APT (Targeted attacks) – Page 5

APT trends report Q3 2023

Posted on October 17, 2023 by GReAT

TetrisPhantom targets government entities in APAC, APT BadRory attacks multiple entities in Russia, new malicious campaign uses well-known Owowa, IIS backdoor and other significant events during Q3 2023 Continue reading APT trends report Q3 2023→

ToddyCat: Keep calm and check logs

Posted on October 12, 2023 by Giampaolo Dedola, Domenico Caldarella, Alexander Fedotov, Andrey Gunkin

In this article, we’ll describe ToddyCat new toolset, the malware used to steal and exfiltrate data, and the techniques used by this group to move laterally and conduct espionage operations. Continue reading ToddyCat: Keep calm and check logs→

IT threat evolution in Q2 2023

Posted on August 30, 2023 by David Emm

Q2 2023 overview: targeted attacks such as Operation Triangulation, CloudWizard and Lazarus activity, Nokoyawa ransomware, and others. Continue reading IT threat evolution in Q2 2023→

Focus on DroxiDat/SystemBC

Posted on August 10, 2023 by Kurt Baumgartner

An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack. Continue reading Focus on DroxiDat/SystemBC→

APT trends report Q2 2023

Posted on July 27, 2023 by GReAT

This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023. Continue reading APT trends report Q2 2023→

Dissecting TriangleDB, a Triangulation spyware implant

Posted on June 21, 2023 by Georgy Kucherin, Leonid Bezvershenko, Igor Kuznetsov

In researching Operation Triangulation, we set ourselves the goal to retrieve as many parts of the exploitation chain as possible. As of now, we have finished analyzing the spyware implant and are ready to share the details. Continue reading Dissecting TriangleDB, a Triangulation spyware implant→

IT threat evolution Q1 2023

Posted on June 7, 2023 by David Emm

Recent BlueNoroff and Roaming Mantis activities, new APT related to the Russo-Ukrainian conflict, ChatGPT and threat intelligence, malvertising through search engines, cryptocurrency theft campaign and fake Tor browser Continue reading IT threat evolution Q1 2023→

In search of the Triangulation: triangle_check utility

Posted on June 2, 2023 by Igor Kuznetsov, Valentin Pashkov, Leonid Bezvershenko, Georgy Kucherin

We developed a dedicated utility to scan the iOS backups and run all the checks for Operation Triangulation indicators. Continue reading In search of the Triangulation: triangle_check utility→

Meet the GoldenJackal APT group. Don’t expect any howls

Posted on May 23, 2023 by Giampaolo Dedola

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher. Continue reading Meet the GoldenJackal APT group. Don’t expect any howls→