Artemis is an open-source security vulnerability scanner developed by CERT PL. It is built to look for website misconfigurations and vulnerabilities on a large number of sites. It automatically prepares reports that can be sent to the affected institutions. Thanks to its modular architecture, it can be used to combine the results of various other tools in a single dashboard.

CERT Polska, Polish Military Counterintelligence Service (SKW), and external partners assess Russian Foreign Intelligence Service (SVR) cyber actors, also known as APT 29, the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard, are exploiting CVE-2023-42793 at a large scale.

XWorm is a multi-purpose malware family, commonly used as RAT. This post contains a detailed analysis and walk-through the reverse-engineering process.

When, what and why As a national CERT we analyse all kinds of incidents. Some of them involve widespread APT campaigns, othertimes we just focus on everyday threats. Recently we got notified about a new malspam campaign targeting Polish users and decided to investigate. It all started with this phishing …

From the beginning of August, CERT Polska, as the only institution in Poland and one of 7 CERTs in Europe, can assign CVE numbers, which are used to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

In late April we observed a malspam campaign delivering a previously unseen PowerShell malware. We decided to provide an overview of the campaign and some of the malware capabilities. We're also dubbing this malware family as "PowerDash" because of the "/dash" path on C2 server, used as a gateway for bots.

For the past two years we've been tinkering with a proof-of-concept decryptor for the Phobos family ransomware. It works, but is impractical to use for reasons we'll explain here. Consequently, we've been unable to use it to help a real-world victim so far. We've decided to publish our findings and tools, in hope that someone will find it useful, interesting or will continue our research. We will describe the vulnerability, and how we improved our decryptor computational complexity and performance to reach an almost practical implementation.

The Artemis vulnerability scanner is now open source! Artemis is a tool developed by the CERT Polska team and initiated by the KN Cyber science club of Warsaw University of Technology. The tool is built to find website misconfigurations and vulnerabilities on a large scale. Thanks to its modular architecture, it can combine the results of various other tools in a single place.

The New Year has brought more solutions to improve the security of the Polish Internet. One of them is Artemis, a tool developed by the CERT Polska team and initiated by the KN Cyber science club of Warsaw University of Technology. Artemis was designed to look for websites misconfigurations and vulnerabilities on a mass scale. We use it to verify infrastructure of entities for which, according to the National Cyber Security System Act, incident handling is coordinated by CSIRT NASK.

While working on our automatic configuration extractors, we came across a rather strange-looking Vidar sample. The decrypted strings included domain names of such organizations as the NATO Strategic Communications Centre of Excellence, Border Guard of Poland, Estonia and Latvia, and Ministry of the Interior of Lithuania. Automatically extracted strings from …