Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - From Zero-Day Exploits To Rampant ‘Ransomware’: How Advanced Targeted Attacks Evolved In Q2, 2017
News & Analysis

From Zero-Day Exploits To Rampant ‘Ransomware’: How Advanced Targeted Attacks Evolved In Q2, 2017

ISBuzz TeamBy ISBuzz TeamAugust 10, 20173 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Microsoft Admits PaperCut Servers Used By LockBit and Cl0p Ransomware
Microsoft Admits PaperCut Servers Used By LockBit and Cl0p Ransomware
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

The second quarter of 2017 saw sophisticated threat actors unleash a wealth of new and enhanced malicious tools, including three zero-day exploits and two unprecedented attacks: WannaCry and ExPetr. Expert analysis of the last two suggests the code may have escaped into the wild before it was fully ready, an unusual situation for well-resourced attackers. These and other trends are covered in Kaspersky Lab’s latest quarterly threat intelligence summary.

The months from April to end June witnessed significant developments in targeted attacks by, among others, Russian-, English-, Korean-, and Chinese-speaking threat actors. These developments have far-reaching implications for business IT security: sophisticated malicious activity is happening continuously almost everywhere in the world, increasing the risk of companies and non-commercial organisations becoming collateral damage in cyber warfare. The allegedly nation-state backed WannaCry and ExPetr destructive epidemics, whose victims included many companies and organisation across the globe, became the first but most likely not the last example of the new, dangerous trend.

Highlights in Q2, 2017 include:

  • Three Windows zero-day exploits being used in-the-wild by the Russian-speaking Sofacy and Turla threat actors. Sofacy, also known as APT28 or FancyBear, deployed the exploits against a range of European targets, including governmental and political organisations. The threat actor was also observed trying out some experimental tools, most notably against a French political party member in advance of the French national elections.
  • Gray Lambert – Kaspersky Lab has analysedthe most advanced toolkit to date for the Lamberts group, a highly sophisticated and complex, English-speaking cyberespionage family. Two new related malware families were identified.
  • The WannaCry attack on 12 May and the ExPetr attack on 27 June.While very different in nature and targets, both were surprisingly ineffective as ‘ransomware’. For example, in the case of WannaCry, its rapid global spread and high profile put a spotlight on the attackers’ Bitcoin ransom account and made it hard for them to cash out. This suggests that the real aim of the WannaCry attack was data destruction. Kaspersky Lab’s experts discovered further ties between the Lazarus group and WannaCry. The pattern of destructive malware disguised as ransomware showed itself again in the ExPetr attack.
  • ExPetr, targeting organisations in the Ukraine, Russia and elsewhere in Europe also appeared to be ransomware but turned out to be purely destructive. The motive behind the ExPetr attacks remains a mystery. Kaspersky Lab’s experts have established a low confidence link to the threat actor known as Black Energy.

“We have long maintained the importance of truly global threat intelligence to aid defenders of sensitive and critical networks. We continue to witness the development of overzealous attackers with no regard for the health of the Internet and those in vital institutions and businesses who rely on it on a daily basis. As cyberespionage, sabotage, and crime run rampant, it’s all the more important for defenders to band together and share cutting-edge knowledge to better defend against all threats,” said Juan Andres Guerrero-Saade, Senior Security Researcher, Global Research and Analysis Team, Kaspersky Lab.

The Q2 APT Trends report summarises the findings of Kaspersky Lab’s subscriber-only threat intelligence reports. During the second quarter of 2017, Kaspersky Lab’s Global Research and Analysis Tam created 23 private reports for subscribers, with Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting.

For more information, please contact: [email protected]

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Exploited Faster, Patched Slower: Verizon DBIR 2026 Shows Security Teams Losing Ground

May 20, 20265 Mins Read

Security’s Blind Spot: The Threats Hiding in “Low-Severity” Alerts

May 6, 20265 Mins Read

Why OSINT deserves the same status as other intelligence disciplines

March 17, 20266 Mins Read
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}