A Comprehensive Analysis of the HijackLoader ——Analysis of the Typical Loader Family Series IV

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese Introduction to the Loader Series Analysis Report With the development of network attack technology, the malicious code loader is becoming the key component of malici……

Continue Reading

Continued Phishing Attempts Against Endpoint Targets——Recent Sample Analysis of the “BITTER” Attack Group

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Since 2012, Antiy Security Research and Emergency Response Center (Antiy CERT) has been continuously paying attention to and analyzing cyber attack act……

Continue Reading

The “SwimSnake” Cybercriminal Group Distributes Remote Control Trojans by Leveraging Counterfeit WPS Office Download Sites

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Antiy CERT discovered that the “SwimSnake” cybercriminal group used a counterfeit WPS Office download site to spread remote control Trojans. If……

Continue Reading

A Comprehensive Analysis of the SmokeLoader——Analysis of the Typical Loader Family Series III

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese Introduction to the Loader Series Analysis Report With the development of network attack technology, the malicious code loader is becoming the key component of malici……

Continue Reading

“SwimSnake” Cybercriminal Operations Rampant! Launch Special Inspection and Handling Immediately!

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview The “SwimSnake” cybercriminal group (also known as “Silver Fox”, “Valley Thief”, “UTG-Q-1000”, etc.) has be……

Continue Reading

Hidden Threats: Analysis of Active “Poisoning” Incidents Disguised as Open-source Projects

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview In recent years, the use of open source ecological trust in GitHub disguised open source projects for malicious code “poisoning” attacks contin……

Continue Reading

A Comprehensive Analysis of the DBatLoader Malicious Loader ——Analysis of Typical Loader Families II

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Introduction As cyberattack techniques continue to evolve, malicious code loaders have gradually become a key component of malicious code execution. Such loaders ar……

Continue Reading

Analysis of a Group of Phishing Attacks by Taiwan’s “Green Spot” Attack Organization Using Open-source Remote Control Trojan

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview In the second half of 2024, Antiy Emergency Response Center tracked APT attacks by Green Spots against specific industry targets in our country. The at……

Continue Reading

8 High-risk Instructions! Counterfeit DeepSeek Can Actually Remotely Enable VNC Monitoring, and Your Phone May Become a Zombie

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese Recently, DeepSeek, a large domestic AI model, has gained widespread attention worldwide thanks to its outstanding performance, and at the same time has become a target ……

Continue Reading

A Review of Active Ransomware Attack Organizations in 2024

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Extortion attacks have now become one of the major cyber security threats to organizations around the world, and have been used by attackers as a criminal ……

Continue Reading

Analysis of Three Variants of the HailBot Botnet Attacking DeepSeek

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Antiy CERT released the report “Analysis of Botnet Samples Related to Attacks on DeepSeek”, analyzing the two active botnet systems RapperBot a……

Continue Reading

A Review of Active Mining Trojans in 2024

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview The mining Trojanuses various means to implant the mining program into the victim’s computer, and without the user’s knowledge, uses the comput……

Continue Reading

Analysis of Botnet Samples Related to Attacks on Deepseek

1.Overview Recently, the online service of DeepSeek, a domestic AI model, was attacked by a large-scale cyber attack, resulting in multiple service interruptions. This has attracted the attention of the domestic security industry. According to the monitoring report of Qianxin XLab, it was foun……

Continue Reading

Special Series Analysis on Popular Malicious Loader Families – Part One | XLoader

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Introduction As cyberattack techniques continue to evolve, malicious code loaders have gradually become a key component of malicious code execution. Such loaders ar……

Continue Reading

Recent Activity Analysis of the Outlaw Mining Botnet

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Recently, Antiy CERT has detected a number of cyber attacks on Outlaw mining zombies, which were first discovered in 2018 and mainly engaged in mining acti……

Continue Reading

Analysis of Phishing Attack Activities Carried out by the SwimSnake Black Industry Gang Using Malicious Documents

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview The “SwimSnake” black production gang has been active since the second half of 2022, launching a large number of fishing attacks and fraud acti……

Continue Reading

Analysis of the”Nichan”Mining Trojan Activity

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Recently, Antiy CERT discovered a new mining Trojan attack through network security monitoring. The mining Trojan began to appear in November 2023, and its……

Continue Reading

Analysis of the Recent Attack Activities of the “SwimSnake” Black Industry

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview The black products of “SwimSnake” have been active since the second half of 2022, and have launched a large number of fishing attacks and fraud……

Continue Reading

Fight Against the Bald Eagle in the Fog -RELAYING, COOPERATING AND SPECIFIC CONTRIBUTION

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview On February 12, 2024, SentinelOne, an American cybersecurity company, released a report entitled “China’s Cyber Revenge/Why the PRC Fails t……

Continue Reading

Analysis of Attack Activities Spreading Data-Stealing Trojan via Github

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Recently, Antiy CERT has detected an attack campaign that spreads data-stealing Trojans through GitHub. The attackers added malicious URLs to the requireme……

Continue Reading

Antiy Annual Security Report 2023

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Introduction At the beginning of each year, it is the tradition of Antiy Security Research and Emergency Response Center (Antiy CERT) for many years to analyze and ……

Continue Reading

2023 Active Mining Trojan Review

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Mining Trojans use various means to implant mining programs into victims’ computers, and use the computing power of victims’ computers to mine ……

Continue Reading

2023 Active Ransomware Attack Organizations Review

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Ransomware is a highly destructive computer Trojan program. In recent years, it has become one of the major cybersecurity threats to organizations arou……

Continue Reading

Analysis of the Mac Remote Control Trojan Attack Activities Spread by the “Dark Mosquito” Black Industry Gang through Domestic Download Sites

The original report is in Chinese, and this version is an AI-translated edition. Download PDF View in Chinese 1.Overview Recently, Antiy CERT discovered a group of cases of poisoning and attacking downstream users by using unofficial software download stations, and analyzed i……

Continue Reading

Analysis of phishing attacks by “X Elephant” group against scientific research institutions in china

1.Overview Recently, Antiy CERT (Security Research and Emergency Response Center) discovered during daily email monitoring that overseas APT attack organizations imitated the official organization of our “慧眼行动” and sent phishing emails to relevant scientific research institutions ……

Continue Reading

Analysis of the recent attack activities by the “SwimSnake” black-market group targeting finance personnel and e-commerce customer service

1.Overview Recently, Antiy CERT has detected a new round of phishing attacks by the “SwimSnake” black-market group (associated with the “Silver Fox” gang), targeting finance personnel and customer service representatives of small businesses on platforms such as Kuaishou, D……

Continue Reading

Analysis of LockBit Ransomware Samples and Considerations for Defense Against Targeted Ransomware

1.Overview Recently, there has been an incident involving a financial institution falling victim to a ransomware attack. Information from various sources indicates a close association with the LockBit ransomware attack group. The use of the term “close association” by the Antiy CERT i……

Continue Reading

PlayCrypt Analysis

1.Overview Recently, Antiy CERT has monitored an active trend of PLAY ransomware incidents. PLAY ransomware, also known as PlayCrypt, was developed and operated by Balloonfly[1] and was first discovered in June 2022. The ransomware is mainly spread through phishing emails and vulnerabilities, and……

Continue Reading

Monographic analysis report on the Natrix Group

1、Overview The Natrix Group has been active since the second half of 2022, launching a multitude of attack campaigns against domestic users. The Natrix Group spreads a wide variety of malware variants, rapidly updates its evasion techniques, frequently changes its infrastructure, and targets a w……

Continue Reading

Antiy Research Institute and Key Laboratory of Ministry of Education of Symbolic Computation and Knowledge Engineering, Jilin University Jointly Establish Joint Laboratory of Cyber Security Threat Knowledge Engineering

Antiy Research Institute and Key Laboratory of Ministry of Education of Symbolic Computation and Knowledge Engineering, Jilin University jointly establish Joint Laboratory of Cyber Security Threat Knowledge Engineering. Both sides will work together to promote the frontier research of knowledge en……

Continue Reading

Analysis of Cyberattacks against the National Bank of Malawi

1、Overview Recently, Antiy CERT (Computer Emergency Response Team) found a number of samples of phishing email attacks against the National Bank of Malawi during the relevant security incidents. The Republic of Malawi is a landlocked country in southeastern Africa with a land area of 118,000……

Continue Reading

Antiy Released Technical Analysis of Industrial Control Malware TRISIS

1、Overview In August 2017, Antiy listed TRISIS (also known as TRITON or HATMAN), a malware targeting industrial control system, as a threat that needs to be analyzed and focused based on comprehensive intelligence research and judgment, and named it "TRISIS". The malicious code w……

Continue Reading

Be Aware of New Variant of AgentTesla Commercial Keylogger

一、Overview Recently, Antiy CERT discovered a new variant of Agent Tesla commercial keylogger. Agent Tesla was originally a simple keylogger that recorded every keystroke of the user and sent it back to the attacker’s server. Since 2014, the developers have added more features to it, t……

Continue Reading

Be Aware of FlawedAmmyy Remote Control Trojan Spread by Spam

1、Overview Recently, Antiy CERT (Computer Emergency Response Team) discovered a new type of remote access Trojan when sorting out network security incidents. The Trojan/Win32.RA-based belongs to the "FlawedAmmyy" family and is a modified version of the remote control software Ammyy……

Continue Reading

“GreenSpot”Operations Grow For Many Years

1、Overview In the past few years, various APT attacks against China have been monitored, analyzed and tracked by Antiy Labs, disclosing the activities and toolsets of many APT groups, such as the “APT-TOCS” (http://www.antiy.com/response/APT-TOCS.html), “White Elephant”……

Continue Reading

DON’T BE PANIC WHEN YOU RECEIVE A SCAM EMAIL FROM “YOURSELF”

1、Overview      Antiy CERT has recently received feedback from customers who received scam emails from themselves, extorting bitcoin. Analysis on this event revealed that it was a new fraud since October.      Since the sender addres……

Continue Reading

Technical Analysis of Industrial Control Malware TRISIS

Technical Analysis of Industrial Control Malware TRISIS Antiy CERT 1、Overview In August 2017, based on comprehensive intelligence research and judgment, Antiy Computer Emergency Response Team (Antiy CERT) analyzed malware TRISIS (also known as TRITON, HATMAN) that targeted industrial control ……

Continue Reading

A Hidden Way of Malware on Android

A Hidden Way of Malware on Android Background In Android operation system, APK is the ZIP format file that contains several normal files and executable files. In a normal APK file, the compressed root directory includes a DEX executable file named classes.dex, and it may contain a shared object fi……

Continue Reading

Challenge Caused by DLL Hijacking Malware against Active Defense Technology

Challenge Caused by DLL Hijacking Malware against Active Defense Technology The malware, taking advantage of DLL to hijack vulnerabilities, which appeared in 2000 has began to make further use of normal signature software to confront active defense now. This method has become more and more popular……

Continue Reading

The Encoding Rules about Floating-point Instruction

The Encoding Rules about Floating-point Instruction Recently, we find that some samples call floating-point instruction when OPCODE extracting some samples. The existing disassemble machine has no support for the floating-point instruction, so the support needs to be added. However, we have some d……

Continue Reading

Processor Class A vulnerability Meltdown and Specter FAQ

Processor Class A vulnerability Meltdown and Specter FAQ After Antiy analyzed “Processor Class A vulnerability Meltdown and Specter Analysis Report”[2]on January 4 and January 5, some users have asked about the impact of the Class A vulnerability event Methods and how to detect the problem, thus i……

Continue Reading

“Meltdown” in the Eyes of a Hardware Security Engineer

“Meltdown” in the Eyes of a Hardware Security Engineer Download This article is written by Doctor Tbsoft of Antiy Micro–electronics and Embedded Technology R&D Center. Modern Computer Architecture and CPU Microarchitecture Modern computer architecture is basically based on von Neumann Archit……

Continue Reading

2017 GLOBAL BOTNET DDOS ATTACK THREAT REPORT

2017 Global botnet DDoS attack threat report Antiy Capture Wind Team & Telecom Yundi 1. Overview The report was jointly released by Antiy Honey net Capture Group and China Telecom DamDDoS. Based on monitoring data by ACS(Antiy Capture System) and Telecom DamDDoS, it mainly focuses on DDoS att……

Continue Reading

Update: Herds of Elephants Attacking over Everest

Update: Herds of Elephants Attacking over Everest Anity CERT Draft: 17:00 PM July 1, 2017 Published: 18:00 PM July 9, 2017 Updated: 16:00 PM Dec. 29, 2017   Abstract: Antiy publishes a reserve report, which analyzes the attacking background from multiple groups and ponders over the scientifi……

Continue Reading

COMPREHENSIVE ANALYTICAL REPORT ON THE MAJOR VULNERABILITY DISCOVERED IN WPA2 WI-FI SECURITY PROTOCOL

Comprehensive Analytical Report on the Major Vulnerability Discovered in WPA2 WI-FI Security Protocol     Download Draft: 22:08 PM October 17, 2017 Published: 12:00 PM October 23, 2017 Updated: 12:00 PM October 23, 2017  1          Overview October 15, Mathy Vanhoef, postdoctoral secu……

Continue Reading

IN-DEPTH ANALYSIS REPORT ON WANNACRY RANSOMWARE

IN-DEPTH ANALYSIS REPORT ON WANNACRY RANSOMWARE Antiy CERT Draft: May 13, 2017 05:38 Published: May 13, 2017 05:38 Updated: June 6, 2017 19:00 1          Overview May 12, 2017(8 p.m.), Antiy CERT found that a large scale of ransomware infection incidents broke out. As of May 13(11p.m.), the infe……

Continue Reading

Antiy Responses to Ransomware WannaCry FAQ 3

Antiy Responses to Ransomware WannaCry FAQ 3 Antiy CERT 1.Why WannaCry is named “魔窟” in Chinese? After the outbreak of WannaCry ransomware, there appears several version of Chinese name for the ransomware, such as “香菇”, “不哭”,but these names can not reflect the relat……

Continue Reading

Antiy Responses to Ransomware WannaCry FAQ 2

Antiy Responses to Ransomware WannaCry FAQ 2 Antiy CERT 1.I found that someone has said that the author of ransomware “Wannacry” apologized in a sudden and released the main decryption key that can decrypt encrypted documents on the Internet. Is this true? False. It is the main key of ransomware ……

Continue Reading

Antiy Responses to Ransomware WannaCry FAQ 1

Antiy Responses to Ransomware WannaCry FAQ  1 (Antiy CERT) This morning (May 13), Antiy released the report named as “Antiy takes emergency response to the global outbreak of ransomware WannaCry ”. Many customers have questions related to this event, so we put the high-frequency ones together in……

Continue Reading

New Ransomware Breaks Out Globally, Antiy Releases Emergency Analysis and Solutions

On May 12, 2017(Beijing time), the global outbreak of large-scale ransomware incident happened at about 8:00 p.m. According to BBC news, this kind of ransomware came out in many parts of the world today, the users must pay high ransom (like Bitcoin) for decrypting data; a number of hospitals in UK……

Continue Reading