Director, Global Research & Analysis Team, APACVitaly has been involved in research at Kaspersky since 2005. In 2008, he was appointed Senior Antivirus Expert, before becoming Director of the EEMEA Research Center in 2009. In 2014 he was seconded to INTERPOL, where for two years he worked in the Digital Crime Center, specializing in malware reverse engineering, digital forensics and cybercrime investigation. Currently Vitaly is based in Singapore and is leading a team of APAC threat researchers focused on targeted attacks investigation. He is the author of Kaspersky’s first open-source project, a remote digital forensics tool called Bitscout, made available on Github. Vitaly has presented at many international security conferences as well as multiple invite-only security events. He is a trainer in malware analysis, YARA for malware hunters, and remote digital forensics.
Roaming Mantis (a.k.a Shaoye) is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. In 2022, we observed a DNS changer function implemented in its Android malware Wroba.o.
We continue to track the BlueNoroff group’s activities and this October we observed the adoption of new malware strains in its arsenal.
In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations.
While hunting for less common Deathstalker intrusions, we identified a new Janicab variant used in targeting legal entities in the Middle East throughout 2020.