Chinese-speaking cybercrime – WindowsTechs.com

Tropic Trooper spies on government entities in the Middle East

Posted on September 5, 2024 by Sherif Magdy

Kaspersky experts found a new variant of the China Chopper web shell from the Tropic Trooper group that imitates an Umbraco CMS module and targets a government entity in the Middle East. Continue reading Tropic Trooper spies on government entities in the Middle East→

APT trends report Q2 2024

Posted on August 13, 2024 by GReAT

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity. Continue reading APT trends report Q2 2024→

APT trends report Q3 2023

Posted on October 17, 2023 by GReAT

TetrisPhantom targets government entities in APAC, APT BadRory attacks multiple entities in Russia, new malicious campaign uses well-known Owowa, IIS backdoor and other significant events during Q3 2023 Continue reading APT trends report Q3 2023→

APT trends report Q2 2023

Posted on July 27, 2023 by GReAT

This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023. Continue reading APT trends report Q2 2023→

APT trends report Q3 2022

Posted on November 1, 2022 by GReAT

This is our latest summary of advanced persistent threat (APT) activities, focusing on events that we observed during Q3 2022. Continue reading APT trends report Q3 2022→

APT trends report Q2 2022

Posted on July 28, 2022 by GReAT

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q2 2022. Continue reading APT trends report Q2 2022→

WinDealer dealing on the side

Posted on June 2, 2022 by GReAT

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack. Continue reading WinDealer dealing on the side→

APT trends report Q1 2022

Posted on April 27, 2022 by GReAT

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022. Continue reading APT trends report Q1 2022→

MoonBounce: the dark side of UEFI firmware

Posted on January 20, 2022 by Mark Lechtik, Vasily Berdnikov, Denis Legezo, Ilya Borisov

At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41. Continue reading MoonBounce: the dark side of UEFI firmware→

APT trends report Q3 2021

Posted on October 26, 2021 by GReAT

The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021. Continue reading APT trends report Q3 2021→