For several very weak RC4 variants, we demonstrate cool and unusual attacks that barely rely on statistics or care about key length, and instead serve as a motivating introduction to basic number theory and permutation groups. | Continue reading
Introduction You’ve probably heard of the Conti ransomware group. After their 2020 emergence, they’ve accumulated at least 700 victims, where by “victims” we mean ‘big fish’ corporations with millions of dollars in revenue; unlike your average neighborhood ransomware operation, C … | Continue reading
In the past few months, a new wave of cyberattacks has been flooding Iran. These attacks are far from minor website defacements – the recent wave is hitting national infrastructure and causing major disruptions to public services. This article provides an in-depth technical analy … | Continue reading
Research By: Slava Makkaveev Introduction Taiwan’s MediaTek has been the global smartphone chip leader since Q3 2020. MediaTek Systems on a chip (SoCs) are embedded in approximately 37% of all smartphones and IoT devices in the world, including high-end phones from Xiaomi, Oppo, … | Continue reading
Gaining code execution using a malicious SQLite database Research By: Omer Gull tl;dr SQLite is one of the most deployed software in the world. However, from a security perspective, it has only been examined through the lens of WebSQL and browser exploitation. We believe that thi … | Continue reading
Check Point Research reveals that a threat actor named Indra is responsible for the attacks against targets in Iran, as well as against companies in Syria. | Continue reading
Research By: Slava Makkaveev Introduction Since 2007, Amazon has sold tens of millions of Kindles, which is impressive. But this also means that tens of millions of people could have potentially been hacked through a software bug in those same Kindles. Their devices could be turn … | Continue reading
Research by: Ben Herzog It’s possible to write any program in any programming language; that’s what Turing completeness means. Therefore, it’s possible to write malware in any language, too. But in both cases, what’s possible isn’t always feasible. Performance issues, compatibi … | Continue reading
Introduction .wp-block-table td { font-family: monospace; padding-right: 5px } .wp-caption .wp-caption-text { text-align: center; } .wp-block-image .aligncenter>figcaption { text-align: center; } img { border: 1px solid #b4d3d9; } Check Point research recently discovered an ongoi … | Continue reading
Research By: Dikla Barda, Yaara Shriki, Roman Zaikin and Oded Vanunu Background With more than 130,000 customers globally, and millions of users, the Australian 2002 founded company “Atlassian” develops products for software developers, project managers and other software related … | Continue reading
Introduction Check Point Research identified an ongoing surveillance operation targeting a Southeast Asian government. The attackers use spear-phishing to gain initial access and leverage old Microsoft Office vulnerabilities together with the chain of in-memory loaders to attempt … | Continue reading
Introduction During the past year, Check Point Research (CPR), in cooperation with Kaspersky’s GReAT, have been tracking an ongoing attack targeting a small group of Uyghur individuals located in Xinjiang and Pakistan. Considerable effort was put into disguising the payloads, whe … | Continue reading
Research by: Aviran Hazum, Aviad Danin, Bogdan Melnykov, Dana Tsymberg and Israel Wernik, Intro Modern cloud-based solutions have become a standard in the mobile application development world. Services such as cloud-based storage, real-time databases, notification management, ana … | Continue reading
Research By: Slava Makkaveev Introduction Mobile Station Modem (MSM) is an ongoing series of a 2G/3G/4G/5G-capable system on chips (SoC) designed by Qualcomm starting in the early 1990s. MSM has always been and will be a popular target for security research because hackers want t … | Continue reading
Research by: Eyal Itkin and Itay Cohen There is a theory which states that if anyone will ever manage to steal and use nation-grade cyber tools, any network would become untrusted, and the world would become a very dangerous place to live in. There is another theory which states … | Continue reading
Research by: Eyal Itkin Overview The beautiful thing about video games is that there’s something for everyone. You can play as a 19-year-old Canadian redhead trying to climb a difficult mountain; or as an insurance inspector sent to decipher the fate of a doomed merchant ship; or … | Continue reading
Research by: Aviran Hazum, Jonathan Shimonovich Overview: A new vulnerability for the Google Play Core Library was published in late August, which allows Local-Code-Execution (LCE) within the scope of any application that has the vulnerable version of the Google Play Core Library … | Continue reading
Just like programmers leave their fingerprints in their code, so do exploit developers. We were able to apply the same techniques used to track malware authors and APT groups to draw a digital composite sketch of 2 prominant exploit writers. | Continue reading
Research by: Eyal Itkin Background Everyone is familiar with the concept of IoT, the Internet of Things, but how many have heard of smart lightbulbs? You can control the light in your house, and even calibrate the color of each lightbulb, just by using a mobile app or your digita … | Continue reading
Research by: Sagi Tzadik Introduction DNS, which is often described as the “phonebook of the internet”, is a network protocol for translating human-friendly computer hostnames into IP addresses. Because it is such a core component of the internet, there are many solutions and imp … | Continue reading
Research by: Sagi Tzadik Introduction DNS, which is often described as the “phonebook of the internet”, is a network protocol for translating human-friendly computer hostnames into IP addresses. Because it is such a core component of the internet, there are many solutions and imp … | Continue reading
Introduction Over the last few years, the adoption of Office 365 in the corporate sector has significantly increased. Its popularity has attracted the attention of cybercriminals who launch phishing campaigns specifically to attack the platform. As 90% of cyber-attacks start with … | Continue reading
Research by: Eyal Itkin Overview One of our goals for every research project we work on in Check Point Research is to get an intimate understanding of how software work: What components do they contain? Are they vulnerable? How can attackers exploit these vulnerabilities? And mor … | Continue reading
In mid-2017, The Shadow Brokers exposed NSA files in a leak known as "Lost In Translation".Recently, researcher uncovered "Nazar", a previously-unknown APT that was mentioned in the leak.We decided to dive into each and every one of the components and share our technical analysis … | Continue reading
Overview Predator the Thief is a sophisticated malicious stealer which has been on the scene for around one and a half years. What started as coding experiments in malware development later evolved into a full-fledged menace to be reckoned with. Current versions of Predator use v … | Continue reading
Introduction Check Point Research discovered a new campaign against the Mongolian public sector, which takes advantage of the current Coronavirus scare, in order to deliver a previously unknown malware implant to the target. A closer look at this campaign allowed us to tie it to … | Continue reading
Ronen Shustin Cloud Attack Part I Motivation Cloud security is like voodoo. Clients blindly trust the cloud providers and the security they provide. If we look at popular cloud vulnerabilities, we see that most of them focus on the security of the client’s applications (aka misco … | Continue reading
Research by Ronen Shustin Cloud Attack Part II In the previous part we talked about the Azure Stack architecture and mentioned that it can be extended with features that are not part of its core. Using the ability to research cloud components offline, we took this opportunity to … | Continue reading
Alexander Chailytko Cyber Security, Research & Innovation Manager In this publication we describe a technique which would have allowed a threat actor to potentially identify and join active meetings. All the details discussed in this publication were responsibly disclosed to Zoom … | Continue reading
Researchers: Alon Boxiner, Eran Vaknin, Alexey Volodin, Dikla Barda, Roman Zaikin December 2019 Available in over 150 markets, used in 75 languages globally, and with over 1 billion users, TikTok has definitely cracked the code to the term “popularity” across the globe. As of O … | Continue reading
Earlier this year, Check Point researchers identified a targeted and extensive attack against Southeast Asian government entities over the span of 7 months. The attackers, which we believe are members of the Rancor threat group, used classic spear-phishing to reach their victims, … | Continue reading
For the first time, thousands of Russian APT samples were gathered, classified and analyzed in order to map connections between different cyber espionage organizations in Russia. | Continue reading
Research By: Mark Lechtik & Nadav Grossman Introduction Earlier this year, our colleagues at Symantec uncovered an interesting story about the use of Equation group exploitation tools by an alleged Chinese group named Buckeye (a.k.a APT3, or UPS team). One of the key findings i … | Continue reading
Gaining code execution using a malicious SQLite database Research By: Omer Gull tl;dr SQLite is one of the most deployed software in the world. However, from a security perspective, it has only been examined through the lens of WebSQL and browser exploitation. We believe that thi … | Continue reading
Research by: Eyal Itkin TL;DR Cameras. We take them to every important life event, we bring them on our vacations, and we store them in a protective case to keep them safe during transit. Cameras are more than just a tool or toy; we entrust them with our very memories, and so the … | Continue reading
Research by: Eyal Itkin Overview Earlier this year, we published our research on the Reverse RDP Attack. In our previous blog post, we described how we found numerous critical vulnerabilities in popular Remote Desktop Protocol (RDP) clients. However, our research didn’t just end … | Continue reading
Research by: Ben Herzog Introduction When some people hear “Cryptography”, they think of their Wifi password, of the little green lock icon next to the address of their favorite website, and of the difficulty they’d face trying to snoop in other people’s email. Others may recall … | Continue reading
Research by: Aviran Hazum, Feixiang He, Inbal Marom, Bogdan Melnykov, Andrey Polkovnichenko Check Point Researchers recently discovered a new variant of mobile malware that quietly infected around 25 million devices, while the user remains completely unaware. Disguised as Goo … | Continue reading
Earlier today the Financial Times published that there is a critical vulnerability in the popular WhatsApp messaging application and that it is actively being used to inject spyware into victims phones. According to the report, attackers only need to issue specially crafted VoI … | Continue reading
Research by: Itay Cohen The Ocean Lotus group, also known as APT32, is a threat actor which has been known to target East Asian countries such as Vietnam, Laos and the Philippines. The group strongly focuses on Vietnam, especially private sector companies that are investing in a … | Continue reading
Research by: Avigayil Mechtinger, Andrey Polkovnichenko Summary: Checkpoint’s researchers, with the help of Craig Silverman at BuzzFeed, have uncovered a series of applications conducting fraudulent activities against Ad Agencies. Craig Silverman reached out to Check Point with t … | Continue reading
Research by: Avigayil Mechtinger, Andrey Polkovnichenko Summary: Checkpoint’s researchers, with the help of Craig Silverman at BuzzFeed, have uncovered a series of applications conducting fraudulent activities against Ad Agencies. Craig Silverman reached out to Check Point with t … | Continue reading
Research by: Eyal Itkin Introduction “Karta” (Russian for “map”) is a source code assisted binary matching plugin for IDA. The plugin was developed to match symbols for an open source library in a very large binary, usually a firmware file. For those who deal daily with firmwar … | Continue reading
Research by: Eyal Itkin Overview Used by thousands of IT professionals and security researchers worldwide, the Remote Desktop Protocol (RDP) is usually considered a safe and trustworthy application to connect to remote computers. Whether it is used to help those working remotely … | Continue reading
A Fuzzing Drill Hits the Motherlode Research By: Yoav Alon, Netanel Ben-Simon Introduction The year 2017 was an inflection point in the vulnerability landscape. The number of new vulnerabilities reported that year was around 14,000, which is over twice the number from the year be … | Continue reading
When it comes to ransomware attacks, there is nothing a company hates more than paying the demanded ransom. It is an unexpected fine often caused by a tiny, yet crucial mistake – an unpatched device, an out-of-date product or an innocent human error. It may harm the reputation of … | Continue reading
The Story of An Innovative Banking Malware Research By: Itay Cohen Introduction The BackSwap banker has been in the spotlight recently due to its unique and innovative techniques to steal money from victims while staying under the radar and remaining undetected. This malware was … | Continue reading
Research by: Ido Solomon and Adi Ikan Crypto-Mining attacks have grown and evolved in 2018. Due to the rise in value and popularity of crypto currencies, hackers are increasingly motivated to exploit the CPU power of their victims’ machines for crypto-mining operations. Throughou … | Continue reading