CloudWizard APT: the bad magic story goes on
Kaspersky analysis of the CloudWizard APT framework used in a campaign in the region of the Russo-Ukrainian conflict. Continue reading CloudWizard APT: the bad magic story goes on
Collaborate Disseminate
Kaspersky analysis of the CloudWizard APT framework used in a campaign in the region of the Russo-Ukrainian conflict. Continue reading CloudWizard APT: the bad magic story goes on
For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. Continue reading APT trends report Q1 2023
For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. Continue reading APT trends report Q1 2023
We continued to track Tomiris as a separate threat actor over three new attack campaigns between 2021 and 2023, and our telemetry allowed us to shed light on the group. In this blog post, we’re excited to share what we now know of Tomiris with the broader community, and discuss further evidence of a possible connection to Turla. Continue reading Tomiris called, they want their Turla malware back
The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. In this blog, we’ll focus on an active cluster that we dubbed DeathNote. Continue reading Following the Lazarus group by tracking DeathNote campaign
A DLL named guard64.dll, which was loaded into the infected 3CXDesktopApp.exe process, was used in recent deployments of a backdoor that we dubbed “Gopuram” and had been tracking internally since 2020. Continue reading Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
In October 2022, we identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions. Continue reading Bad magic: new APT found in the area of Russo-Ukrainian conflict
We decided to check what ChatGPT already knows about threat research and whether it can help with identifying simple adversary tools and classic indicators of compromise, such as well-known malicious hashes and domains. Continue reading IoC detection experiments with ChatGPT
We have analyzed more than 800 IT job ads and resumes on the dark web. Here is what the dark web job market looks like. Continue reading Come to the dark side: hunting IT professionals on the dark web
Supply chain and reoccurring attacks, data destruction, lack of staff — what challenges will your security operations center be facing in 2023? Continue reading What your SOC will be facing in 2023