Prevent. Detect. Mitigate.

Ahead of the Threat Curve

Blog

cve
CVE-2024-43451: A New Zero-Day Vulnerability Exploited in the wild

A new zero-day vulnerability, CVE-2024-43451, was discovered by ClearSky Cyber Security in June 2024. This vulnerability affects Windows systems and is being actively exploited in attacks against Ukrainian entities. The vulnerability activates URL files containing malicious code through seemingly innocuous actions: The malicious URL files were disguised as academic certificates and were initially observed being […]

Read more
dream job 2024
Iranian “Dream Job” Campaign 11.24

ClearSky Cyber Security research identified a campaign named “Iranian Dream Job campaign”, in which the Iranian threat actor TA455 targeted the aerospace industry by offering fake jobs.  The campaign distributed the SnailResin malware, which activates the SlugResin backdoor. ClearSky attributes both malware programs to a subgroup of Charming Kitten.  However, some cyber research companies detected […]

Read more
Doppelgänger NG | Russian Cyberwarfare campaign

ClearSky Cyber Security and SentinelLabs have discovered a new wave of Russian information warfare campaign named Doppelgänger NG. “Doppelgänger” (meaning spirit double, an exact but usually invisible replica) is a global information warfare campaign publishing false information on hundreds of fake websites and social media channels.Our research revealed that “Doppelgänger NG” is again fully operational […]

Read more
“Homeland Justice” targets Albanian organizations with “No-justice” wiper

This blog post will elaborate on “Homeland justice” group’s background and provide an in-depth analysis of the tools used in the current attack, including reverse engineering of the NACL executable – dubbed “No-Justice Wiper” Read the Full report: No-Justice Wiper

Read more
Fata Morgana: Watering hole attack on shipping and logistics websites

ClearSky Cyber Security has detected a watering hole attack on at least eight Israeli websites. The attack is highly likely to be orchestrated by a nation-state actor from Iran, with a low confidence specific attribution to Tortoiseshell (also called TA456 or Imperial Kitten). The Infected sites collect preliminary user information through a script. We have […]

Read more
Lyceum suicide drone

ClearSky discovered a new malware associated with the Iranian SiameseKitten (Lyceum) group withmedium-high confidence.The file is downloaded from a domain registered on June 6th, and it communicates with a previously unknown command and control server whose IP address is adjacent to that of the domain. This indicates an attacker-controlled at least two IP’s on the […]

Read more
EvilNominatus Ransomware

As part of our monitoring of malicious files in current use, we detected a malicious BAT file that was uploaded to VirusTotal from Iran. This file executes a ransomware that we associated with the EvilNominatus ransomware, initially exposed at the end of 2021. It seems that the ransomware’s developer is a young Iranian, who bragged […]

Read more
New Iranian Espionage Campaign By “Siamesekitten” – Lyceum

At the beginning of May 2021, we detected the first attack by Siamesekitten on an IT company in Israel. Siamesekitten (also named Lyceum/Hexane) is an Iranian APT group active in the Middle east and in Africa that is active in launching supply chain attacks. To this end Siamesekitten established a large infrastructure that enabled them […]

Read more

Clients say about us