APT (Targeted attacks)

Platinum is one of the most technologically advanced APT actors with a traditional focus on the APAC region. During recent analysis we discovered Platinum using a new backdoor that we call Titanium.

Well-known ‘Lost in Translation’ leak, among other things, contained an interesting script that checked for traces of other APTs in the compromised system. In 2018, we found an APT described as the 27th function of this script, which we call ‘DarkUniverse’.

The quarterly summaries of APT activity are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private reports. This is our latest installment, focusing on activities that we observed during Q3 2019.

In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. We called these new modules ‘Reductor’ after a .pdb path left in some samples.

This report covers our team’s incident response practices for the year 2018. We have thoroughly analyzed all the service requests, customer conversations and incident response deliverables to provide you an overview in numbers.

Targeted attacks, malware campaigns and other security news in Q2 2019.

From the beginning of 2019 until July, we have been able to identify different spear-phishing campaigns related to Cloud Atlas mostly focused on Russia, Central Asia and regions of Ukraine with ongoing military conflicts.

The quarterly summaries of APT activity are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private reports. This is our latest installment, focusing on activities that we observed during Q2 2019.

2019 has seen the Turla actor actively renew its arsenal. Its developers are still using a familiar coding style, but they’re creating new tools. Here we’ll tell you about several of them, namely “Topinambour” and its related modules.

Recently, the United States Cyber Command highlighted several VirusTotal uploads of theirs – and the executable objects relating to 2016 – 2017 NewsBeef/APT33 activity are interesting for a variety of reasons.

In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens. We decided to call the operation “ViceLeaker”, because of strings and variables in its code.

In June 2018, we came across an unusual set of samples spreading throughout South and Southeast Asian countries targeting diplomatic, government and military entities.

Zebrocy is Russian speaking APT that presents a strange set of stripes. Essentially, at our SAS2019 presentation, we publicly provided original insights on Zebrocy and their characteristics for the first time, based on five years of research and private reports on this group.

We are happy to support a large, voluntary, collaborative effort like the 2019 Data Breach Investigations Report. While our data contribution is completely anonymous, it is based in some of the 2018 data set that our private report customers receive.

This is our latest summary of APT activity, based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. It aims to highlight the significant events and findings that we feel people should be aware of.