
You can unsubscribe at any time.
Operation Aurora was the name given to a series of cyber attacks believed to have originated in Beijing, China and said to have links to the People’s Liberation Army (PLA). They began in mid-2009 and were first publicly disclosed by Google in a 2010 blog post. A statement read: “Like many other well-known organisations, we face cyber attacks of varying degrees on a regular basis.
Insight While it is understandable for organizations to want to rely on purchased security products to find all instances of evil in their environment, it is just not possible. Security technology must be paired with a human element that thinks like an attacker. This is especially true when implementing threat hunting. Those threat hunters should understand the cyber kill chain (mentioned in our proactive monitoring article) to know what to look for in each phase. In fact, one might think of threat hunting as proactive monitoring on steroids-it is the next step in the evolution of shortening the time to detection. Hunting is the transformation of being purely reactive to becoming proactive in your detections.