In 2021, VirLab T&T Security conducted a lot of research on malicious campaigns and objects. We decided to sum up at the end of the year on the analyzed threats.

In June 2021, a new version of the ransomware appeared under the name Lockbit 2.0. Like the REvil ransomware, which was researched by T&T Security VirLab and described in the previous article, Lockbit 2.0 is distributed according to the Ransomware-as-a-service (RaaS) model.

In recent years, the Ransomware-as-a-service (RaaS) model has become widespread. This model is a malware ransomware subscription. Attackers gain access to the web admin panel and the ability to assemble malware for different operating systems...

The study of the threat landscape in Kazakhstan as part of the Threat Intelligence stage led T&T Security experts to an interesting family of malware, the so-called Razy. Often, attackers spread Razy using a watering hole attack. Of the cases we have analyzed, two deserve special attention, which were disseminated by the attack method at a watering hole through the e-government portal (egov.kz).

On March 24-25, 2021, three letters with a malicious attachment were sent from K.T ******** [@] jysanbank.kz email to various addresses. This document contains a malicious Excel sheet with a VBA macro.

On December 9, 2020, we were provided with a malware sample that is a zero-day threat. Analysis in the tLab system showed that the sample is spyware and is responsible for collecting confidential user (victim) data.

On October 13, 2020 KZ-CERT reported about the attack of Kazakhstanis with AveMaria malware. AveMaria is a Trojan used by cybercriminals to remotely access a user's computer and obtain sensitive data. AveMaria may contain malicious payload, depending on modification.

In December 2018, McAfee released a report on a large malware campaign targeting the financial, energy and other sectors of the economy, called Operation Sharpshooter. The North Korean APT group Lazarus is responsible for the numerous attacks.

On May 12, 2017, there was a massive attack by the WannaCry ransomware virus targeting almost all versions of MS Windows. As a result of the attack, more than 75,000 computers worldwide were infected. Including according to official data, computers in the Republic of Kazakhstan, represented by large companies, were attacked.

This article was prepared by the T & amp; T Security, T & amp; T RE Team {Arny, Cyberhunter, Griner} In 2014, Google removed malicious extensions for the Chrome browser from its online store for the first time. Since then, the trend of creating malicious apps or extensions for Chrome has...