Targeted Attacks – WindowsTechs.com

Beyond the Surface: the evolution and expansion of the SideWinder APT group

Posted on October 15, 2024 by Giampaolo Dedola, Vasily Berdnikov

Kaspersky analyzes SideWinder APT’s recent activity: new targets in the MiddleEast and Africa, post-exploitation tools and techniques. Continue reading Beyond the Surface: the evolution and expansion of the SideWinder APT group→

Key Group: another ransomware group using leaked builders

Posted on October 1, 2024 by Kaspersky

Kaspersky experts studied the activity of Key Group, which utilizes publicly available builders for ransomware and wipers, as well as GitHub and Telegram. Continue reading Key Group: another ransomware group using leaked builders→

From 12 to 21: how we discovered connections between the Twelve and BlackJack groups

Posted on September 25, 2024 by Kaspersky

An investigation of BlackJack’s software, TTPs, and motivations led Kaspersky experts to identify a possible connection with the Twelve group. Continue reading From 12 to 21: how we discovered connections between the Twelve and BlackJack groups→

-=TWELVE=- is back

Posted on September 20, 2024 by Kaspersky

Analysis of Twelve’s activities using the Unified Kill Chain method: from initial access to deployment of LockBit- and Chaos-based ransomware and wipers. Continue reading -=TWELVE=- is back→

A deep dive into the most interesting incident response cases of last year

Posted on September 3, 2024 by Eduardo Ovalle, Ahmad Zaidi Said, AbdulRhman Alfaifi

Kaspersky Global Emergency Response Team (GERT) shares the most interesting IR cases for the year 2023: insider attacks, ToddyCat-like APT, Flax Typhoon and more. Continue reading A deep dive into the most interesting incident response cases of last year→

Head Mare: adventures of a unicorn in Russia and Belarus

Posted on September 2, 2024 by Kaspersky

Analysis of the hacktivist group Head Mare targeting companies in Russia and Belarus: exploitation of WinRAR vulnerability, custom tools PhantomDL and PhantomCore. Continue reading Head Mare: adventures of a unicorn in Russia and Belarus→

Exploits and vulnerabilities in Q2 2024

Posted on August 21, 2024 by Vitaly Morgunov, Alexander Kolesnikov

The report contains statistics on vulnerabilities and exploits, with an analysis of interesting vulnerabilities found in Q2 2024. Continue reading Exploits and vulnerabilities in Q2 2024→

BlindEagle flying high in Latin America

Posted on August 19, 2024 by GReAT

Kaspersky shares insights into the activity and TTPs of the BlindEagle APT, which targets organizations and individuals in Colombia, Ecuador, Chile, Panama and other Latin American countries. Continue reading BlindEagle flying high in Latin America→

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

Posted on August 14, 2024 by GReAT

Kaspersky has identified a new EastWind campaign targeting Russian organizations and using CloudSorcerer as well as APT31 and APT27 tools. Continue reading EastWind campaign: new CloudSorcerer attacks on government organizations in Russia→

APT trends report Q2 2024

Posted on August 13, 2024 by GReAT

The report features the most significant developments relating to APT groups in Q2 2024, including the new backdoor in Linux utility XZ, a new RAT called SalmonQT, and hacktivist activity. Continue reading APT trends report Q2 2024→