Month: February 2021

The 2020 data shows that the stalkerware situation has not improved much: the number of affected people is still high. A total of 53,870 unique users were affected globally by stalkerware in 2020.

2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001

Authors Categories Tags

Reports

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack.

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

February 2021

The state of stalkerware in 2020

Lazarus targets defense industry with ThreatNeedle

DDoS attacks in Q4 2020

Spam and phishing in 2020

How kids coped with COVID-hit winter holidays

Congratulations, you’ve won! The reality behind online lotteries

Keyloggers: How they work and how to detect them (Part 1)

Scammers’ delivery service: exclusively dangerous

Subscribe

Reports

The SessionManager IIS backdoor

APT ToddyCat

WinDealer dealing on the side

APT trends report Q1 2022

Subscribe to our weekly e-mails