See all Nokia sites

Nokia Threat Intelligence Center

The Nokia Threat Intelligence Lab focuses on the behavior of malware network communications to develop detection rules that identify malware infections based on command-and-control communication and other network behavior. This approach enables the detection of malware in the service provider’s network and the detection rules developed form the foundation of Nokia’s network-based malware detection product suite.

Threat Research

Meltdown and Spectre

January 2018 — Vulnerabilities

On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of security vulnerabilities — known as Meltdown and Spectre — that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.

Anatomy of an Android Banking Trojan

December 2017 — Malware

The report describes an observed Android phishing trojan in operation and communication to the command and control server. It describes detailed steps to identify the behavior and how to remove the malware from your devices.

Key Reinstallation Attacks (KRACK)

October 2017 — Vulnerabilities

Attackers can leverage this vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device.

BlueBorne Bluetooth vulnerability

September 2017 — Vulnerabilities

The vulnerabilities in the Bluetooth protocol could potentially impact an estimated 5.3 billion devices.

Petya/GoldenEye ransomware cyberattack broke out worldwide

June 2017 — Malware

Unlike WannaCry which encrypts files one by one, Petya is much more dangerous as it can damage the whole hard drive, and even stop you entering your system.

WannaCry, also known as WannaCrypt, has spread around the world

May 2017 — Malware

WannaCry is a form of ransomware, which is a subset of malware that encrypts files on computers and demands payment for the decryption key.

Gooligan is the next generation of the Ghost Push family of malware

December 2016 — Malware

More than 1 million Google accounts breached by Gooligan. The number continues to rise at an additional 13,000 breached devices each day.

Mirai is a self-propagating botnet virus

October 2016 — BotNet/DDoS

The source code for Mirai was made publicly available by the author after successful and well publicized internet infrastructure attacks.

Periodic reports