Senior Security Researcher, Global Research & Analysis Team, ANZ
Noushin Shabab is a cybersecurity researcher based in Australia, specializing in reverse engineering and targeted attack investigations. She joined Kaspersky in 2016 as a senior security researcher in the Global Research & Analysis Team (GReAT). Her research focuses on the investigation of advanced cyber-criminal activities and targeted attacks with a particular focus on local threats in the Asia Pacific region. Prior to joining Kaspersky, Noushin worked as a senior malware analyst and security software developer focusing on rootkit analysis and detection techniques as well as APT attack investigations. Noushin is very active in the local cybersecurity community in Australia and New Zealand where she regularly presents at various security conferences and events and also delivers technical workshops. She is also a member of the Australian Women in Security Network (AWSN) which aims to connect, support, collaborate and inspire women in the Australian cybersecurity industry. She was the first mentor to provide technical workshops and mentorship in the AWSN cadets program. This initiative aims to bridge the gap between university and industry by bringing together female students from different universities interested in pursuing a career in the information security space.An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.
This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023.
While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. We created offline backups of the devices, inspected them and discovered traces of compromise.
GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.