Archive



APT reports

The SessionManager IIS backdoor


Research

The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs

APT reports

APT ToddyCat

Publications

‘Unpacking’ technical attribution and challenges for ensuring stability in cyberspace

Authors Categories Tags
  • Subscribe

  • Reports

    Kimsuky’s GoldDragon cluster and its C2 operations

    Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

    Andariel deploys DTrack and Maui ransomware

    Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

    Subscribe to our weekly e-mails

    The hottest research right in your inbox