All publications

Reports

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

Archive

External attack surface and ongoing cybercriminal activity in APAC region

Self-spreading stealer attacks gamers via YouTube

Threat landscape for industrial automation systems for H1 2022

Good game, well played: an overview of gaming-related cyberthreats in 2022

The nature of cyber incidents

Kimsuky’s GoldDragon cluster and its C2 operations

Ransomware updates & 1-day exploits

Black Hat USA 2022 and DEF CON 30

Two more malicious Python packages in the PyPI

Threat in your browser: what dangers innocent-looking extensions hold for users

IT threat evolution in Q2 2022. Mobile statistics

IT threat evolution in Q2 2022. Non-mobile statistics

IT threat evolution Q2 2022

OpenTIP, command line edition

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

Keyloggers: How they work and how to detect them (Part 1)

Scammers’ delivery service: exclusively dangerous

RansomEXX Trojan attacks Linux systems

Subscribe

Reports

SideWinder targets the maritime and nuclear sectors with an updated toolset

EAGERBEE, with updated and novel components, targets the Middle East

BellaCPP: Discovering a new BellaCiao variant written in C++

Lazarus group evolves its infection chain with old and new malware

Subscribe to our weekly e-mails