Expert
Ahmad Zaidi Said
Digital Forensics and Incident Response Specialist
Ahmad Zaidi Said, a Malaysian cybersecurity expert with broad international experience, has more than 14 years of knowledge and experience in the field and has been involved in high-profile cybersecurity incident investigations globally. Joined Kaspersky Global Emergency Response Team (GERT) in 2021 as Digital Forensics and Incident Response (DFIR) specialist, Zaidi brings valuable experience in a variety of cyber security domains, including digital forensics and incident response (DFIR), malware analysis and reverse engineering, threat intelligence, and threat hunting Zaidi is a committee member of the Malaysia Cyber Security Community Organization (MCCO) & rawSEC and active member of the High Technology Cyber Investigation Association (HTCIA), which contribute to the evolution of the cybersecurity ecosystem through information sharing and collaboration. His expertise has also led him to speak at a number of international and local events, in which he has offered vital insights and best practises with a wide range of audiences.Publications
Reports
Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload
Cloud Atlas attacks the public sector and diplomatic structures of Russia and Belarus, using ReverseSocks, SSH, and Tor for persistence in infected systems and its new tool, PowerCloud.
Kimsuky targets organizations with PebbleDash-based tools
Kaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their connection to the AppleSeed malware cluster.
OceanLotus suspected of using PyPI to deliver ZiChatBot malware
Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT.
Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India
The Silver Fox group is targeting companies in Russia and India by impersonating tax authorities to distribute ValleyRAT and the new ABCDoor backdoor.
