CERT Polska has recently observed new samples of the “Joker” mobile malware. The applications are present in the Google Play Store and target Polish users, among others.

Protect organizations in your constituency from e-mail spoofing with our tool – mailgoose. In Poland it has already been used by over 25,000 users!

CERT Polska is observing a malicious e-mail campaign targeting Polish government institutions conducted by the APT28 group.

One of the key cybersecurity challenges in Europe is reducing reliance on threat intelligence from non-EU countries. The FETTA (Federated European Team for Threat Analysis) project aims to address this issue by creating a federated team that spans across borders, providing Cyber Threat Intelligence (CTI) products and tooling.

Artemis is an open-source security vulnerability scanner developed by CERT PL. It is built to look for website misconfigurations and vulnerabilities on a large number of sites. It automatically prepares reports that can be sent to the affected institutions. Thanks to its modular architecture, it can be used to combine the results of various other tools in a single dashboard.

CERT Polska, Polish Military Counterintelligence Service (SKW), and external partners assess Russian Foreign Intelligence Service (SVR) cyber actors, also known as APT 29, the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard, are exploiting CVE-2023-42793 at a large scale.

XWorm is a multi-purpose malware family, commonly used as RAT. This post contains a detailed analysis and walk-through the reverse-engineering process.

When, what and why As a national CERT we analyse all kinds of incidents. Some of them involve widespread APT campaigns, othertimes we just focus on everyday threats. Recently we got notified about a new malspam campaign targeting Polish users and decided to investigate. It all started with this phishing …

From the beginning of August, CERT Polska, as the only institution in Poland and one of 7 CERTs in Europe, can assign CVE numbers, which are used to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

In late April we observed a malspam campaign delivering a previously unseen PowerShell malware. We decided to provide an overview of the campaign and some of the malware capabilities. We're also dubbing this malware family as "PowerDash" because of the "/dash" path on C2 server, used as a gateway for bots.