APT (Targeted attacks) – Page 2

SAS CTF and the many ways to persist a kernel shellcode on Windows 7

Posted on October 17, 2024 by Igor Kuznetsov, Boris Larin

In this article we solve the most difficult SAS CTF challenge based on the APT technique to introduce and persist a kernel shellcode on Windows 7. Continue reading SAS CTF and the many ways to persist a kernel shellcode on Windows 7→

Beyond the Surface: the evolution and expansion of the SideWinder APT group

Posted on October 15, 2024 by Giampaolo Dedola, Vasily Berdnikov

Kaspersky analyzes SideWinder APT’s recent activity: new targets in the MiddleEast and Africa, post-exploitation tools and techniques. Continue reading Beyond the Surface: the evolution and expansion of the SideWinder APT group→

Awaken Likho is awake: new techniques of an APT group

Posted on October 7, 2024 by Kaspersky

Kaspersky experts have discovered a new version of the APT Awaken Likho RAT Trojan, which uses AutoIt scripts and the MeshCentral system to target Russian organizations. Continue reading Awaken Likho is awake: new techniques of an APT group→

Finding a needle in a haystack: Machine learning at the forefront of threat hunting research

Posted on October 2, 2024 by Mohamad Amin Hasbini

How Kaspersky implemented machine learning for threat hunting in Kaspersky Security Network (KSN) global threat data. Continue reading Finding a needle in a haystack: Machine learning at the forefront of threat hunting research→

Tropic Trooper spies on government entities in the Middle East

Posted on September 5, 2024 by Sherif Magdy

Kaspersky experts found a new variant of the China Chopper web shell from the Tropic Trooper group that imitates an Umbraco CMS module and targets a government entity in the Middle East. Continue reading Tropic Trooper spies on government entities in the Middle East→

A deep dive into the most interesting incident response cases of last year

Posted on September 3, 2024 by Eduardo Ovalle, Ahmad Zaidi Said, AbdulRhman Alfaifi

Kaspersky Global Emergency Response Team (GERT) shares the most interesting IR cases for the year 2023: insider attacks, ToddyCat-like APT, Flax Typhoon and more. Continue reading A deep dive into the most interesting incident response cases of last year→

BlindEagle flying high in Latin America

Posted on August 19, 2024 by GReAT

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries. Continue reading BlindEagle flying high in Latin America→

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

Posted on August 14, 2024 by GReAT

Kaspersky has identified a new EastWind campaign targeting Russian organizations and using CloudSorcerer as well as APT31 and APT27 tools. Continue reading EastWind campaign: new CloudSorcerer attacks on government organizations in Russia→

APT trends report Q2 2024

Posted on August 13, 2024 by GReAT

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity. Continue reading APT trends report Q2 2024→

CloudSorcerer – A new APT targeting Russian government entities

Posted on July 8, 2024 by Sergey Lozhkin

Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor. Continue reading CloudSorcerer – A new APT targeting Russian government entities→