Targeted Attacks – WindowsTechs.com

Russian organizations targeted by backdoor masquerading as secure networking software updates

Posted on April 22, 2025 by Igor Kuznetsov, Georgy Kucherin, Alexander Demidov

While investigating an incident, we discovered a sophisticated new backdoor targeting Russian organizations by impersonating secure networking software updates. Continue reading Russian organizations targeted by backdoor masquerading as secure networking software updates→

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

Posted on April 17, 2025 by GReAT

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia. Continue reading IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia→

GOFFEE continues to attack organizations in Russia

Posted on April 10, 2025 by Oleg Kupreev

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent. Continue reading GOFFEE continues to attack organizations in Russia→

Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain

Posted on March 25, 2025 by Igor Kuznetsov, Boris Larin

Kaspersky GReAT experts discovered a complex APT attack on Russian organizations dubbed Operation ForumTroll, which exploits zero-day vulnerabilities in Google Chrome. Continue reading Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain→

Head Mare and Twelve join forces to attack Russian entities

Posted on March 13, 2025 by Kaspersky

We analyze the activities of the Head Mare hacktivist group, which has been attacking Russian companies jointly with Twelve. Continue reading Head Mare and Twelve join forces to attack Russian entities→

Incident response analyst report 2024

Posted on March 12, 2025 by Kaspersky GERT, Kaspersky Security Services

Kaspersky provides incident response statistics for 2024, as well real incidents analysis. The report also shares IR trends and cybersecurity recommendations. Continue reading Incident response analyst report 2024→

SideWinder targets the maritime and nuclear sectors with an updated toolset

Posted on March 10, 2025 by Giampaolo Dedola, Vasily Berdnikov

In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors. Continue reading SideWinder targets the maritime and nuclear sectors with an updated toolset→

Angry Likho: Old beasts in a new forest

Posted on February 21, 2025 by Kaspersky

Kaspersky experts analyze the Angry Likho APT group’s attacks, which use obfuscated AutoIt scripts and the Lumma stealer for data theft. Continue reading Angry Likho: Old beasts in a new forest→

Managed detection and response in 2024

Posted on February 20, 2025 by Kaspersky Security Services

The Kaspersky Managed Detection and Response report includes trends and statistics based on incidents identified and mitigated by Kaspersky’s SOC team in 2024. Continue reading Managed detection and response in 2024→

Threat predictions for industrial enterprises 2025

Posted on January 29, 2025 by Evgeny Goncharov

Kaspersky ICS CERT analyzes industrial threat trends and makes forecasts on how the industrial threat landscape will look in 2025. Continue reading Threat predictions for industrial enterprises 2025→