Collaborate Disseminate
Mandrake spyware threat actors resume attacks with new functionality targeting Android devices while being publicly available on Google Play. Continue reading Mandrake spyware sneaks onto Google Play again, flying under the radar for two years
Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor. Continue reading CloudSorcerer – A new APT targeting Russian government entities
In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook. Continue reading XZ backdoor: Hook analysis
The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity. Continue reading APT trends report Q1 2024
The report provides vulnerability and exploit statistics, key trends, and analysis of interesting vulnerabilities discovered in Q1 2024. Continue reading Exploits and vulnerabilities in Q1 2024
The report covers the tactics, techniques and tools most commonly deployed by threat actors, the nature of incidents detected and their distribution among MDR customers. Continue reading Managed Detection and Response in 2023
In this article we analyze social engineering aspects of the XZ backdoor incident. Namely pressuring the XZ maintainer to pass on the project to Jia Cheong Tan, and then urging major downstream maintainers to commit the backdoored code to their projects. Continue reading Assessing the Y, and How, of the XZ Utils incident
We continue to report on the APT group ToddyCat. This time, we’ll talk about traffic tunneling, constant access to a target infrastructure and data extraction from hosts. Continue reading ToddyCat is making holes in your infrastructure
New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go. Continue reading DuneQuixote campaign targets Middle Eastern entities with “CR4T” malware
Kaspersky researchers revisit the leaked LockBit 3.0 builder and share insights into a real-life incident involving a custom targeted ransomware variant created with this builder. Continue reading Using the LockBit builder to generate targeted ransomware