Vulnerabilities and exploits

APT reports

Stuxnet: Zero victims

We collected Stuxnet files for two years. After analyzing more than 2,000 of these files, we were able to identify the organizations that were the first victims of the worm’s different variants in 2009 and 2010. Perhaps an analysis of their activity can explain why they became “patients zero” (the original, or zero, victims).

APT reports

The Darkhotel APT

For the past seven years, a strong threat actor named Darkhotel, also known as Tapaoux, has carried out a number of successful attacks against a wide range of victims from around the world. It employs methods and techniques which go well beyond typical cybercriminal behavior.

Reports

ToddyCat: your hidden email assistant. Part 2

An in-depth analysis of Umbrij, a new tool used by the ToddyCat APT group to compromise corporate email communications in Gmail. The attack targeted OAuth authorization tokens, allowing threat actors to gain access to Google services.