APT (Targeted attacks) – WindowsTechs.com

QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns

Posted on November 8, 2024 by Saurabh Sharma

Kaspersky shares details on QSC modular cyberespionage framework, which appears to be linked to CloudComputating group campaigns. Continue reading QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns→

The Crypto Game of Lazarus APT: Investors vs. Zero-days

Posted on October 23, 2024 by Boris Larin, Vasily Berdnikov

Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain. Continue reading The Crypto Game of Lazarus APT: Investors vs. Zero-days→

SAS CTF and the many ways to persist a kernel shellcode on Windows 7

Posted on October 17, 2024 by Igor Kuznetsov, Boris Larin

In this article we solve the most difficult SAS CTF challenge based on the APT technique to introduce and persist a kernel shellcode on Windows 7. Continue reading SAS CTF and the many ways to persist a kernel shellcode on Windows 7→

Beyond the Surface: the evolution and expansion of the SideWinder APT group

Posted on October 15, 2024 by Giampaolo Dedola, Vasily Berdnikov

Kaspersky analyzes SideWinder APT’s recent activity: new targets in the MiddleEast and Africa, post-exploitation tools and techniques. Continue reading Beyond the Surface: the evolution and expansion of the SideWinder APT group→

Awaken Likho is awake: new techniques of an APT group

Posted on October 7, 2024 by Kaspersky

Kaspersky experts have discovered a new version of the APT Awaken Likho RAT Trojan, which uses AutoIt scripts and the MeshCentral system to target Russian organizations. Continue reading Awaken Likho is awake: new techniques of an APT group→

Finding a needle in a haystack: Machine learning at the forefront of threat hunting research

Posted on October 2, 2024 by Mohamad Amin Hasbini

How Kaspersky implemented machine learning for threat hunting in Kaspersky Security Network (KSN) global threat data. Continue reading Finding a needle in a haystack: Machine learning at the forefront of threat hunting research→

Tropic Trooper spies on government entities in the Middle East

Posted on September 5, 2024 by Sherif Magdy

Kaspersky experts found a new variant of the China Chopper web shell from the Tropic Trooper group that imitates an Umbraco CMS module and targets a government entity in the Middle East. Continue reading Tropic Trooper spies on government entities in the Middle East→

A deep dive into the most interesting incident response cases of last year

Posted on September 3, 2024 by Eduardo Ovalle, Ahmad Zaidi Said, AbdulRhman Alfaifi

Kaspersky Global Emergency Response Team (GERT) shares the most interesting IR cases for the year 2023: insider attacks, ToddyCat-like APT, Flax Typhoon and more. Continue reading A deep dive into the most interesting incident response cases of last year→

BlindEagle flying high in Latin America

Posted on August 19, 2024 by GReAT

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries. Continue reading BlindEagle flying high in Latin America→

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

Posted on August 14, 2024 by GReAT

Kaspersky has identified a new EastWind campaign targeting Russian organizations and using CloudSorcerer as well as APT31 and APT27 tools. Continue reading EastWind campaign: new CloudSorcerer attacks on government organizations in Russia→