MATA framework, Garmin attack, Operation PowerFall, DeathStalker group and other events of 2020. Read Full Article
Attacks on industrial enterprises using RMS and TeamViewer: new data
In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the economy that are associated with industrial production in one way or another. Read Full Article
IAmTheKing and the SlothfulMedia malware family
The DHS CISA agency released information about a malware family called SlothfulMedia, which they attribute to a sophisticated threat actor. We have been tracking this set of activity through our private reporting service, and we would like to provide the community with additional context. Read Full Article
IT threat evolution Q2 2020
Targeted attacks and APT groups, new malware and the COVID-19 pandemic exploitation in the second quarter of 2020 Read Full Article
CactusPete APT group’s updated Bisonal backdoor
A new CactusPete campaign shows that the group’s favored types of target remain the same. The victims of the new variant of the Bisonal backdoor were from financial and military sectors located in Eastern Europe. Read Full Article
APT trends report Q2 2020
This summary is based on our threat intelligence research and provides a representative snapshot of what we have published and discussed, focusing on activities that we observed during Q2 2020. Read Full Article
Naikon’s Aria
Our colleagues at Checkpoint put together a fine research writeup on some Naikon resources and activity related to “aria-body” that we detected in 2017 and similarly reported in 2018. Read Full Article
APT trends report Q1 2020
For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. This is our latest installment, focusing on activities that we observed during Q1 2020. Read Full Article
Hiding in plain sight: PhantomLance walks into a market
In July 2019, a sophisticated backdoor trojan in Google Play was reported. We conducted an inquiry of our own, discovering a long-term campaign, which we dubbed “PhantomLance”, its earliest registered domain dating back to December 2015. Read Full Article
Loncom packer: from backdoors to Cobalt Strike
After the previous story went out, we conducted a detailed analysis of the samples we had obtained, with some interesting findings. All of the malware we examined from the campaign was packed with the same packer, which we named Trojan-Dropper.NSIS.Loncom. Read Full Article