Mark Lechtik

Senior Security Researcher at Kaspersky`s GReAT

Mark Lechtik is a Senior Security Researcher at Kaspersky`s GReAT, based in Israel. He is mainly engaged with malware analysis and threat intelligence. Formerly, Mark reverse engineered a bunch of North Korean anti-viruses, and spoke about it in a few conferences. Today he is mostly engaged with breaking down malware and understanding the nitty gritty of APT campaigns.

@_marklech_

Mark Lechtik

Reports

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.

Kaspersky researchers analyze 2019, 2022 and 2024 attacks attributed to Careto APT with medium to high confidence.

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns.

Mark Lechtik

MosaicRegressor: Lurking in the Shadows of UEFI

Operation TunnelSnake

LuminousMoth APT: Sweeping attacks for the chosen few

GhostEmperor: From ProxyLogon to kernel mode

Lyceum group reborn

Publications

MoonBounce: the dark side of UEFI firmware

Lyceum group reborn

GhostEmperor: From ProxyLogon to kernel mode

LuminousMoth APT: Sweeping attacks for the chosen few

Operation TunnelSnake

The leap of a Cycldek-related threat actor

MosaicRegressor: Lurking in the Shadows of UEFI

Cycldek: Bridging the (air) gap

External Publications

MosaicRegressor: Lurking in the Shadows of UEFI

Cycldek: Chronicles of the Goblin (slides from CARO Workshop 2020)

The North Korean AV Anthology (slides from AVAR 2019)

Reports

BellaCPP: Discovering a new BellaCiao variant written in C++

Lazarus group evolves its infection chain with old and new malware

Careto is back: what’s new after 10 years of silence?

APT trends report Q3 2024

Subscribe to our weekly e-mails