Vitaly Kamluk

Director, Global Research & Analysis Team, APAC

Vitaly has been involved in research at Kaspersky since 2005. In 2008, he was appointed Senior Antivirus Expert, before becoming Director of the EEMEA Research Center in 2009. In 2014 he was seconded to INTERPOL, where for two years he worked in the Digital Crime Center, specializing in malware reverse engineering, digital forensics and cybercrime investigation. Currently Vitaly is based in Singapore and is leading a team of APAC threat researchers focused on targeted attacks investigation. He is the author of Kaspersky’s first open-source project, a remote digital forensics tool called Bitscout, made available on Github. Vitaly has presented at many international security conferences as well as multiple invite-only security events. He is a trainer in malware analysis, YARA for malware hunters, and remote digital forensics.

@vkamluk

Reports

An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.

This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023.

While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. We created offline backups of the devices, inspected them and discovered traces of compromise.

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

Vitaly Kamluk

Absolute Computrace Revisited

Bitscout – The Free Remote Digital Forensics Tool Builder

Absolute Computrace: Frequently Asked Questions

Cybersecurity Research During the Coronavirus Outbreak and After

Simda’s Hide and Seek: Grown-up Games

Publications

Gpcode – here we go again

Antivirus Fraudware Goes Mobile?

Virus Top 20 for June 2008

Online Scanner Top Twenty for June 2008

Another way of restoring files after a Gpcode attack

Shockwave exploits

Gpcode update

Restoring files attacked by Gpcode.ak

Gpcode: the return of the file encryptor

The botnet business

More thoughts on drawing the line

Online Scanner Top Twenty for April 2008

Reports

Focus on DroxiDat/SystemBC

APT trends report Q2 2023

Operation Triangulation: iOS devices targeted with previously unknown malware

Meet the GoldenJackal APT group. Don’t expect any howls

Subscribe to our weekly e-mails