Check Point Research

Introduction DLL Hijacking — a technique for forcing legitimate applications to run malicious code — has been in use for about a decade at least. In this write-up we give a short introduction to the technique of DLL Hijacking, followed by a digest of several dozen documented uses of that technique over the past decade […]

The post 10 Years of DLL Hijacking, and What We Can Do to Prevent 10 More appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 23rd September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Medusa ransomware gang has claimed responsibility for an attack on the Providence Public School District (PPSD) in Rhode Island. The school district is still grappling with ongoing internet outages since September 11, […]

The post 23rd September – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 16th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Port of Seattle has confirmed that the Rhysida ransomware group was responsible for a cyberattack in August 2024, which affected its critical systems, including Seattle-Tacoma International Airport. The ransomware attack caused […]

The post 16th September – Threat Intelligence Report appeared first on Check Point Research.

Key Findings Introduction Check Point Research (CPR) has been closely monitoring a campaign targeting the Iraqi government over the past few months. This campaign features a custom toolset and infrastructure for specific targets and uses a combination of techniques commonly associated with Iranian threat actors operating in the region. The toolset used in this targeted […]

The post Targeted Iranian Attacks Against Iraqi Government Infrastructure appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 9th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The German air traffic control agency, Deutsche Flugsicherung, has confirmed a cyberattack that impacted its administrative IT infrastructure. The extent of data accessed is still under investigation, and flight operations remained unaffected. […]

The post 9th September – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 26th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES California-based Patelco Credit Union has confirmed a data breach following a ransomware attack resulted in the exposure of sensitive personal information belongs to 726K clients and employees. The compromised data includes names, […]

The post 2nd September – Threat Intelligence Report appeared first on Check Point Research.

In the grand scheme of cybersecurity, the design issue in Foxit PDF Reader was really very minor. But it revealed a much larger and more impactful phenomenon that we’ll probably have to deal with for as long as there are computers around: the instinct to click ‘Ok’.

The post The Danger in Clicking ‘OK’ appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 26th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Halliburton, a leading U.S. oilfield services firm, was hit by a cyberattack that forced the company to take certain systems offline to contain the breach. Hackers gained access to some of the […]

The post 26th August – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 19th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The campaign of United States presidential nominee Donald Trump has had its internal communications hacked and leaked, allegedly by an Iranian threat actor. This aligns with Microsoft’s previous identification of a related […]

The post 19th August – Threat Intelligence Report appeared first on Check Point Research.

Key takeaways Introduction In the shadowy world of cybercrime, even the most cunning hackers can make blunders that expose their operations.  In this article CPR describes the discovery of Styx Stealer, a new malware variant derived from the notorious Phemedrone Stealer. Our investigation revealed critical missteps by the developer of Styx Stealer, including a significant […]

The post Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove appeared first on Check Point Research.

Executive Summary Research by Erez Goldberg Server-Side Template Injection (SSTI) vulnerabilities refer to weaknesses in web applications which attackers can exploit to inject malicious code into server-side templates. This allows them to execute arbitrary commands on the server, potentially leading to unauthorized data access, server compromise, or exploitation of additional vulnerabilities. Recently, SSTI vulnerabilities are […]

The post Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 12th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Financial data systems of The Grand Palais which hosts Olympic events in France, were targeted by an undisclosed ransomware group. As part of the attack, also the financial systems of around 40 […]

The post 12th August – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 5th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American blood donation center OneBlood has been a victim of a ransomware attack that caused disruption to its software system, affecting operations across more than 350 hospitals in Florida, Georgia, and the […]

The post 5th August – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 29th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Superior Court of Los Angeles was forced to shut down its network following a ransomware attack. The court, the largest in the United States, has closed all of its 36 courthouse […]

The post 29th July – Threat Intelligence Report appeared first on Check Point Research.

Research by: hasherezade Highlights: Introduction Process injection is one of the important techniques used by attackers. We can find its variants implemented in almost every malware. It serves purposes such as: Due to the fact that interference in the memory of a process by malicious modules can cause a lot of damage, all sorts of AV […]

The post Thread Name-Calling – using Thread Name for offense appeared first on Check Point Research.

Research by: Antonis Terefos (@Tera0017) Key Points Introduction Threat actors continually evolve their tactics to stay ahead of detection. Traditional methods of malware distribution via emails containing malicious attachments are heavily monitored, and the general public has become more aware of these tactics. Recently, Check Point Research observed threat actors using GitHub to achieve initial […]

The post Stargazers Ghost Network appeared first on Check Point Research.

Research by Dikla Barda, Roman Ziakin and Oded Vanunu Check Point’s Threat Intel blockchain system identified and alerted that in recent times, fraudsters have evolved to become increasingly sophisticated, exploiting legitimate blockchain protocols to conduct their scams. The Uniswap Protocol, launched in 2018, is the largest and most popular decentralized exchange for swapping cryptocurrency tokens […]

The post Unveiling the Scam: How Fraudsters Abuse Legitimate Blockchain Protocols to Steal Your Cryptocurrency Wallet appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 22nd July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American Bassett Furniture Industries has been a victim of a ransomware attack that resulted in the encryption of data files and the shutdown of its manufacturing facilities. The attack has significantly disrupted […]

The post 22nd July – Threat Intelligence Report appeared first on Check Point Research.

For the latest discoveries in cyber research for the week of 15th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American telecom giant AT&T has disclosed a massive data breach that exposed personal information of 110M of its customers. The data was stolen from the company’s workspace on a third-party cloud platform, […]

The post 15th July – Threat Intelligence Report appeared first on Check Point Research.

Key Findings Introduction MuddyWater, an Iranian threat group affiliated with the Ministry of Intelligence and Security (MOIS), is known to be active since at least 2017. During the last year, MuddyWater engaged in widespread phishing campaigns targeting the Middle East, with a particular focus on Israel. Since October 2023, the actors’ activities have increased significantly. Their methods […]

The post New BugSleep Backdoor Deployed in Recent MuddyWater Campaigns appeared first on Check Point Research.