Deputy Director, Global Research & Analysis TeamSergey joined Kaspersky in 2002 and was appointed Deputy Director for the company’s Global Research & Analysis Team in March 2013. Prior to becoming Deputy Director, Sergey was the Head of the company’s Global Research & Analysis Team in the EEMEA region. Sergey is responsible managing the department’s operational activities in addition organizing Kaspersky’s annual Security Analyst Summit. Each year the summit brings the world’s best IT security experts together to collaborate and exchange research alongside international organizations, law enforcement agencies and technology companies. Sergey has a degree in Applied Mathematics from the Moscow State University of Railway Engineering and holds a postgraduate degree in IT Security. He is based in Moscow.
In this report we focus on tactics, techniques, and procedures (TTPs) of the DeftTorero (aka Lebanese Cedar or Volatile Cedar) threat actor, which targets Middle East countries.
Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.
VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies.
Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.