Director, Global Research & Analysis Team, Latin AmericaDmitry Bestuzhev is Director of Kaspersky’s Global Research and Analysis Team in Latin America, where he oversees the company’s anti-malware and threat intelligence research by experts in the region. Dmitry joined Kaspersky in 2007 as a Malware Analyst, monitoring the local threat landscape and providing preliminary analysis. By 2008, he had become Senior Regional Researcher for the Latin American region and was appointed to his current role in 2010. In addition to overseeing anti-malware research and analysis work, Dmitry produces intelligence reports and forecasts for the region and is frequently sought out by international media and organizations for his expert commentary on IT security. Dmitry’s wide field of expertise covers everything from high profile attacks on financial institutions to traditional cybercrime underground activity. Dmitry is also an expert in corporate security, cyber-espionage and complex targeted attacks and participates in various educational initiatives throughout the Americas. Dmitry has more than two decades of experience in IT security across a wide variety of roles and is fluent in English, Spanish and Russian.
We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.
We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.
Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.
In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.