Security Researcher, Global Research & Analysis Team
Jornt works as a local security expert for the BeNeLux region in Kaspersky’s Global Research and Analysis Team (GReAT). During his time at the company, Jornt has managed several different high-profile projects. For instance, he helped the Dutch police with the Coinvault case, that led to the arrest of two malware authors. After this success, Jornt was a driving force behind the NoMoreRansom project. Together with various law enforcement agencies, he identified several servers that held cryptographic keys of ransomware victims. As a result, more than 35,000 people got their files back without paying the criminals and the action prevented millions of dollars going into the pockets of criminals. Jornt also speaks at national and international conferences, is a regular media commentator and alongside his malware research, offers malware reverse engineering training. Before joining Kaspersky in 2014, Jornt worked as a researcher/developer for Security Matters. Whilst he was there, he implemented and designed detection modules for Intrusion Detection Systems that operate in an Industrial Control System (ICS) environment. Prior to that, Jornt worked as a security consultant for Digidentity, where he improved existing products by creating new software and cryptographic algorithms. He has also worked as a consultant at the Rijkswaterstaat Security Operations Center (the governmental institution responsible for roads and water management), where he was actively involved in securing ICS environments.New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go.
In this report Kaspersky researchers provide an analysis of the previously unknown HrServ web shell, which exhibits both APT and crimeware features and has likely been active since 2021.
Asian APT groups target various organizations from a multitude of regions and industries. We created this report to provide the cybersecurity community with the best-prepared intelligence data to effectively counteract Asian APT groups.
We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns