Threat Category: Windows malware | Page 3

Kaspersky experts studied the activity of Key Group, which utilizes publicly available builders for ransomware and wipers, as well as GitHub and Telegram.

An investigation of BlackJack’s software, TTPs, and motivations led Kaspersky experts to identify a possible connection with the Twelve group.

Analysis of Twelve’s activities using the Unified Kill Chain method: from initial access to deployment of LockBit- and Chaos-based ransomware and wipers.

Kaspersky researchers detected a campaign exclusively targeting Italian users by delivering a new RAT dubbed SambaSpy

Kaspersky experts have discovered a new version of the Loki agent for the open-source Mythic framework, which uses DLLs to attack Russian companies.

In this report, we provide an in-depth analysis of the Mallox ransomware, its evolution, ransom strategy, encryption scheme, etc.

Kaspersky Global Emergency Response Team (GERT) shares the most interesting IR cases for the year 2023: insider attacks, ToddyCat-like APT, Flax Typhoon and more.

This report presents statistics on PC threats for Q2 2024, including data on ransomware, miners, threats to macOS and IoT devices.

In this report, Kaspersky researchers explore the most significant attacks of Q2 2024 that used a XZ backdoor, the LockBit builder, ShrinkLocker ransomware, etc.

Analysis of the hacktivist group Head Mare targeting companies in Russia and Belarus: exploitation of WinRAR vulnerability, custom tools PhantomDL and PhantomCore.

Kaspersky researchers discovered Tusk campaign with ongoing activity that uses Danabot and StealC infostealers and clippers to obtain cryptowallet credentials and system data.

Kaspersky researchers investigated three ransomware groups that tapped newly built malware samples based on Babuk, Lockbit, Chaos and others, while lacking professional resources.

Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor.

Kaspersky analysts explain which applications are targeted the most, and how enterprises can protect themselves from phishing and spam.

In this report, Kaspersky shares non-mobile malware statistics for Q1 2024, including ransomware, miner and macOS malware statistics.

Reports

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Kaspersky GReAT experts discovered a complex APT attack on Russian organizations dubbed Operation ForumTroll, which exploits zero-day vulnerabilities in Google Chrome.

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.

Windows malware

Key Group: another ransomware group using leaked builders

From 12 to 21: how we discovered connections between the Twelve and BlackJack groups

-=TWELVE=- is back

Exotic SambaSpy is now dancing with Italian users

Loki: a new private agent for the popular Mythic framework

Mallox ransomware: in-depth analysis and evolution

A deep dive into the most interesting incident response cases of last year

IT threat evolution in Q2 2024. Non-mobile statistics

IT threat evolution Q2 2024

Head Mare: adventures of a unicorn in Russia and Belarus

Tusk: unraveling a complex infostealer campaign

How “professional” ransomware variants boost cybercrime groups

CloudSorcerer – A new APT targeting Russian government entities

Cybersecurity in the SMB space — a growing threat

IT threat evolution in Q1 2024. Non-mobile statistics

Reports

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain

SideWinder targets the maritime and nuclear sectors with an updated toolset

Subscribe to our weekly e-mails