Head of Research Center, GReAT, Middle East, Turkey and Africa
Dr. Mohamad Amin Hasbini joined Kaspersky in 2013 as a Senior Security Researcher in the Global Research and Analysis Team (GReAT). He is now head of the same research center for the META region. Amin is responsible for Kaspersky’s expert positioning, research expansion, and knowledge maturity in four regional offices. He has a PHD in smart cities information security from the Brunel University in London. Prior to joining Kaspersky, Amin was a senior consultant at Deloitte and Touche Middle East. Before that, he worked as a senior security Engineer at DataConsult in Lebanon. Dr. Hasbini worked on numerous large-scale defensive infrastructure deployments, industrial and consulting projects for government entities, banks, service providers, oil and gas companies, and others. He has also taught security courses in forensics, malware analysis and ethical hacking. Amin is specialized in wide-scale cyber-defense and anti-APT tools and techniques. He has written a number of publications on advanced malware operations and smart cities security, presented at more than 100 conferences worldwide and received numerous accolades.This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.
We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a full-featured backdoor.
At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.
It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income.