Leonid Bezvershenko

Security Researcher, GReAT

Leonid joined Kaspersky in 2020 as an intern in the Global Research and Analysis Team (GReAT). In 2021, he was invited to the GReAT as a Junior Security Researcher. In 2023, he was promoted to Security Researcher. In this role, Leonid focuses on open‑source security, reverse engineering and malware analysis. His research includes the analysis of APT campaigns, such as Operation Triangulation and CloudWizard. Additionally, he is actively involved in the development of internal tools and infrastructure.

@bzvr_

Reports

Kaspersky GReAT experts discovered a complex APT attack on Russian organizations dubbed Operation ForumTroll, which exploits zero-day vulnerabilities in Google Chrome.

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.

Leonid Bezvershenko

BloodyStealer and gaming assets for sale

Two more malicious Python packages in the PyPI

OnionPoison: infected Tor Browser installer distributed through popular YouTube channel

Bad magic: new APT found in the area of Russo-Ukrainian conflict

CloudWizard APT: the bad magic story goes on

Publications

BloodyStealer and gaming assets for sale

Ransomware world in 2021: who, how and why

Dox, steal, reveal. Where does your personal data end up?

Reports

Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain

SideWinder targets the maritime and nuclear sectors with an updated toolset

EAGERBEE, with updated and novel components, targets the Middle East

BellaCPP: Discovering a new BellaCiao variant written in C++

Subscribe to our weekly e-mails