Chinese-speaking cybercrime – WindowsTechs.com

APT trends report Q3 2023

Posted on October 17, 2023 by GReAT

TetrisPhantom targets government entities in APAC, APT BadRory attacks multiple entities in Russia, new malicious campaign uses well-known Owowa, IIS backdoor and other significant events during Q3 2023 Continue reading APT trends report Q3 2023→

APT trends report Q2 2023

Posted on July 27, 2023 by GReAT

This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023. Continue reading APT trends report Q2 2023→

APT trends report Q3 2022

Posted on November 1, 2022 by GReAT

This is our latest summary of advanced persistent threat (APT) activities, focusing on events that we observed during Q3 2022. Continue reading APT trends report Q3 2022→

APT trends report Q2 2022

Posted on July 28, 2022 by GReAT

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q2 2022. Continue reading APT trends report Q2 2022→

WinDealer dealing on the side

Posted on June 2, 2022 by GReAT

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack. Continue reading WinDealer dealing on the side→

APT trends report Q1 2022

Posted on April 27, 2022 by GReAT

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022. Continue reading APT trends report Q1 2022→

MoonBounce: the dark side of UEFI firmware

Posted on January 20, 2022 by Mark Lechtik, Vasily Berdnikov, Denis Legezo, Ilya Borisov

At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41. Continue reading MoonBounce: the dark side of UEFI firmware→

APT trends report Q3 2021

Posted on October 26, 2021 by GReAT

The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021. Continue reading APT trends report Q3 2021→

APT trends report Q2 2021

Posted on July 29, 2021 by GReAT

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc. Continue reading APT trends report Q2 2021→

LuminousMoth APT: Sweeping attacks for the chosen few

Posted on July 14, 2021 by Mark Lechtik, Paul Rascagneres, Aseel Kayal

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda. Continue reading LuminousMoth APT: Sweeping attacks for the chosen few→