CASSIDIAN CyberSecurity Blog

Investigation

Entries feed

2014/07/11

The Eye of the Tiger

Cyber espionage has been a hot topic through the last years. Computer attacks known as “APT” (Advanced Persistent Threat) have become widely reported and emphasized by the media, damages are now considered as real and strategic trends are moving in cyber defense.

Today, we decided to release publicly information on a specific group of APT attackers known as “Pitty Tiger”. This information comes directly from investigations led by our Threat Intelligence and enlights the activities of a structured organization working in the APT field.

You can get more information in our Whitepaper.

Continue reading...

2014/04/10

Bitcrypt 2 - Financial aspects

Some weeks ago, we have been blogging about a new ransomware called BitCrypt.

To sum it up shorty, we had found a new ransomware which encrypted all pictures on the machine it infected, and asked the user to pay a ransom to get the files back.

While we do not usually work on that kind of malware, preferring to dive into APT malware, we spent several hours on this one because of an indirect impact on a friend.

So we started reverse engineering the binary, and found a flaw in its encryption implementation, which we managed to break and get the encrypted files back.

During the following week, the decryption tool we released publicly helped some victims to successfully decrypt their images. That was before the BitCrypt author released a new version of his ransomware: Bitcrypt 2. We were curious enough to have a look on it.

Continue reading...