APT (Targeted attacks)

APT reports

APT trends report Q2 2020

This summary is based on our threat intelligence research and provides a representative snapshot of what we have published and discussed, focusing on activities that we observed during Q2 2020.

Events

GReAT Ideas follow-up

The two hours of our first “GReAT Ideas. Powered by SAS” session were not enough for answering all of the questions raised, therefore we try to answer them below.

APT reports

Microcin is here

In February 2020, we observed a Trojan injected into the system process memory on a particular host. The target turned out to be a diplomatic entity. We attribute this campaign with high confidence to the SixLittleMonkeys (aka Microcin) threat actor.

Reports

ToddyCat: your hidden email assistant. Part 2

An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth authorization tokens, allowing threat actors to gain access to Google services.