Director, Global Research & Analysis Team, Latin AmericaDmitry Bestuzhev is Director of Kaspersky’s Global Research and Analysis Team in Latin America, where he oversees the company’s anti-malware and threat intelligence research by experts in the region. Dmitry joined Kaspersky in 2007 as a Malware Analyst, monitoring the local threat landscape and providing preliminary analysis. By 2008, he had become Senior Regional Researcher for the Latin American region and was appointed to his current role in 2010. In addition to overseeing anti-malware research and analysis work, Dmitry produces intelligence reports and forecasts for the region and is frequently sought out by international media and organizations for his expert commentary on IT security. Dmitry’s wide field of expertise covers everything from high profile attacks on financial institutions to traditional cybercrime underground activity. Dmitry is also an expert in corporate security, cyber-espionage and complex targeted attacks and participates in various educational initiatives throughout the Americas. Dmitry has more than two decades of experience in IT security across a wide variety of roles and is fluent in English, Spanish and Russian.
At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.
It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income.
The ScarCruft group (also known as APT37 or Temp.Reaper) is a nation-state sponsored APT actor. Recently, we had an opportunity to perform a deeper investigation on a host compromised by this group.
In this report we provide details on a malicious VBS implant distributed via MS Excel droppers and a fake “Kaspersky Update Agent” which we attribute to WIRTE APT who may be linked to Gaza Cybergang.