APT (Targeted attacks) – Page 10

The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs

Posted on June 23, 2022 by Kaspersky

We want to familiarize the reader with the different stages of ransomware deployment and provide a visual guide to defending against targeted ransomware attacks. Continue reading The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs→

APT ToddyCat

Posted on June 21, 2022 by Giampaolo Dedola

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’. Continue reading APT ToddyCat→

‘Unpacking’ technical attribution and challenges for ensuring stability in cyberspace

Posted on June 20, 2022 by Ivan Kwiatkowski, Anastasiya Kazakova, Julia Ryng, Kenddrick Chan

How is technical attribution carried out? What are the key challenges in conducting reliable technical attribution? How can this be more accessible to the multitude of stakeholders? Below are our reflections on these questions. Continue reading ‘Unpacking’ technical attribution and challenges for ensuring stability in cyberspace→

WinDealer dealing on the side

Posted on June 2, 2022 by GReAT

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack. Continue reading WinDealer dealing on the side→

IT threat evolution Q1 2022

Posted on May 27, 2022 by David Emm

Kaspersky IT threat review in Q1 2022: activity of APTs such as MoonBounce, BlueNororff, Lazarus and Roaming Mantis, attacks against Ukraine, phishing kits, Okta hack and more. Continue reading IT threat evolution Q1 2022→

The Verizon 2022 DBIR

Posted on May 25, 2022 by GReAT

The Verizon 2022 Data Breach Investigations Report is out, where Kaspersky collaborated as a contributor. The report provides interesting analysis of a full amount of global incident data. Continue reading The Verizon 2022 DBIR→

Evaluation of cyber activities and the threat landscape in Ukraine

Posted on May 17, 2022 by GReAT

With this article, our core aim is to share a threat landscape overview, which Kaspersky cybersecurity researchers are observing in relation to the conflict, with the wider international community and thus to contribute to broader ongoing cyber-stability discussions of threat-related insights. Continue reading Evaluation of cyber activities and the threat landscape in Ukraine→

APT trends report Q1 2022

Posted on April 27, 2022 by GReAT

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022. Continue reading APT trends report Q1 2022→

Lazarus Trojanized DeFi app for delivering malware

Posted on March 31, 2022 by GReAT

We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a full-featured backdoor. Continue reading Lazarus Trojanized DeFi app for delivering malware→

Webinar on cyberattacks in Ukraine – summary and Q&A

Posted on March 14, 2022 by GReAT

Last week, Kaspersky’s GReAT shared their insights into the current (and past) cyberattacks in Ukraine. In this post we address the questions that we did not have the time to answer and provide IoCs. Continue reading Webinar on cyberattacks in Ukraine – summary and Q&A→