From the beginning of 2019 until July, we have been able to identify different spear-phishing campaigns related to Cloud Atlas mostly focused on Russia, Central Asia and regions of Ukraine with ongoing military conflicts. Read Full Article
APT trends report Q2 2019
The quarterly summaries of APT activity are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private reports. This is our latest installment, focusing on activities that we observed during Q2 2019. Read Full Article
Turla renews its arsenal with Topinambour
2019 has seen the Turla actor actively renew its arsenal. Its developers are still using a familiar coding style, but they’re creating new tools. Here we’ll tell you about several of them, namely “Topinambour” and its related modules. Read Full Article
‘Twas the night before
Recently, the United States Cyber Command highlighted several VirusTotal uploads of theirs – and the executable objects relating to 2016 – 2017 NewsBeef/APT33 activity are interesting for a variety of reasons. Read Full Article
ViceLeaker Operation: mobile espionage targeting Middle East
In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens. We decided to call the operation “ViceLeaker”, because of strings and variables in its code. Read Full Article
Platinum is back
In June 2018, we came across an unusual set of samples spreading throughout South and Southeast Asian countries targeting diplomatic, government and military entities. Read Full Article
Zebrocy’s Multilanguage Malware Salad
Zebrocy is Russian speaking APT that presents a strange set of stripes. Essentially, at our SAS2019 presentation, we publicly provided original insights on Zebrocy and their characteristics for the first time, based on five years of research and private reports on this group. Read Full Article
FIN7.5: the infamous cybercrime rig “FIN7” continues its activities
In 2018-2019, researchers of Kaspersky Lab’s Global Research and Analysis Team analyzed various campaigns that used the same Tactics Tools and Procedures (TTPs) as the historic FIN7, leading the researchers to believe that this threat actor had remained active despite the 2018 arrests. Read Full Article
APT trends report Q1 2019
This is our latest summary of APT activity, based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. It aims to highlight the significant events and findings that we feel people should be aware of. Read Full Article
I know what you did last summer, MuddyWater blending in the crowd
This report details a collection of tools used by MuddyWater threat actor on its targets after initial infection. It also details deceptive techniques used to divert investigations once attack tools have been deployed inside victim systems. Read Full Article