Pierre Delcher

Senior Security Researcher at Kaspersky`s GReAT

As a computer-sciences engineer, Pierre walked his first miles on the cybersecurity road pentesting industrial systems and designing security architectures, applications and operating systems for critical infrastructures. He then worked for eight years within French government (ANSSI, MoD), where he notably designed national cybersecurity crisis plans, conducted large-scale incident-response operations on critical infrastructures, managed a threat-intelligence team, and drove international partnerships. Pierre also worked as CISO for a multinational corporation. Pierre is an organized and creative thinker, who likes tuning all the knobs to get actionable results – from embedded microcontrollers development to policies. He joined Kaspersky GReAT in 2020 to get his hands back on threat-intelligence operations.

@securechicken

Pierre Delcher

Reports

Kaspersky analyzes SideWinder APT’s recent activity: new targets in the MiddleEast and Africa, post-exploitation tools and techniques.

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries.

Kaspersky has identified a new EastWind campaign targeting Russian organizations and using CloudSorcerer as well as APT31 and APT27 tools.

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity.

Pierre Delcher

What did DeathStalker hide between two ferns?

Researchers call for a determined path to cybersecurity

The SessionManager IIS backdoor

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

Tomiris called, they want their Turla malware back

Publications

Tomiris called, they want their Turla malware back

Indicators of compromise (IOCs): how we collect and use them

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

The SessionManager IIS backdoor

Owowa: the add-on that turns your OWA into a credential stealer and remote access panel

DarkHalo after SolarWinds: the Tomiris connection

The leap of a Cycldek-related threat actor

Researchers call for a determined path to cybersecurity

What did DeathStalker hide between two ferns?

IAmTheKing and the SlothfulMedia malware family

Lifting the veil on DeathStalker, a mercenary triumvirate

Lazarus on the hunt for big game

External Publications

GReAT Ideas. Powered by Croissant. Baguette edition.

Multi-stakeholder Community Talks on Cyber Diplomacy

GReAT Ideas. Powered by SAS: threat hunting and new techniques

GReAT Ideas. Powered by SAS: threat actors advance on new fronts

Reports

Beyond the Surface: the evolution and expansion of the SideWinder APT group

BlindEagle flying high in Latin America

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

APT trends report Q2 2024

Subscribe to our weekly e-mails