APT reports – WindowsTechs.com

GOFFEE continues to attack organizations in Russia

Posted on April 10, 2025 by Oleg Kupreev

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent. Continue reading GOFFEE continues to attack organizations in Russia→

SideWinder targets the maritime and nuclear sectors with an updated toolset

Posted on March 10, 2025 by Giampaolo Dedola, Vasily Berdnikov

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors. Continue reading SideWinder targets the maritime and nuclear sectors with an updated toolset→

EAGERBEE, with updated and novel components, targets the Middle East

Posted on January 6, 2025 by Saurabh Sharma, Vasily Berdnikov

Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor. Continue reading EAGERBEE, with updated and novel components, targets the Middle East→

BellaCPP: Discovering a new BellaCiao variant written in C++

Posted on December 20, 2024 by Mert Degirmenci

While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”. Continue reading BellaCPP: Discovering a new BellaCiao variant written in C++→

Lazarus group evolves its infection chain with old and new malware

Posted on December 19, 2024 by Vasily Berdnikov, Sojun Ryu

Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus. Continue reading Lazarus group evolves its infection chain with old and new malware→

Careto is back: what’s new after 10 years of silence?

Posted on December 12, 2024 by Georgy Kucherin, Marc Rivero

Kaspersky researchers analyze 2019, 2022 and 2024 attacks attributed to Careto APT with medium to high confidence. Continue reading Careto is back: what’s new after 10 years of silence?→

APT trends report Q3 2024

Posted on November 28, 2024 by GReAT

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns. Continue reading APT trends report Q3 2024→

Beyond the Surface: the evolution and expansion of the SideWinder APT group

Posted on October 15, 2024 by Giampaolo Dedola, Vasily Berdnikov

Kaspersky analyzes SideWinder APT’s recent activity: new targets in the MiddleEast and Africa, post-exploitation tools and techniques. Continue reading Beyond the Surface: the evolution and expansion of the SideWinder APT group→

BlindEagle flying high in Latin America

Posted on August 19, 2024 by GReAT

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries. Continue reading BlindEagle flying high in Latin America→

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

Posted on August 14, 2024 by GReAT

Kaspersky has identified a new EastWind campaign targeting Russian organizations and using CloudSorcerer as well as APT31 and APT27 tools. Continue reading EastWind campaign: new CloudSorcerer attacks on government organizations in Russia→