Threat Insight

Cybersecurity research and commentary on malware, user actions, and other threats to information security
October 06, 2017

Kovter Group malvertising campaign exposes millions to potential malware and fraud

Kafeine and Proofpoint Staff

Proofpoint researchers describe recent malvertising activity by the so-called “KovCoreG group” impacting several high-ranking websites.

September 27, 2017

Threat Actor Profile: TA505, From Dridex to GlobeImposter

Proofpoint Staff

Proofpoint researchers detail the malware and notable campaigns associated with one of the most prolific threat actors: TA505.

September 21, 2017

Retefe banking Trojan leverages EternalBlue exploit in Swiss campaigns

Proofpoint Staff

Proofpoint researchers track versions of the Retefe banking Trojan that use the now infamous EternalBlue exploit to move within networks after initial infections.

September 18, 2017

German elections are on September 24, but spammers have already cast their votes

Proofpoint Staff

As with other recent high-profile elections, Proofpoint researchers have observed a direct correlation among spam volumes, major events, and opinion polls in the German national election.

August 25, 2017

Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures

Darien Huss and Matthew Mesa

Proofpoint researchers track a new campaign by a Chinese APT actor using the promise of leaked Game of Thrones content in lures delivering a well-known RAT.

August 24, 2017

Defray - New Ransomware Targeting Education and Healthcare Verticals

Proofpoint Staff

Proofpoint researchers detail a new ransomware strain called Defray after it is used in small, targeted attacks on healthcare, education, and manufacturing organizations.

August 17, 2017

Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack

Darien Huss

Proofpoint researchers detail new droppers and updated functionality in what appears to be a G20-targeted attack by the Turla APT actor.

August 14, 2017

Threat actor goes on a Chrome extension hijacking spree


Proofpoint researchers track a number of Chrome extensions compromised for stealing credentials and hijacking web traffic.

August 10, 2017

Q2 Threat Report: High-volume malicious email campaigns, “ransomworms” make for eventful spring

Proofpoint Staff

Proofpoint researchers track the trends that shaped the threat landscape in the second quarter of 2017.

July 31, 2017

FIN7/Carbanak threat actor unleashes Bateleur JScript backdoor

Matthew Mesa, Darien Huss

Proofpoint researchers track changes to macros and a new Jscript backdoor being used by the FIN7 threat actor.