Senior Security Researcher at Kaspersky`s GReATAs a computer-sciences engineer, Pierre walked his first miles on the cybersecurity road pentesting industrial systems and designing security architectures, applications and operating systems for critical infrastructures. He then worked for eight years within French government (ANSSI, MoD), where he notably designed national cybersecurity crisis plans, conducted large-scale incident-response operations on critical infrastructures, managed a threat-intelligence team, and drove international partnerships. Pierre also worked as CISO for a multinational corporation. Pierre is an organized and creative thinker, who likes tuning all the knobs to get actionable results – from embedded microcontrollers development to policies. He joined Kaspersky GReAT in 2020 to get his hands back on threat-intelligence operations.
In this report we focus on tactics, techniques, and procedures (TTPs) of the DeftTorero (aka Lebanese Cedar or Volatile Cedar) threat actor, which targets Middle East countries.
Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.
VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies.
Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.