APT reports – Page 3 – WindowsTechs.com

Bad magic: new APT found in the area of Russo-Ukrainian conflict

Posted on March 21, 2023 by Leonid Bezvershenko, Georgy Kucherin, Igor Kuznetsov

In October 2022, we identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions. Continue reading Bad magic: new APT found in the area of Russo-Ukrainian conflict→

Roaming Mantis implements new DNS changer in its malicious mobile app in 2022

Posted on January 19, 2023 by GReAT

Roaming Mantis (a.k.a Shaoye) is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. In 2022, we observed a DNS changer function implemented in its Android malware Wroba.o. Continue reading Roaming Mantis implements new DNS changer in its malicious mobile app in 2022→

BlueNoroff introduces new methods bypassing MoTW

Posted on December 27, 2022 by Seongsu Park

We continue to track the BlueNoroff group’s activities and this October we observed the adoption of new malware strains in its arsenal. Continue reading BlueNoroff introduces new methods bypassing MoTW→

Ransomware and wiper signed with stolen certificates

Posted on December 22, 2022 by Mohamad Amin Hasbini

In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations. Continue reading Ransomware and wiper signed with stolen certificates→

DeathStalker targets legal entities with new Janicab variant

Posted on December 8, 2022 by GReAT

While hunting for less common Deathstalker intrusions, we identified a new Janicab variant used in targeting legal entities in the Middle East throughout 2020. Continue reading DeathStalker targets legal entities with new Janicab variant→

APT trends report Q3 2022

Posted on November 1, 2022 by GReAT

This is our latest summary of advanced persistent threat (APT) activities, focusing on events that we observed during Q3 2022. Continue reading APT trends report Q3 2022→

APT10: Tracking down LODEINFO 2022, part II

Posted on October 31, 2022 by Suguru Ishimaru

In the second part of this report, we discuss improvements made to the LODEINFO backdoor shellcode in 2022. Continue reading APT10: Tracking down LODEINFO 2022, part II→

APT10: Tracking down LODEINFO 2022, part I

Posted on October 31, 2022 by Suguru Ishimaru

The first part of this report will provide technical analysis of the new infection methods such as SFX files and DOWNIISSA, a new downloader shellcode used to deploy the LODEINFO backdoor. Continue reading APT10: Tracking down LODEINFO 2022, part I→

DiceyF deploys GamePlayerFramework in online casino development studio

Posted on October 17, 2022 by Kurt Baumgartner, Georgy Kucherin

In this report we provide technical analysis of the GamePlayerFramework deployed by an APT we call DiceyF, which is targeting online casinos in Southeast Asia. Continue reading DiceyF deploys GamePlayerFramework in online casino development studio→

DeftTorero: tactics, techniques and procedures of intrusions revealed

Posted on October 3, 2022 by GReAT

In this report we focus on tactics, techniques, and procedures (TTPs) of the DeftTorero (aka Lebanese Cedar or Volatile Cedar) threat actor, which targets Middle East countries. Continue reading DeftTorero: tactics, techniques and procedures of intrusions revealed→