Collaborate Disseminate
For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. This is our latest installment, focusing on activities that we observed during Q1 2020. Continue reading APT trends report Q1 2020
On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings. Continue reading Holy water: ongoing targeted water-holing attack in Asia
To attack macOS users, the Lazarus group has developed homemade macOS malware, and added an authentication mechanism to deliver the next stage payload very carefully, as well as loading the next-stage payload without touching the disk. Continue reading Operation AppleJeus Sequel
After we wrote our private report on the OilRig leak, we decided to scan our archives with our YARA rule, to hunt for new and older samples. Aside from finding some new samples, we believe we also succeeded in finding some of the first Poison Frog samples. Continue reading OilRig’s Poison Frog – old samples, same trick
This is what we think might happen in the coming months, based on the knowledge of experts in this field and our observation of APT attacks – since APT threat actors have historically been the center of innovation. Continue reading Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020
Well-known ‘Lost in Translation’ leak, among other things, contained an interesting script that checked for traces of other APTs in the compromised system. In 2018, we found an APT described as the 27th function of this script, which we call ‘DarkUniverse’. Continue reading DarkUniverse – the mysterious APT framework #27
The quarterly summaries of APT activity are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private reports. This is our latest installment, focusing on activities that we observed during Q3 2019. Continue reading APT trends report Q3 2019
In April 2019, we discovered new malware that compromises encrypted web communications in an impressive way. We called these new modules ‘Reductor’ after a .pdb path left in some samples. Continue reading COMpfun successor Reductor infects files on the fly to compromise TLS traffic
BRATA” is a new Android remote access tool malware family. It exclusively targets victims in Brazil: however, theoretically it could also be used to attack any other Android user if the cybercriminals behind it want to. Continue reading Fully equipped Spying Android RAT from Brazil: BRATA
From the beginning of 2019 until July, we have been able to identify different spear-phishing campaigns related to Cloud Atlas mostly focused on Russia, Central Asia and independent regions of Ukraine. Continue reading Recent Cloud Atlas activity