Nicolas Brulez

Nicolas joined Kaspersky Lab as a senior malware researcher in 2009. His responsibilities include analyzing malware and carrying out security research. Prior to joining Kaspersky Lab, Nicolas worked as a senior virus researcher for Websense Security Labs and Digital River/Silicon Realms. He is also known for his work on the Software Passport/Armadillo protection system. Here, he served as head of software security and was in charge of the anti-reverse engineering techniques used in the system. Over the last 17 years, Nicolas has authored numerous articles and papers on reverse engineering. He is a regular speaker at computer engineering schools and international security conferences.

Reports

An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.

This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023.

While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. We created offline backups of the devices, inspected them and discovered traces of compromise.

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

Nicolas Brulez

Ransomware: Fake Federal German Police (BKA) notice

The ‘Madi’ infostealers – a detailed analysis

Japan Quake Spam leads to Malware Part 3

Ransomware: GPCode strikes back

Madi is back – New Tricks and a New Command&Control Server

Publications

Long live REcon – my 10th REcon anniversary

RECON 2014

The ‘Madi’ infostealers – a detailed analysis

Madi is back – New Tricks and a New Command&Control Server

Facebook profile: No, it doesn’t work!

Mac Protector: Register your copy now! Part 2

Mac Protector: Register your copy now!

Ransomware: GPCode strikes back

Ransomware: Fake Federal German Police (BKA) notice

Japan Quake Spam leads to Malware Part 3

Japan Quake Spam leads to Malware

Spam Campaign on Twitter Leads to Adware

Reports

Focus on DroxiDat/SystemBC

APT trends report Q2 2023

Operation Triangulation: iOS devices targeted with previously unknown malware

Meet the GoldenJackal APT group. Don’t expect any howls

Subscribe to our weekly e-mails