#ESETresearch discovered and reported to @certcc a vulnerability that allows bypassing UEFI Secure Boot on most UEFI-based systems. This vulnerability, #CVE-2024-7344, was found in a UEFI app signed by Microsoft’s 3rd-party UEFI certificate. @smolar_m https://t.co/9P3HZ8JvgC 1/4

#ESETResearch is hiring a senior malware researcher for our 🇨🇦office. If you’d like to track some of the most impactful APTs/cybercrime campaigns, don’t wait and apply here 👇 https://t.co/YDZQeUH0nn 1/3

Based on our findings and those reported by governments and other security vendors, Microsoft Threat Intelligence assesses the Russian nation-state actor we track as Secret Blizzard has used the tools and infrastructure of at least 6 other threat actors during the past 7 years.

#ESETresearch reveals the first Linux UEFI bootkit, Bootkitty. It disables kernel signature verification and preloads two ELFs unknown during our analysis. Also discovered, a possibly related unsigned LKM – both were uploaded to VT early this month. https://t.co/CZW6Mfm6bK 1/5

#ESETresearch discovered an #exploit targeting Firefox and Windows zero days, used in the wild by Russia-aligned #RomCom. Browsing a specially crafted web page runs arbitrary code with the privileges of the user, compromising the PC. @dmnsch & R.Dumont https://t.co/qugbteKlcE 1/7

#ESET research has identified #Linux malware samples, one of which we named #WolfsBane and attribute with high confidence to #Gelsemium. This 🇨🇳 China-aligned APT group , active since 2014, has not previously been publicly reported to use Linux malware.

.@Volexity has published a blog post detailing variants of LIGHTSPY & DEEPDATA malware discovered in the summer of 2024, including exploitation of a vulnerability in FortiClient to extract credentials from memory. Read more here: https://t.co/mHBdbpIcdI #dfir #threatintel

After #OperationMagnus, the takedown of #RedLine Stealer and #META Stealer, #ESETresearch is publicly releasing our and Flare’s @flaresystems 2023 research into RedLine's backend, along with recent discoveries made based on data shared with us by the Dutch National Police:

#ESETresearch analyzed CloudScout, a previously undocumented toolset used by Evasive Panda against a government entity and a religious institution in Taiwan. Deployed by #MgBot, it steals browser cookies to access and retrieve data from cloud services. https://t.co/ChETmslOJv 1/4

#ESETresearch analyzed new Rust-based tools, MDeployer and MS4Killer, used for deploying #Embargo ransomware and discovered when investigating attacks targeting US companies in July 2024. https://t.co/TUIIah9j1e 1/6

#ESETresearch investigated two previously undocumented toolsets used by the #GoldenJackal APT group, both of which target air-gapped systems. https://t.co/oh9WPggwsQ 1/6

The winner of the 2024 Péter Szőr Award for the best technical security research is #ESETresearch and @marc_etienne_ for "Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain". More: https://t.co/R5yFdlTjqS #VB2024

Since mid-2023, the Sekoia #TDR team has investigated an infrastructure which controls compromised edge devices transformed into Operational Relay Boxes (#ORBs) used to support operations of multiple 🇨🇳 intrusion sets. Check out the full report ⤵️ https://t.co/2YVw3x3vJP

#ESETresearch has discovered a new China-aligned APT group, which we named #CeranaKeeper, conducting massive data exfiltration in Southeast Asia. Today, we are sharing our findings about CeranaKeeper at the @virusbtn #VB2024 conference in Dublin. https://t.co/VUiu7gW1F8 1/6

By analyzing thousands of samples, #ESETresearch has conducted a comprehensive technical analysis of the toolset the 🇷🇺Russia-aligned #Gamaredon #APTgroup used in 2022 and 2023 to spy on Ukraine🇺🇦 . https://t.co/Hc7ej57bO1 1/9

#ESETresearch dives into #CosmicBeetle’s activities over the last year, including its shift to custom ransomware deployment and the threat actor’s curious relationship with #LockBit and #RansomHub @SCrow357 https://t.co/911xKtKNbI 1/7

#ESETresearch has analyzed a single-click exploit for WPS Office for Windows being used in the wild by threat actor #APT-C-60. Analysis of the vendor’s silently released patch led to the discovery of another #vulnerability. 1/8 https://t.co/TgSgUroMm1

We are looking for a strategic threat intel analyst to join @ESETresearch. Interested in cyber-espionage and geopolitics? Apply! https://t.co/6I2tK39tsv

.@Volexity shares #threatintel on how #StormBamboo compromised an ISP to conduct DNS poisoning attacks on targeted organizations & abuse insecure HTTP software updates, delivering custom malware on both macOS + Windows. Read the full analysis: https://t.co/iqAH1PgVVz #dfir

We are looking for a strategic threat intel analyst to join @ESETresearch. Interested in cyber-espionage and geopolitics? Apply! https://t.co/6I2tK39tsv