IronPython, darkly: how we uncovered an attack on government entities in Europe
Hunting for new and dangerous cyberthreats is the job of the Positive Technologies Expert Security Center (PT ESC). In early April 2019, PT ESC analysts detected a targeted attack on the Croatian...
View ArticleFinding Neutrino
In August 2018, PT Network Attack Discovery and our honeypots began to record mass scans of phpMyAdmin systems. Scans were accompanied by bruteforcing of 159 various web shells with the command...
View ArticleCase study: Searching for a vulnerability pattern in the Linux kernel
This short article describes the investigation of one funny Linux kernel vulnerability and my experience with Semmle QL and Coccinelle, which I used to search for similar bugs.The kernel bugSeveral...
View ArticleSustes malware updated to spread via vulnerability in Exim (CVE-2019-10149)
A new wave of attacks by the Sustes cryptominer is infecting computers via a June vulnerability in the Exim mail server. Starting on August 11, our PT Network Attack Discovery network sensors have...
View ArticlePositive Technologies Brings ‘Hackable City’ to Life in The Standoff...
Attackers and defenders to face off in digital metropolis security challenge featuring real-world critical infrastructure and technologies.Cybersecurity experts at Positive Technologies and Hack In The...
View ArticleStudying Donot Team
APT group called Donot Team (aka APT-C-35, SectorE02) has been active since at least 2012. The attackers hunt for confidential information and intellectual property. The hackers' targets include...
View ArticleMalware creators trying to avoid detection. Spy.GmFUToMitm as an example
Image credit UnsplashSpecialists from PT Expert Security Center found an interesting specimen of malware distributed in the Chinese segment of the Internet. Among other things, this malware is used for...
View ArticleTurkish tricks with worms, RATs… and a freelancer
The Positive Technologies Expert Security Center has detected a malicious campaign active since at least mid-January 2018. The operation most focused on users from Brazil, Germany, Hungary, Latvia, the...
View ArticleFileless ransomware FTCODE now steals credentials
In 2013, SophosLabs announced infections by a ransomware written in PowerShell. The attack targeted users from Russia. The ransomware encrypted files and renamed them with an extension .FTCODE, whence...
View ArticleIntel x86 Root of Trust: loss of trust
The scenario that Intel system architects, engineers, and security specialists perhaps feared most is now a reality. A vulnerability has been found in the ROM of the Intel Converged Security and...
View ArticleCVE-2019-18683: Exploiting a Linux kernel vulnerability in the V4L2 subsystem
This article discloses exploitation of CVE-2019-18683, which refers to multiple five-year-old race conditions in the V4L2 subsystem of the Linux kernel. I found and fixed them at the end of 2019. I...
View ArticleLinux kernel heap quarantine versus use-after-free exploits
It's 2020. Quarantines are everywhere – and here I'm writing about one, too. But this quarantine is of a different kind.In this article I'll describe the Linux Kernel Heap Quarantine that I developed...
View ArticleFour Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel
Author: Alexander Popov, Positive TechnologiesCVE-2021-26708 is assigned to five race condition bugs in the virtual socket implementation of the Linux kernel. I discovered and fixed them in January...
View ArticlePositive Technologies' official statement following U.S. sanctions
As a company, we deny the groundless accusations made by the U.S. Department of the Treasury. In the almost 20 years we have been operating there has been no evidence of the results of Positive...
View ArticleOpen letter to the research community
Dear all,In light of recent events, we have received many words of encouragement in comments on social media, through direct messages, and over the phone. We truly appreciate your support. It means a...
View ArticleHow to detect a cyberattack and prevent money theft
Money theft is one of the most important risks for any organization, regardless of its scope of activity. According to our data, 42% of cyberattacks on companies are committed to obtain direct...
View ArticleAPT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and...
Our pros at the PT Expert Security Center regularly spot emerging threats to information security and track the activity of hacker groups. During such monitoring in April 2021, a mailing list with...
View ArticlePHDays 10 IDS Bypass contest: writeup and solutions
For the second time, the IDS Bypass contest was held at the Positive Hack Days conference. Just like last time (see blog.ptsecurity.com/2019/07/ids-bypass-contest-at-phdays-writeup.html), the players...
View Article