The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese Introduction With the development of network attack technology, the malware loader is becoming the key component of malware execution. Such loaders are a malicious to……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese Introduction to the Loader Series Analysis Report With the development of network attack technology, the malicious code loader is becoming the key component of malici……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Since 2012, Antiy Security Research and Emergency Response Center (Antiy CERT) has been continuously paying attention to and analyzing cyber attack act……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Antiy CERT discovered that the “SwimSnake” cybercriminal group used a counterfeit WPS Office download site to spread remote control Trojans. If……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese Introduction to the Loader Series Analysis Report With the development of network attack technology, the malicious code loader is becoming the key component of malici……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview The “SwimSnake” cybercriminal group (also known as “Silver Fox”, “Valley Thief”, “UTG-Q-1000”, etc.) has be……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview In recent years, the use of open source ecological trust in GitHub disguised open source projects for malicious code “poisoning” attacks contin……
A Comprehensive Analysis of the DBatLoader Malicious Loader ——Analysis of Typical Loader Families II
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Introduction As cyberattack techniques continue to evolve, malicious code loaders have gradually become a key component of malicious code execution. Such loaders are ……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview In the second half of 2024, Antiy Emergency Response Center tracked APT attacks by Green Spots against specific industry targets in our country. The at……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese Recently, DeepSeek, a large domestic AI model, has gained widespread attention worldwide thanks to its outstanding performance, and at the same time has become a target ……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Extortion attacks have now become one of the major cyber security threats to organizations around the world, and have been used by attackers as a criminal ……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Antiy CERT released the report “Analysis of Botnet Samples Related to Attacks on DeepSeek”, analyzing the two active botnet systems RapperBot a……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview The mining Trojanuses various means to implant the mining program into the victim’s computer, and without the user’s knowledge, uses the comput……
1.Overview Recently, the online service of DeepSeek, a domestic AI model, was attacked by a large-scale cyber attack, resulting in multiple service interruptions. This has attracted the attention of the domestic security industry. According to the monitoring report of Qianxin XLab, it was foun……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Introduction As cyberattack techniques continue to evolve, malicious code loaders have gradually become a key component of malicious code execution. Such loaders ar……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Recently, Antiy CERT has detected a number of cyber attacks on Outlaw mining zombies, which were first discovered in 2018 and mainly engaged in mining acti……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese This report is a machine-translated version. 1.Overview Recently, Antiy CERT has discovered the spread of malware by using the “Black Myth Wukong Modifier̶……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1. Vulnerability overview Microsoft in July fixed three Windows Server Remote Desktop Licensing Service (RDL) remote code execution vulnerabilities, identified as CVE-2……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese In response to a large Window host blue screen event caused by CrowdStrike, Antiy Cloud Security Center, Antiy CERT and Antiy Attack and Defense Laboratory released a long……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Vulnerability overview On August 1, 2024, a third-party input method was found to have a vulnerability that bypasses the login authority of windows 10 and windows 11 ……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Ransomware is a highly destructive computer malware. In recent years, it has become one of the major cybersecurity threats to organizations around the world,……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Recently, Windows operating system hosts using CrowdStrike ‘s terminal security products encountered a serious system crash, namely the “Blue Scr……
A Technical Analysis of the CrowdStrike Global System Failure——Contemplating “Falcon’s Broken Wings”
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Basic Situation and Impact of the Incident Starting at noon on July 19, 2024, Beijing time, users in many parts of the world reported on social platforms such as X……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Vulnerability Overview Nacos is a dynamic service discovery, configuration management and service management platform that makes it easier to build cloud-native appli……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.What Is OpenSSH? Is It Widely Distributed? SSH (Secure Shell) is a secure network protocol used to securely transmit data between two untrusted hosts over an inse……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Vulnerability Description OpenSSH is a set of secure network utilities based on the Secure Shell (SSH) protocol, which provides encryption to protect privacy and secu……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview The “SwimSnake” black production gang has been active since the second half of 2022, launching a large number of fishing attacks and fraud acti……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Recently, Antiy CERT discovered a new mining Trojan attack through network security monitoring. The mining Trojan began to appear in November 2023, and its……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview The black products of “SwimSnake” have been active since the second half of 2022, and have launched a large number of fishing attacks and fraud……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview On February 12, 2024, SentinelOne, an American cybersecurity company, released a report entitled “China’s Cyber Revenge/Why the PRC Fails t……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Recently, Antiy CERT has detected an attack campaign that spreads data-stealing Trojans through GitHub. The attackers added malicious URLs to the requireme……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Introduction At the beginning of each year, it is the tradition of Antiy Security Research and Emergency Response Center (Antiy CERT) for many years to analyze and ……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Mining Trojans use various means to implant mining programs into victims’ computers, and use the computing power of victims’ computers to mine ……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Ransomware is a highly destructive computer Trojan program. In recent years, it has become one of the major cybersecurity threats to organizations arou……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Recently, Antiy CERT discovered a group of cases of poisoning and attacking downstream users by using unofficial software download stations, and analyzed i……
Analysis of phishing attacks by “X Elephant” group against scientific research institutions in china
1.Overview Recently, Antiy CERT (Security Research and Emergency Response Center) discovered during daily email monitoring that overseas APT attack organizations imitated the official organization of our “慧眼行动” and sent phishing emails to relevant scientific research institutions ……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Recently, Antiy CERT has captured a new variant of the Mirai botnet, targeting MIPS, ARM, X86 and other architectures, infected targets with weak passwords a……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview In the second half of 2023, Antiy CERT (Security Research and Emergency Response Center) found in daily mail monitoring that overseas APT attack organizat……
1.Overview Recently, Antiy CERT has detected a new round of phishing attacks by the “SwimSnake” black-market group (associated with the “Silver Fox” gang), targeting finance personnel and customer service representatives of small businesses on platforms such as Kuaishou, D……
1.Overview Recently, there has been an incident involving a financial institution falling victim to a ransomware attack. Information from various sources indicates a close association with the LockBit ransomware attack group. The use of the term “close association” by the Antiy CERT i……
1.Overview Recently, Antiy CERT has monitored an active trend of PLAY ransomware incidents. PLAY ransomware, also known as PlayCrypt, was developed and operated by Balloonfly[1] and was first discovered in June 2022. The ransomware is mainly spread through phishing emails and vulnerabilities, and……
1、Overview The Natrix Group has been active since the second half of 2022, launching a multitude of attack campaigns against domestic users. The Natrix Group spreads a wide variety of malware variants, rapidly updates its evasion techniques, frequently changes its infrastructure, and targets a w……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview In recent years, the AgentTesla Trojan horse continues to be active, and Antiy CERT has repeatedly monitored attacks on domestic government, enterprise and i……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview In November 2022, Antiy CERT found a case of spear-phishing mail from an Indian direction rattlesnake organization targeting a Chinese university. The at……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Since October 2021, a hacker group called “AgainstTheWest” (ATW) has attacked platforms such as SonarQube, Gitblit and Gogs, stealing codes and d……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Recently, the Harbin Institute of Technology and Antiy Joint CERT Labs has monitored multiple attacks using spam to spread remote control Trojans. Attackers ……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Mining Trojans use various means to implant mining programs into victims’ computers, and use the computing power of victims’ computers to mine wi……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Ransomware is a type of highly destructive computer Trojan program. In recent years, ransomware has become one of the main cybersecurity threats faced by glo……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Introduction With the rise of blockchain technology and virtual currencies such as cryptocurrencies in recent years, the open source of mining Trojans has lowered the……
The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Advanced Persistent Threat (APT) The overall situation of global advanced persistent threat (APT) activities in 2022 remains very severe. Based on internal and extern……