APT (Targeted attacks)

We continue to report on the APT group ToddyCat. This time, we’ll talk about traffic tunneling, constant access to a target infrastructure and data extraction from hosts.

New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go.

Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder.

Kaspersky experts make their predictions about ICS and OT threats: specifically, ransomware and hacktivist attacks, threats to logistics and transportation, etc.

Analyzing Shutdown.log file as a lightweight method to detect indicators of infection with sophisticated iOS malware such as Pegasus, Reign and Predator.

Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.

BlueNoroff has been attacking macOS users with a new loader that delivers unknown malware to the system.

In this report Kaspersky researchers provide an analysis of the previously unknown HrServ web shell, which exhibits both APT and crimeware features and has likely been active since 2021.

Kaspersky researchers review APT predictions for 2023 and current trends in the advanced threat landscape, and try to predict how it will develop in 2024.

Asian APT groups target various organizations from a multitude of regions and industries. We created this report to provide the cybersecurity community with the best-prepared intelligence data to effectively counteract Asian APT groups.

We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns

How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules.

Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. The amount of effort that went into creating the framework is truly remarkable, and its disclosure was quite astonishing.

In this report Kaspersky shares insights into the validation components used in Operation Triangulation, TriangleDB implant post-compromise activity, as well as details of some additional modules.

In early September 2022, we discovered several new malware samples belonging to the MATA cluster. The campaign had been launched in mid-August 2022 and targeted over a dozen corporations in Eastern Europe from the oil and gas sector and defense industry.