APT (Targeted attacks) – Page 4

Operation Triangulation: The last (hardware) mystery

Posted on December 27, 2023 by Boris Larin

Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs. Continue reading Operation Triangulation: The last (hardware) mystery→

BlueNoroff: new Trojan attacking macOS users

Posted on December 5, 2023 by Sergey Puzan

BlueNoroff has been attacking macOS users with a new loader that delivers unknown malware to the system. Continue reading BlueNoroff: new Trojan attacking macOS users→

HrServ – Previously unknown web shell used in APT attack

Posted on November 22, 2023 by Mert Degirmenci

In this report Kaspersky researchers provide an analysis of the previously unknown HrServ web shell, which exhibits both APT and crimeware features and has likely been active since 2021. Continue reading HrServ – Previously unknown web shell used in APT attack→

Advanced threat predictions for 2024

Posted on November 14, 2023 by GReAT

Kaspersky researchers review APT predictions for 2023 and current trends in the advanced threat landscape, and try to predict how it will develop in 2024. Continue reading Advanced threat predictions for 2024→

Modern Asian APT groups’ tactics, techniques and procedures (TTPs)

Posted on November 9, 2023 by

Asian APT groups target various organizations from a multitude of regions and industries. We created this report to provide the cybersecurity community with the best-prepared intelligence data to effectively counteract Asian APT groups. Continue reading Modern Asian APT groups’ tactics, techniques and procedures (TTPs)→

A cascade of compromise: unveiling Lazarus’ new campaign

Posted on October 27, 2023 by Seongsu Park

We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns Continue reading A cascade of compromise: unveiling Lazarus’ new campaign→

How to catch a wild triangle

Posted on October 26, 2023 by Leonid Bezvershenko, Georgy Kucherin, Igor Kuznetsov, Boris Larin, Valentin Pashkov

How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules. Continue reading How to catch a wild triangle→

StripedFly: Perennially flying under the radar

Posted on October 26, 2023 by Sergey Belov, Vilen Kamalov, Sergey Lozhkin

Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. The amount of effort that went into creating the framework is truly remarkable, and its disclosure was quite astonishing. Continue reading StripedFly: Perennially flying under the radar→

The outstanding stealth of Operation Triangulation

Posted on October 23, 2023 by Georgy Kucherin, Leonid Bezvershenko, Valentin Pashkov

In this report Kaspersky shares insights into the validation components used in Operation Triangulation, TriangleDB implant post-compromise activity, as well as details of some additional modules. Continue reading The outstanding stealth of Operation Triangulation→

Updated MATA attacks industrial companies in Eastern Europe

Posted on October 18, 2023 by GReAT, Kaspersky ICS CERT

In early September 2022, we discovered several new malware samples belonging to the MATA cluster. The campaign had been launched in mid-August 2022 and targeted over a dozen corporations in Eastern Europe from the oil and gas sector and defense industry. Continue reading Updated MATA attacks industrial companies in Eastern Europe→