#ESETResearch is releasing Nimfilt, an #IDAPro plugin to help reverse engineering #Nim malware – a language increasingly used by both the red-teaming community, and malware developers. Nimfilt demystifies Nim's custom mangling scheme. github.com/eset/nimfilt Barberousse @[email protected]
1/3

Our latest report on a CN #APT targeting tens of governments entities worldwide has been published 🥳 After monitoring it for a long time we realized it is likely related to the recent I-Soon company leaks. It discusses their TTPs and provides lots of IOCs trendmicro.com/en_us/research…

#ESETresearch has discovered a new campaign by 🇨🇳China-aligned #APT #EvasivePanda , leveraging the Monlam Festival to target Tibetans. The campaign included a targeted watering hole, compromised news website, and an additional supply-chain attack ... welivesecurity.com/en/eset-resear… 1/7

If you are a threat intelligence/security researcher and you are looking for the fully translated: github.com/I-S00N/I-S00N dump.

@lys and I translated it all here: drive.proton.me/urls/C7GAHF5YB…

I've been attending NorthSec and participating in the CTF since 2018. For the first time this year, I'm also presenting! 🎉
I'll be talking about #ReverseEngineering #Nim , a language I was only vaguely aware of a year ago.
nsec.io/session/2024-r…

These relationships, technical indicators, and related public reporting from Trend Micro Research Recorded Future and others, drew many links to i-Soon, and painted a picture of them as one of the most pervasive, capable China-based actors in recent history.

#BREAKING #ESETresearch discovered Operation Texonto, a disinformation campaign intended to demoralize Ukrainians. We detected two spam waves: November and late December 2023. The emails warn about drug or food shortages, or suggest amputating a limb to avoid military. 🇺🇦🇷🇺 1/5

#threatintel
someone just leaked a bunch of internal Chinese government documents on GitHub
github.com/I-S00N/I-S00N/

#ESETresearch aided in an operation to disrupt #Grandoreiro , a banking trojan targeting the general public in 🇧🇷, 🇲🇽, 🇪🇸 and 🇦🇷. ESET provided technical analysis, stats, and C&C addresses. welivesecurity.com/en/eset-resear… 1/4

#ESETresearch has discovered a China-aligned APT group, which we named #Blackwood , that leverages adversary-in-the-middle (AitM) to deliver the NSPX30 implant via software updates. NSPX30 is a sophisticated implant evolving since at least 2005. facundo Mz welivesecurity.com/en/eset-resear… 1/6

🚨 Unveiling #Blackwood : A China-aligned APT group delivering the NSPX30 implant via adversary-in-the-middle attacks since 2005. Learn how this sophisticated threat is delivered through software updates and its impact on targeted individuals and companies.

#ProgressProtected

ESET Threat Report H2 2023: the 2nd half of 2023 saw various incidents, such as Cl0p’s MOVEit hack, the abuse of the word ChatGPT in malicious domains, and the demise of the Mozi botnet. Learn about the threat landscape in the report, out now web-assets.esetstatic.com/wls/en/papers/… #ESETresearch

Are you a cool hacker? ✨Look at you; of course you are! 😏Present your most recent findings, or come talk to us about your expertise at NorthSec 2024! The call for papers is now online ✨😽
nsec.io/cfp/

Es-tu un cool hacker professionnel? ✨Bien sûr que oui! 😏Viens donc nous jaser de tes recherches les plus récentes ou de ton expertise à notre édition de NorthSec 2024! Le call for papers est maintenant en ligne ✨😽
nsec.io/cfp/

#ESETresearch warns about malicious Python packages in the official @PyPI repository that target Windows and Linux. This cluster shares metadata or has similar payloads, and seems different from the one we reported in May: x.com/esetresearch/s…. Marc-Etienne M.Léveillé 1/6

I'm happy to announce I will be presenting at #JSAC2024 our latest work at ESET research, titled:

NSPX30: a sophisticated AitM-enabled implant evolving since 2005

You can read more about it here: jsac.jpcert.or.jp/timetable.html

'quand Internet est cassé, c'est souvent chez les mêmes [...] Celles et ceux qui tentent de résister à l'effacement, celles et ceux dont la voix nous parvient, faiblarde et distordue, entre deux glitchs, comme à travers une radio pirate.' - Merci Thibault Prévost pour cette chronique

#ESETResearch discovered a zero-day XSS vulnerability ( #CVE -2023-5631) in Roundcube Webmail servers. It is actively used in the wild by #WinterVivern to target governments and a think tank in Europe. The exploit was contained in a legitimate-looking email about Outlook. 1/4

Enfant, j'écoute pour la première fois Hubert Reeves nous conter l'univers lors de la Nuit des étoiles. Une révélation qui changera le cours de ma vie, je décide que quand je serai grand je serai astrophysicien. Que la terre vous soit légère M. Reeves, merci pour tout.

Certains livres ont une puissance destinale : la lecture à dix-sept ans de « Patience dans l’Azur » a changé le cours de mon existence. Plus tard, Hubert Reeves, maître pédagogue, est devenu un ami.
Sa vie se prolonge désormais hors d’elle-même. Qu’il repose en paix.