#ESETResearch analyze first in-the-wild UEFI bootkit bypassing UEFI Secure Boot even on fully updated Windows 11 systems. Its functionality indicates it is the #BlackLotus UEFI bootkit, for sale on hacking forums since at least Oct 6, 2022. welivesecurity.com/2023/03/01/bla… 1/11

Great research by my colleagues from #ESETResearch on the #BlackLotus UEFI bootkit. Definitely worth reading. https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/

This is kind of a free-form interview and discussion I conducted with my friend and colleague at ESET, Specialized Security Researcher Cameron Camp: https://www.welivesecurity.com/2023/02/07/into-void-tech-security-digital-darkness/

Now, if you are accustomed to Cameron and I presenting information in a certain fashion, how this looks and sounds is going to be quite a bit different than the types of research we have previously shared. What we were trying to do here was have a free-flowing discussion on the topic and, well, the result is both this report and the accompanying podcast.

Coming up with the formats for these was a bit an experiment for us, and I'm hoping we get some feedback on whether or not people like it and want us to have more discussions this way in the future.

#ESETresearch #report #podcast

China-aligned 🇨🇳 groups, specifically Goblin Panda, started duplicating Mustang Panda's interest in European countries. Iran-aligned 🇮🇷 groups continued to operate at a high volume. Full report ➡️ https://www.welivesecurity.com/wp-content/uploads/2023/01/eset_apt_activity_report_t32022.pdf #ESETresearch 4/4

#ESETResearch released its latest APT Activity Report, covering the period from September until the end of December 2022 (T3 2022). Take a look ➡ https://www.welivesecurity.com/wp-content/uploads/2023/01/eset_apt_activity_report_t32022.pdf 1/4

RT @ESETresearch@twitter.com

#BREAKING On January 25th #ESETResearch discovered a new cyberattack in 🇺🇦 Ukraine. Attackers deployed a new wiper we named #SwiftSlicer using Active Directory Group Policy. The #SwiftSlicer wiper is written in Go programing language. We attribute this attack to #Sandworm. 1/3

🐦🔗: https://twitter.com/ESETresearch/status/1618960022150729728

#ESETResearch releases IPyIDA 2.0, a plugin for IDA Pro that integrates IPython for a better console. Learn about all the new features on Hex-Rays’ blog at https://hex-rays.com/blog/plugin-focus-ipyida/ or read the tl;dr down here 👇 @marcetienne 1/5

On Nov 21st #ESETResearch detected and alerted @_CERT_UA of a wave of ransomware we named #RansomBoggs, deployed in multiple organizations in Ukraine🇺🇦. While the malware written in .NET is new, its deployment is similar to previous attacks attributed to #Sandworm. 1/9

Hey Mastodon! We recently published our APT threat report, looking back at the past few months of threat actor activities monitored by #ESETresearch. Check it out https://www.welivesecurity.com/wp-content/uploads/2022/11/eset_apt_activity_report_t22022.pdf

#ESETResearch discovered that #LuckyMouse/#APT27 used a code-signing certificate belonging to VMPsoft, the developer of the VMProtect packer.
The signed file is a loader for the SysUpdate backdoor (aka Soldier).
We notified VMPSoft of this compromise 1/4
https://virustotal.com/gui/file/a8527a88fb9a48f043a0b762c7431fb52e601b72ff2fa0d35327e5cc72404edc

RT @ESETresearch@twitter.com

#ESETResearch discovered that #LuckyMouse/#APT27 used a code-signing certificate belonging to VMPsoft, the developer of the VMProtect packer. The signed file is a loader for the SysUpdate backdoor (aka Soldier). We notified VMPSoft of this compromise 1/4
https://www.virustotal.com/gui/file/a8527a88fb9a48f043a0b762c7431fb52e601b72ff2fa0d35327e5cc72404edc

Today @ESETresearch introduced their brand new APT Activity Report: an overview of the latest activities of selected APT groups analyzed by #ESETresearch. T2 2022 saw no decline in APT activity, with aerospace and defense industries among the targets. Read more in the report: https://welivesecurity.com/wp-content/uploads/2022/11/eset_apt_activity_report_t22022.pdf

The detailed white paper is available here:
https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf …
As usual, the Indicators of Compromise and a @MISPProject event are available on our GitHub repository:
https://github.com/eset/malware-ioc/tree/master/turla#turla-comrat-v4-indicators-of-compromise … #ESETresearch 4/4

#ESETresearch - Banking trojan disguised as “Coronavirus Map” app targets Spanish #Android users .
It claims to be on #GooglePlay, but isn't.
If any #COVID19 related app requests Accessibility Services, we advise not to install, it’s most likely malicious. @LukasStefankopic.twitter.com/OLgxUCqadE

#ESETresearch ALERT: #COVID19 #Android #Ransomware: If you installed malicious Coronavirus Tracker app that locked your smartphone and requested ransom, use "4865083501" code to unlock it. Key is hardcoded. @LukasStefanko Details:
https://www.domaintools.com/resources/blog/covidlock-mobile-coronavirus-tracking-app-coughs-up-ransomware …pic.twitter.com/ojkRkGznPN