Labs Archive

MeteorExpress | Mysterious Wiper Paralyzes Iranian Trains with Epic Troll

In the midst of an epic troll on a country-wide railway system, we discovered a new threat actor and their reusable wiper called Meteor.

Asaf Amir / July 20, 2021

A high severity flaw in HP, Samsung and Xerox printer drivers has existed since 2005 and could lead to an escalation of privilege.

Idan Weizman / July 8, 2021

Conti’s rapid encryption speed is matched only by its rapid evolution. SentinelLabs’ deep dive explores its development in unprecedented detail.

Phil Stokes / July 1, 2021

TCC is meant to protect user data from unauthorized access, but design flaws mean users and malware can bypass TCC, even by accident.

Marco Figueroa / June 24, 2021

A widespread phishing campaign in operation since May is using a mix of old and new evasion tricks to drop IcedID malware.

Gootloader expands its scope to target military, pharmaceutical and energy sectors, operating on an Initial Access As a Service model.

Early fingerpointing at Western governments for a hack against the Russian government was misplaced. Our taxes didn’t pay for this one.

Nobelium – the new face of APT29 – deploys poisoned installers against Ukrainian government targets in a possible supply chain attack.

New threat actor Agrius engages in espionage and destructive attacks, masquerades as ransomware with custom backdoor, wiper and malware.

Marco Figueroa / May 20, 2021

This crypto mining campaign doesn’t use notable exploit components but leverages shell scripts to infect cloud containers and bypass AVs.