Authors

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

Expert

Director, Global Research & Analysis Team, APAC

Expert

Head of Global Research & Analysis Team, Russia

Expert

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

Reports

In October 2022, we identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions.

Roaming Mantis (a.k.a Shaoye) is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. In 2022, we observed a DNS changer function implemented in its Android malware Wroba.o.

We continue to track the BlueNoroff group’s activities and this October we observed the adoption of new malware strains in its arsenal.

In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations.

Securelist Authors

Darya Gudkova

Roman Unuchek

Vitaly Kamluk

Vyacheslav Zakorzhevsky

Tatyana Kulikova

Stefan Tanase

Eugene Kaspersky

Victor Chebyshev

Michael Molsner

Sergey Golovanov

AMR

Yury Namestnikov

Tim Armstrong

Vicente Diaz

Dmitry Tarakanov

Congratulations, you’ve won! The reality behind online lotteries

Keyloggers: How they work and how to detect them (Part 1)

Scammers’ delivery service: exclusively dangerous

How I hacked my smart bracelet

BitGuard: a System of Forced Searches

Bad Rabbit ransomware

Skygofree: Following in the footsteps of HackingTeam

Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium

Reports

Bad magic: new APT found in the area of Russo-Ukrainian conflict

Roaming Mantis implements new DNS changer in its malicious mobile app in 2022

BlueNoroff introduces new methods bypassing MoTW

Ransomware and wiper signed with stolen certificates

Subscribe to our weekly e-mails