A hack in hand is worth two in the bush
We analyzed the data published by Cyber Av3ngers and found it to be sourced from older leaks by another hacktivist group called Moses Staff. Continue reading A hack in hand is worth two in the bush
Category Archives: Targeted Attacks
IT threat evolution in Q2 2023
Q2 2023 overview: targeted attacks such as Operation Triangulation, CloudWizard and Lazarus activity, Nokoyawa ransomware, and others. Continue reading IT threat evolution in Q2 2023
Focus on DroxiDat/SystemBC
An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack. Continue reading Focus on DroxiDat/SystemBC
Common TTPs of attacks against industrial organizations
In 2022 we investigated a series of attacks against industrial organizations in Eastern Europe. In the campaigns, the attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems. Continue reading Common TTPs of attacks against industrial organizations
APT trends report Q2 2023
This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023. Continue reading APT trends report Q2 2023
Dissecting TriangleDB, a Triangulation spyware implant
In researching Operation Triangulation, we set ourselves the goal to retrieve as many parts of the exploitation chain as possible. As of now, we have finished analyzing the spyware implant and are ready to share the details. Continue reading Dissecting TriangleDB, a Triangulation spyware implant
Operation Triangulation: iOS devices targeted with previously unknown malware
While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. We created offline backups of the devices, inspected them and discovered traces of compromise. Continue reading Operation Triangulation: iOS devices targeted with previously unknown malware
Meet the GoldenJackal APT group. Don’t expect any howls
GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher. Continue reading Meet the GoldenJackal APT group. Don’t expect any howls
CloudWizard APT: the bad magic story goes on
Kaspersky analysis of the CloudWizard APT framework used in a campaign in the region of the Russo-Ukrainian conflict. Continue reading CloudWizard APT: the bad magic story goes on
The nature of cyberincidents in 2022
Kaspersky Incident Response report for 2022: incident response statistics, key trends and conclusions, expert recommendations. Continue reading The nature of cyberincidents in 2022