In this report we track a malware operation targeting members of the Tibetan Parliament that used known and patched exploits to deliver a custom backdoor known as KeyBoy. We analyze multiple versions of KeyBoy revealing a development cycle focused on avoiding basic antivirus detection.
Tag Archives: Targeted Threats
This report describes a malware operation against the Syrian Opposition. We name the operator Group5, and suspect they have not been previously-reported. Group5 used “just enough” technical sophistication, combined with social engineering, to target computers and mobile phones with malware.
In this research note, we analyze a malware campaign targeting Hong Kong democracy activists. Two new malware families are used in the campaign that we name UP007 and SLServer. Previous reports have shown overlap in the tactics, tools, and procedures used in this campaign in other operations targeting groups in Burma, Hong Kong, and the Tibetan community.
This report describes the latest iteration in a long-running espionage campaign against the Tibetan community. We describe how the attackers continuously adapt their campaigns to their targets, shifting tactics from document-based malware to conventional phishing
Palo Alto Networks cited the Citizen Lab report entitled “Communities @ Risk: Targeted Threats Against Civil Society.”
November 1-4 – Seoul, South Korea
Freedom House has released their “Freedom on the Net 2015” report, placing China at the bottom of a ranking comprising 65 countries. The report cites the Citizen Lab’s research on China, specifically on chat application censorship and targeted threats.
This report analyzes a campaign of targeted attacks against an NGO working on environmental issues in Southeast Asia. Our analysis reveals connections between these attacks, recent strategic web compromises against Burmese government websites, and previous campaigns targeting groups in the Tibetan community.
Citizen Lab Communications Officer and Researcher Irene Poetranto speaking at a number of cybersecurity events in Latin America, including the second annual Colombian Internet Governance Forum.
این گزارش به کمپین رو به رشد حملات فیشینگ علیه کاربران در گستره ایران و حداقل یک حمله به یک فعال غربی میپردازد. این حملهها تلاش دارند تا امنیت مضاعفی که از طریق رمز عبور دو مرحلهای در گوگل فراهم شده است را دور بزنند و به شکل گستردهای مبتنی بر تماسهای تلفنی و تلاش برای ورود در زمان حقیقی از سوی مهاجم است. جالب اینجاست که این حملهها عموما با یک تماس تلفنی از کشور انگلستان شروع میشده و هکرها به یکی از دو زبان فارسی و یا انگلیسی ارتباط برقرار میکردهاند.