Month: September 2021

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

Loading...

Authors Categories Tags

Reports

Kaspersky GReAT experts analyze the Evasive Panda APT’s infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.

Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.

Kaspersky’s GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.

Kaspersky discloses new tools and techniques discovered in 2025 Tomiris activities: multi-language reverse shells, Havoc and AdaptixC2 open-source frameworks, communications via Discord and Telegram.

September 2021

GhostEmperor: From ProxyLogon to kernel mode

DarkHalo after SolarWinds: the Tomiris connection

FinSpy: unseen findings

BloodyStealer and gaming assets for sale

Wake me up till SAS summit ends

Detection evasion in CLR and tips on how to detect such attacks

Exploitation of the CVE-2021-40444 vulnerability in MSHTML

Summer 2021: Friday Night Funkin’, Måneskin and pop it

Incident response analyst report 2020

Threat landscape for industrial automation systems in H1 2021

Applied YARA training Q&A

QakBot technical analysis

Keyloggers: How they work and how to detect them (Part 1)

Scammers’ delivery service: exclusively dangerous

RansomEXX Trojan attacks Linux systems

Reports

Evasive Panda APT poisons DNS requests to deliver MgBot

Cloud Atlas activity in the first half of 2025: what changed

Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports

Tomiris wreaks Havoc: New tools and techniques of the APT group

Subscribe to our weekly e-mails