Choose your region and languages

Some content is only available in English

Didn't find your region or language?

Nokia Threat Intelligence Center

The Nokia Threat Intelligence Lab focuses on the behavior of malware network communications to develop detection rules that identify malware infections based on command-and-control communication and other network behavior. This approach enables the detection of malware in the service provider’s network and the detection rules developed form the foundation of Nokia’s network-based malware detection product suite.


Technology Research

The Coming of Age of IoT Botnets

June 2018

This whitepaper helps readers to understand the current challenges of securing IoT systems and implementing security controls:

  • Comprehensive review of vulnerabilities associated with them
  • Possible attacks against various components and the entire system
  • Review of the current trends in attacking IoT systems
  • Predictions regarding the evolution of security threats
  • Recommendations for securing IoT end-to-end solutions

Threat Research

Compromised websites serving up Crypto-miner

April 2018 — Malware

Nokia's Threat Intelligence Lab became aware of a new browser-based Monero crypto-currency miner, originally identified by its authors as RiceWithChicken, which was being served up by otherwise benign websites.

Meltdown and Spectre

January 2018 — Vulnerabilities

On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of security vulnerabilities — known as Meltdown and Spectre — that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.

Anatomy of an Android Banking Trojan

December 2017 — Malware

The report describes an observed Android phishing trojan in operation and communication to the command and control server. It describes detailed steps to identify the behavior and how to remove the malware from your devices.

Key Reinstallation Attacks (KRACK)

October 2017 — Vulnerabilities

Attackers can leverage this vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks, and eavesdrop on communication sent from a WPA2-enabled device.

BlueBorne Bluetooth vulnerability

September 2017 — Vulnerabilities

The vulnerabilities in the Bluetooth protocol could potentially impact an estimated 5.3 billion devices.

Petya/GoldenEye ransomware cyberattack broke out worldwide

June 2017 — Malware

Unlike WannaCry which encrypts files one by one, Petya is much more dangerous as it can damage the whole hard drive, and even stop you entering your system.

WannaCry, also known as WannaCrypt, has spread around the world

May 2017 — Malware

WannaCry is a form of ransomware, which is a subset of malware that encrypts files on computers and demands payment for the decryption key.

Gooligan is the next generation of the Ghost Push family of malware

December 2016 — Malware

More than 1 million Google accounts breached by Gooligan. The number continues to rise at an additional 13,000 breached devices each day.

Mirai is a self-propagating botnet virus

October 2016 — BotNet/DDoS

The source code for Mirai was made publicly available by the author after successful and well publicized internet infrastructure attacks.

Periodic reports