v x

Invisible Text. f0wL was here :)

Home Code Archive ICS SCADA Papers Linux Papers Malware Defense Papers Other Papers Russian Papers The Old New Thing Papers Windows Papers Malware Collections

APT Activity: 2014

NA/Illuminating the Etumbot APT Backdoor
NA/TR-25 Analysis - Turla - Pfinet - Snake- Uroburos
NA/The 'Penquin' Turla
NA/Operation Arachnophobia
NA/New Indicators of Compromise for APT Group Nitro Uncovered
NA/Democracy in Hong Kong Under Attack
NA/Putter Panda
NA/Targeted Attacks Against the Energy Sector
NA/Hikit Analysis
NA/ZoxPNG Analysis
NA/The Rotten Tomato Campaign
NA/When Governments Hack Opponents: A Look at Actors and Technology
NA/Dragonfly: Cyberespionage Attacks Against Energy Suppliers
NA/The Epic Turla Operation
NA/Embassy of Greece Beijing - Compromise
NA/BlackEnergy2 - Plugins - Router
NA/The Monju Incident
NA/Regin: Top-tier espionage tool enables stealthy surveillance
NA/Energetic Bear – Crouching Yeti
NA/Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN
NA/Operation Poisoned Handover
NA/The mystery of North Korea’s cyber threat landscape
NA/Forced to Adapt: XSLCmd Backdoor Now on OS X
NA/Analysis of Chinese MITM on Google
NA/Targeted Threat Index: Characterizing and Quantifying Politically-Motivated Targeted Malware
NA/Aided Frame - Aided Direction (Because it’s a redirect)
NA/Full Disclosure of Havex Trojans
NA/El Machete
NA/ScanBox framework
NA/Operation Poisoned Hurricane
NA/XtremeRAT: Nuisance or Threat
NA/Threat Spotlight: Group 72
NA/Derusbi (Server Variant) Analysis
NA/New CDTO: A Sneakernet Trojan Solution
NA/NetTraveler APT Gets a Makeover for 10th Birthday
NA/Cloud Atlas: RedOctober APT is back in style
NA/The Uroburos case: new sophisticated RAT identified
NA/LeoUncia and OrcaRat
NA/APT 28: A Window into Russia’s Cyber Espionage Operations
NA/Survival of the Fittest: New York Times Attackers Evolve Quickly
NA/Korplug military targeted attacks: Afghanistan & Tajikistan
NA/Miniduke still duking it out
NA/Darwin’s Favorite APT Group
2014.01.21/RSA Incident Response: Emerging Threat Profile Shell_Crew
2014.02.11/Unveiling “Careto” - The Masked APT
2014.02.13/Operation SnowMan DeputyDog Actor Compromises US Veterans of Foreign Wars Website
2014.02.20/Operation GreedyWonk: Multiple Economic and Foreign Policy Sites Compromised, Serving Up Flash Zero-Day Exploit
2014.02.20/Mo’ Shells Mo’ Problems – File List Stacking
2014.02.25/The French Connection: French Aerospace-Focused CVE-2014-0322 Attack Shares Similarities with 2012 Capstone Turbine Activity
2014.03.06/The Siesta Campaign: A New Cybercrime Operation Awakens
2014.03.12/A Detailed Examination of the Siesta Campaign
2014.05.28/NEWSCASTER: An Iranian Threat Within Social Networks
2014.05.28/Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation
2014.07.07/Deep in Thought: Chinese Targeting of National Security Think Tanks
2014.07.11/The Eye of the Tiger Part - PityTiger
2014.07.20/Sayad (Flying Kitten) Infostealer – is this the work of the Iranian Ajax Security Team?
2014.07.29/Threat Group-3279 Targets the Video Game Industry
2014.08.13/A Look at Targeted Attacks Through the Lense of an NGO
2014.08.18/Syrian Malware, the ever-evolving threat
2014.08.18/The Syrian Malware House of Cards
2014.10.22/Operation Pawn Storm - Using Decoys to Evade Detection
2014.11.10/DARKHOTEL IOC
2014.11.10/The Darkhotel APT - A Story of Unusual Hospitality
2014.11.13/Operation CloudyOmega - Ichitaro zero-day and ongoing
2014.11.14/OnionDuke - APT Attacks Via the Tor Network - F-Secure Weblog
2014.11.20/EvilBunny - SUSPECT #4
2014.11.21/Operation DoubleTap
2014.11.24/I am Ironman: DEEP PANDA Uses Sakula Malware to Target Organizations in Multiple Sectors
2014.12.02/Operation Cleaver
2014.12.05/WIPALL Malware Routines lead to #GOP Warning (Sony Hack)
2014.12.09/The Inception Framework: Cloud-hosted APT
2014.12.10/W32.Regin Stage 1
2014.12.12/Vinself now with steganography
2014.12.17/Wiper Malware - A Detection Deep Dive
2014.12.18/Malware Attack Targeting Syrian ISIS Critics
2014.12.19/Alert (TA14-353A)
2014.12.21/Operation Poisoned Helmand
2014.12.22/Anunak: APT against financial institutions

APT Activity: 2015

2015.01.11/Hong Kong SWC Attack
2015.01.12/Skeleton Key Malware Analysis
2015.01.15/Evolution of sophisticated spyware: from Agent.BTZ to ComRAT
2015.01.20/Analysis of Project Cobra
2015.01.20/Reversing the Inception APT Analysis
2015.01.22/An analysis of Regin's Hopscotch Legspin
2015.01.22/Scarab attackers took aim at select Russian targets since 2012
2015.01.22/The Waterbug attack group
2015.01.27/Module 50251 and the “Qwerty” keylogger
2015.01.29/Backdoor.Winnti attackers have a skeleton in their closet?
2015.01.29/Analysis of a Recent PlugX Variant - “P2P PlugX”
2015.02.02/Behind the syria conflict's Digital Front Lines
2015.02.04/Pawn Storm Update: iOS Espionage App Found
2015.02.10/Global Threat Intel Report
2015.02.16/Carbanak APT - The Great Bank Robbery
2015.02.16/Star of the malware galaxy
2015.02.16/Operation Arid Viper - Bypassing the Iron Dome
2015.02.17/Desert Falcons - Targeted Attacks
2015.02.17/A Fanny Equation - Am your father, Stuxnet
2015.02.18/Babar - espionage software finally found and put under the microscope
2015.02.18/Shooting Elephants
2015.02.24/Scanbox II
2015.02.25/Plugx Goes to the Registry (and India)
2015.02.25/Southeast Asia - An Evolving Cyber Threat Landscape
2015.02.27/The Anthem Hack: All Roads Lead to China
2015.03.05/Casper Malware - After Babar and Bunny, Another Espionage Cartoon
2015.03.06/Animals in the APT Farm
2015.03.06/Babar or Bunny
2015.03.10/Tibetan Uprising Day Malware Attacks
2015.03.11/Inside the EquationDrug Espionage Platform
2015.03.19/Operation Woolen-Goldfish - When Kittens Go Phishing
2015.03.31/Volatile Cedar
2015.04.12/APT 30 - And The Mechanics Of A Long-Running Cyber Espionage Operation
2015.04.15/The Chronicles of the Hellsing APT
2015.04.15/Indicators of Compormise Hellsing
2015.04.16/Operation Pawn Storm
2015.04.18/Operation RussianDoll - Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28
2015.04.20/Sofacy II– Same Sofacy, Different Day
2015.04.21/The CozyDuke APT
2015.04.27/Attacks Against Israeli & Palestinian Interests
2015.05.05/Attacks on France TV5 Monde
2015.05.07/Analysis of the Kraken malware that was used for a targeted attack in UAE
2015.05.12/APT28 Targets Financial markets: zero day hashes released
2015.05.13/Cylance SPEAR Team: A Threat Actor Resurfaces
2015.05.14/The Naikon APT - Tracking Down Geo-Political Intelligence Across APAC, One Nation at a Time
2015.05.14/Operation Tropic Trooper
2015.05.18/Cmstar Downloader: Lurid and Enfal’s New Cousin
2015.05.19/Operation Oil Tanker
2015.05.21/Naikon APT - The MsnMM Campaigns
2015.05.27/Analysis On APT-To-Be Attack That Focusing On China's Government Agency
2015.05.27/Black Energy - Exfiltration of Data in ICS Networks
2015.05.28/Grabit and the RATs
2015.05.29/Ocean Lotus
2015.06.03/Thamar Reservoir - An Iranian cyber-attack campaign against targets in the Middle East
2015.06.04/Blue Termite
2015.06.09/Duqu 2.0 Win32K Exploit
2015.06.10/The Mystery of Duqu 2.0
2015.06.10/Duqu 2.0 - Technical Details
2015.06.12/Afghan Government Compromise - Browser Beware
2015.06.15/Targeted Attacks against Tibetan and Hong Kong Groups Exploiting CVE-2014-4114
2015.06.16/Operation Lotus Blossom
2015.06.22/Winnti targeting pharmaceutical companies
2015.06.24/UnFIN4ished Business
2015.06.26/Operation Clandestine Wolf
2015.06.28/APT on Taiwan
2015.06.30/Dino – the latest spying malware from an allegedly French espionage group analyzed
2015.07.08/APT Wekby Leveraging Adobe Flash Exploit CVE-2015-5119
2015.07.08/Wild Neutron – Economic espionage threat actor returns with new tricks
2015.07.09/Butterfly - Corporate spies out for financial gain
2015.07.10/APT group ups targets us gov
2015.07.13/Forkmeiam famous - SeaDuke, latest weapon in the Duke armory
2015.07.13/Demonstrating Hustle - Chinese APT Groups Quickly Use Zero‐Day Vulnerability (CVE‐2015‐5119)
2015.07.14/Mini Dionis: CozyCar’s New Ride Is Related to Seaduke
2015.07.14/How pawn storms java zero day was used
2015.07.20/Watering Hole Aerospace CVE-2015-5122 IsSpace
2015.07.20/China Hacks the Peace Palace
2015.07.22/Duke APT group's latest tools: cloud services and Linux support
2015.07.27/Apt29-Hammertoss: Stealthy Tactics Define a Russian Cyber Threat Group
2015.07.28/Black Vine cyberespionage group
2015.07.30/Operation Potao Express
2015.08.04/Terracotta VPN - Enabler of Advanced Threat Anonymity
2015.08.05/Threat Group-3390 Targets Organizations for Cyberespionage
2015.08.08/PoisonIvy and Links to an Extended PlugX Campaign
2015.08.10/HT_Exploit Cluster Telemetry
2015.08.19/New Internet Explorer zero-day exploited in Hong Kong attacks
2015.08.20/New Activity of the Blue Termite APT
2015.08.20/PlugX Threat Activity in Myanmar
2015.09.01/The Spy Kittens Are Back: Rocket Kitten 2
2015.09.08/Musical Chairs - gh0st Malware
2015.09.09/Satellite Turla APT Command and Control in the Sky
2015.09.15/PlugX in Russia
2015.09.16/The Shadow Knows - Malvertising campaigns use domain shadowing to pull in Angler EK
2015.09.17/Operation Iron Tiger
2015.09.17/Dukes - 7 years of Russian cyberespionage
2015.09.23/Project CameraShy
2015.10.03/Webmail Server APT - Methodology Targeting Microsoft Outlook Web Application
2015.10.05/njRAT and Dark Comet- Threat Identification Neutralizes Remote Access Trojan Efficacy
2015.10.15/Mapping FinFisher’s Continuing Proliferation
2015.10.16/Malware Attacks Against NGO & Burmese Govt Websites
2015.11.04/Evoling Threats - dissection of a Cyber-Espionage attack
2015.11.09/Rocket Kitten: A Campaign With 9 Lives
2015.11.10/Bookworm Trojan: A Model of Modular Architecture
2015.11.17/Pinpointing Targets Exploiting Web Analytics To Ensnare Victims
2015.11.18/Sakula Reloaded
2015.11.18/Tdrop 2 Attacks Suggest Dark Seoul Attackers Return
2015.11.18/Damballa discovers new toolset linked to Destover
2015.11.18/Russian financial cybercrime
2015.11.19/Decrypting Strings in Emdivi
2015.11.23/Prototype Nation - The Chinese Cybercriminal Underground in 2015
2015.11.23/Glass RAT - A Zero Detection Trojan from China
2015.11.23/Copy Kittens
2015.11.24/Bookworm Trojan - Attack Campaign on the Government of Thailand
2015.11.30/Ponmocup - A giant hiding in the shadows
2015.12.01/Admin-388 China Based Threat Group Uses Dropbox for Malware Communications
2015.12.04/Sofacy APT Hits High Profile Targets With Updated Toolset
2015.12.07/Iran Based Attackers use back door threats to spy on Middle Eastern targets
2015.12.07/Fin1 targets boot record
2015.12.08/Packrat: Seven Years of a South American Threat Actor
2015.12.13/Elise - Security Through Obesity
2015.12.15/Newcomers in the Derusbi family
2015.12.16/Operation Black Atlas
2015.12.17/APT 28: A Journey into Exfiltrating Intelligence and Government Information
2015.12.16/Dissecting the Malware Involved in the INOCNATION Campaign
2015.12.18/Attack on French Diplomat Linked to Operation Lotus Blossom
2015.12.20/The EPS Awakens
2015.12.22/BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger

APT Activity: 2016

2016.01.03/BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry
2016.01.07/Operation DustySky
2016.01.07/Rigging compromise - RIG Exploit Kit
2016.01.14/Waterbug Attack Group
2016.01.14/Needles in a Haystack
2016.01.19/China Advanced Persistent Threats Research Project
2016.01.21/NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan
2016.01.24/Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists
2016.01.26/Analyzing a New Variant of BlackEnergy 3 Likely Insider-Based Execution
2016.01.27/Hi ZOR RAT
2016.01.28/BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents
2016.01.29/Malicious Office files dropping Kasidet and Dridex
2016.01.29/Tinbapore: Millions of Dollars at Risk
2016.02.01/Massive Admedia Adverting iFrame Infection
2016.02.01/Organized Cybercrime Big in Japan: URLZone Now on the Scene
2016.02.03/Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?
2016.02.04/Advanced Modular Backdoor
2016.02.08/Know your enemies
2016.02.09/Poseidon’s APT Boutique
2016.02.11/india pakistan cyber rivalry
2016.02.12/Fysbis Sofacy Linux Backdoor
2016.02.23/Operation Dust Storm
2016.02.24/Operation Blockbuster Destructive Malware Report
2016.02.29/The Turbo Campaign, Featuring Derusbi for 64-bit Linux
2016.03.01/Operation Transparent Tribe
2016.03.02/New self‑protecting USB trojan able to avoid detection
2016.03.03/Shedding Light on BlackEnergy With Open Source Intelligence
2016.03.08/Operation OnionDog: Disclosing Targeted Attacks on Government and Industry Sectors in Korea
2016.03.09/MATRYOSHKA MINING: Lessons from Operation Russian Doll
2016.03.10/Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans
2016.03.14/Carbanak Group Targets Executives of Financial Organizations in the Middle East
2016.03.15/Suckfly: Revealing the secret life of your code signing certificates
2016.03.17/Taiwan Presidential Election A Case Study on Thematic Targeting
2016.03.18/Attack on Ukraine Power Grid
2016.03.23/Operation C-Major: Information Theft Campaign Targets Military Personnel in India
2016.03.25/ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe
2016.04.12/Targeted attacks in South and Southeast Asia
2016.04.15/Pandas & Bears
2016.04.18/Between Hong Kong and Burma Tracking UP007 and SLServer Espionage Campaigns
2016.04.21/New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists
2016.04.21/teaching an old rat new tricks
2016.04.22/The Ghost Dragon
2016.04.26/Iran opens a new front
2016.04.26/New Poison Ivy Activity Targeting Myanmar, Asian Countries
2016.04.27/Freezer Paper around Free Meat- Repackaging Open Source BeEF for Tracking and More
2016.05.02/goznym malware
2016.05.02/Prince of Persia: Infy Malware Active In Decade of Targeted Attacks
2016.05.05/Jaku Botnet Campaign
2016.05.06/Exploring CVE-2015-2545 and its users
2016.05.09/Using honeypots & diamond model for ics threat analysis
2016.05.10/Backdoor as a Software Suite: How TinyLoader Distributes and Upgrades PoS Threats
2016.05.17/indian organizations targeted suckfly attacks
2016.05.17/Mofang A politically motivated information stealing adversary
2016.05.18/Operation Groundbait: Analysis of a surveillance toolkit
2016.05.22/Operation Ke3chang Resurfaces With New TidePool Malware
2016.05.22/Targeted attacks against banks in middle east
2016.05.23/APT Case RUAG Technical Report
2016.05.24/New Wekby Attacks Use DNS Requests As Command and Control Mechanism
2016.05.25/cve-2015-2545: overview of current threats
2016.05.26/The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoo
2016.05.27/ixeshe derivative iheate targets users in america
2016.06.02/FastPOS: Quick and Easy Credit Card Theft
2016.06.09/Operation- Dusty Sky II
2016.06.16/Bears in the Midst Intrusion into the Democratic National Committee »
2016.06.16/DNC networks
2016.06.17/Operation Daybreak
2016.06.21/the curious case of an unknown trojan targeting german speaking users
2016.06.21/visiting the bear den recon 2016 calvet campos dupuy
2016.06.23/Tracking Elirks Variants in Japan: Similarities to Previous Attacks
2016.06.26/Nigerian cybercriminals target high impact industries in India
2016.06.26/The State of the ESILE/Lotus Blossom Campaign
2016.06.28/Investigation of traces of execution of attack tools, etc. for incident investigation report
2016.06.28/Prince of Persia Game Over
2016.06.30/Asruex: Malware Infecting through Shortcut Files
2016.07.01/Pacifier APT
2016.07.01/SBDH toolkit targeting central eastern europe uncovered
2016.07.07/nettraveler apt targets russian european interests
2016.07.07/Unveiling Patchwork The Copy-Paste APT: A targeted attack caught with cyber deception
2016.07.08/The Dropping Elephant – aggressive cyberespionage in the Asian region
2016.07.12/NANHAISHU RATing the South China Sea
2016.07.13/SFG: Furtim's Derivative
2016.07.21/Hide and Seek: How Threat Actors Respond in the Face of Public Exposure
2016.07.21/Sphinx (APT-C-15) Targeted Attacks in the Middle East
2016.07.26/attack delivers 9002 trojan through google drive
2016.07.28/China's Espionage Dynasty: Economic Death by a Thousand Cuts
2016.08.02/Group5: Syria and the Iranian Connection
2016.08.03/Operation Manul: I Got a Letter From the Government the Other Day... Unveiling a Campaign of Intimidation, Kidnapping, and Malware in Kazakhstan
2016.08.04/Running for Office: Russian APT Toolkit Revealed
2016.08.06/The Mahabharata Group (APT-C-09) Targeted Attack Threat from South Asia
2016.08.07/Strider: Cyberespionage group turns eye of Sauron on targets
2016.08.08/The ProjectSauron APT Technical Analysis
2016.08.11/Iran And The Soft War For Internet-Dominance
2016.08.16/Aveo Malware Family Targets Japanese Speaking Users
2016.08.17/Operation Ghoul: targeted attacks on industrial and engineering organizations
2016.08.19/Russian Cyber Operations On Steroids
2016.08.24/Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender
2016.08.25/Pegasus Technical Analysis
2016.09.01/Iran And The Soft War For Internet Dominance
2016.09.06/Buckeye cyberespionage group shifts gaze from US to Hong Kong
2016.09.14/MILE TEA: Cyber Espionage Campaign Targets Asia Pacific Businesses and Government Agencies
2016.09.18/Hunting Libyan Scorpions
2016.09.26/Sofacy’s ‘Komplex’ OS X Trojan
2016.09.28/Confucius Says…Malware Families Get Further By Abusing Legitimate Websites
2016.09.28/Russia Hacks Bellingcat MH17 Investigation
2016.09.29/China & Cyber Attitudes Strategies Organisation
2016.10.03/On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users
2016.10.16/A Tale of Two Targets
2016.10.20/En Route with Sednit Part 1: Approaching the Target
2016.10.25/Houdini's Magic Reappearance
2016.10.25/En Route with Sednit Part 2: Observing the Comings and Goings
2016.10.26/Moonlight – Targeted attacks in the Middle East
2016.10.27/BLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List
2016.10.27/En Route with Sednit Part 3: A Mysterious Downloader
2016.10.31/Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?
2016.11.03/When the Lights Went Out: A Comprehensive Review of the 2015 Attacks on Ukranian Critical Infrastructure
2016.11.09/Down the H-W0rm Hole with Houdini's RAT
2016.11.22/Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy
2016.12.13/The rise of TeleBots: Analyzing disruptive KillDisk attacks
2016.12.15/Microsoft Security Intelligence Report

APT Activity: 2017

2017.01.05/Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford
2017.01.09/Second Wave of Shamoon 2 Attacks Identified
2017.01.12/The “EyePyramid” Attacks
2017.01.15/Bear Spotting Vol. 1: Russian Nation State Targeting of Government and Military Interests
2017.01.18/Operation Grand Mars: Defending Against Carbanak Cyber Attacks
2017.01.25/Detecting threat actors in recent German industrial attacks with Windows Defender ATP
2017.01.30/Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments
2017.02.02/Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX
2017.02.03/Several Polish banks hacked, information stolen by unknown attackers
2017.02.10/Enhanced Analysis of GRIZZLY STEPPE Activity
2017.02.14/Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal
2017.02.15/Deep Dive On The DragonOK Rambo Backdoor
2017.02.15/Iranian PupyRAT Bites Middle Eastern Organizations
2017.02.15/Magic Hound Campaign Attacks Saudi Targets
2017.02.15/The Full Shamoon: How the Devastating Malware Was Inserted Into Networks
2017.02.16/Technical analysis of recent attacks against Polish banks
2017.02.17/ChChes – Malware that Communicates with C&C Servers Using Cookie Headers
2017.02.20/Lazarus False Flag Malware
2017.02.21/Additional Insights on Shamoon2
2017.02.22/Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government
2017.02.23/Dissecting the APT28 Mac OS X Payload
2017.02.27/The Gamaredon Group Toolset Evolution
2017.02.28/AtomBombing: A Code Injection that Bypasses Current Security Solutions
2017.03.06/FROM SHAMOON TO STONEDRILL Wipers attacking Saudi organizations and beyond
2017.03.08/Targeted Attack Campaigns with Multi-Variate Malware Observed in the Cloud
2017.03.14/Operation Electric Powder – Who is targeting Israel Electric Company?
2017.03.15/English Report of "FHAPPI Campaign" - FreeHosting APT PowerSploit Poison Ivy
2017.04.05/Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA
2017.04.06/Operation Cloud Hopper
2017.04.10/Longhorn: Tools used by cyberespionage group linked to Vault 7
2017.04.11/Unraveling the Lamberts Toolkit
2017.04.13/Callisto Group
2017.04.13/Teamspy - A deeper look into malware abusing TeamViewer
2017.04.14/PlexingEagle: A surprise encounter with a Telco APT
2017.04.27/Iranian Fileless Attack Infiltrates Israeli Organizations
2017.05.03/Kazuar: Multiplatform Espionage Backdoor with API Access
2017.05.03/KONNI: A Malware Under The Radar For
2017.05.03/Spy Tracker: The world's first UEFI motherboard BIOS Trojan
2017.05.14/Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations
2017.06.12/CRASHOVERRIDE: Analysis of the Threat to Electric Grid Operations
2017.06.12/WIN32/INDUSTROYER A new threat for industrial control systems
2017.06.13/HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure
2017.06.14/Phantom of the Opaera: New KASPERAGENT Malware Campaign
2017.06.15/North Korea Is Not Crazy
2017.06.18/APT3 Uncovered: The code evolution of Pirpi
2017.06.22/Following the Trail of BlackTech’s Cyber Espionage Campaigns
2017.06.22/The New and Improved macOS Backdoor from OceanLotus
2017.06.26/Threat Group-4127 Targets Google Accounts
2017.06.30/A gut feeling of old acquaintances, new tools, and a common battleground
2017.06.30/TeleBots are back: Supply-chain attacks against Ukraine
2017.07.05/Insider Information: An intrusion campaign targeting Chinese language news sites
2017.07.06/Operation Desert Eagle
2017.07.10/OSX Malware Linked to Operation Emmental Hijacks User Network Traffic
2017.07.11/Winnti Evolution - Going Open Source
2017.07.18/Inexsmar: An unusual DarkHotel campaign
2017.07.18/Recent Winnti Infrastructure and Samples
2017.07.24/“Tick” Group Continues Attacks
2017.07.27/ChessMaster Makes its Move: A Look into the Campaign's Cyberespionage Arsenal
2017.07.27/OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group
2017.07.27/Operation Wilted Tulip Exposing a cyber espionage apparatus
2017.08.01/Cobalt strikes back: an evolving multinational threat to finance
2017.08.08/APT Trends report Q2 2017
2017.08.11/APT28 Targets Hospitality Sector, Presents Threat to Travelers
2017.08.15/The Curious Case of Notepad and Chthonic: Exposing a Malicious Infrastructure
2017.08.17/Turla APT actor refreshes KopiLuwak JavaScript backdoor for usein G20-themed attack
2017.08.18/Russian Bank Offices Hit with Broad Phishing Wave
2017.08.25/Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures
2017.08.30/Gazing at Gazer Turla’s new second stage backdoor
2017.09.06/Dragony: Western energy sector targeted by sophisticated attack group
2017.09.06/Intelligence Games in the Power Grid
2017.09.12/Fireye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY
2017.09.18/CCleanup: A Vast Number of Machines at Risk
2017.09.18/An (un)documented Word feature abused by attackers
2017.09.20/Evidence Aurora Operation Still Active- Supply Chain Attack Through CCleaner
2017.09.20/CCleaner Command and Control Causes Concern
2017.09.28/Threat Actors Target Government of Belarus Using CMSTAR Trojan
2017.10.02/E vidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers
2017.10.10/Post-Soviet Bank Heists: A Hybrid Cybercrime Study
2017.10.12/BRONZE BUTLER Targets Japanese Enterprises
2017.10.16/BlackOasis APT - new targed attacks leveraging zero-day exploit
2017.10.16/Leviathan: Espionage actor spearphishes maritime and defense targets
2017.10.16/Taiwan Heist: Lazarus Tools and Ransomware
2017.10.19/Operation PZCHAO Inside a highly specialized espionage infrastructure
2017.10.20/Bad Patch
2017.10.24/Iranian Threat Agent Greenbug Impersonates Israeli High-Tech and Cyber Security Companies
2017.10.27/Bahamut Revisited, More Cyber Espionage in the Middle East and South Asia
2017.10.30/New targets, use of MS Access Macros and CVE 2017-0199, and possible mobile espionage
2017.10.31/Night of the Devil: Ransomware or wiper? A look into targeted attacks in Japan using MBR-ONI
2017.11.02/New Insights into Energetic Bear's Attacks on Turkish Critical Infrastructure
2017.11.02/Recent InPage Exploits Lead to Multiple Malware Families
2017.11.02/The KeyBoys are back in town
2017.11.02/LeetMX – a Yearlong Cyber-Attack Campaign Against Targets in Latin America
2017.11.06/ChessMaster’s New Strategy: Evolving Tools and Tactics
2017.11.06/OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society
2017.11.07/Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror
2017.11.07/Sowbug: Cyber espionage group targets South American and Southeast Asian governments
2017.11.10/New Malware with Ties to SunOrcal Discovered
2017.11.14/Muddying the Water: Targeted Attacks in the Middle East
2017.11.22/A dive into MuddyWater APT targeting Middle-East
2017.12.04/The Shadows of Ghosts: Inside the Response of a Unique Carbanak Intrusion Blog Post
2017.12.04/The Shadows of Ghosts: Inside the Response of a Unique Carbanak Intrusion Whitepaper
2017.12.05/Charming Kitten Iranian cyber espionage against human rights activists, academic researchers and media outlets - and the HBO hacker connection
2017.12.07/New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit
2017.12.11/MoneyTaker 1.5 YEARS OF SILENT OPERATIONS
2017.12.11/Untangling the Patchwork Cyberespionage Group
2017.12.14/Attackers Deploy New ICS Attack Framework "Triton" and Cause Operational Disruption to Critical Infrastructure
2017.12.17/Operation Dragony Analysis Suggests Links to Earlier Attacks
2017.12.19/North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group

APT Activity: 2018

2018.01.04/Iran's Cyber Threat Carnegie
2018.01.06/Pyeong Olympics Maldoc
2018.01.07/Operation DustySky
2018.01.07/Operation DustySky - Additional Info
2018.01.09/The Turla Mosquito - Targeting Eastern Diplomats
2018.01.09/Turla - Deployment via Adobe Flash Installer
2018.01.11/North Korean Defectors and Journalists Targeted via Social Networks and KakaoTalk
2018.01.12/Pawn Storm - Update
2018.01.15/New KillDisk Variant Hits Financial Organizations in Latin America
2018.01.16/Group 123 - Korea In The Crosshairs
2018.01.16/Lazarus - South Korean Cryptocurrency Users and Exchange Targeted in 2017
2018.01.16/Skygofree IOCs
2018.01.16/Skygofree - In the Footsteps of HackingTeam
2018.01.18/Dark Caracal - Cyber-espionage at a Global Scale
2018.01.18/Turla Neuron Malware
2018.01.24/Lazarus - New RATANKBA and More
2018.01.25/OilRig - RGDoor IIS Backdoor on Targets in Middle East
2018.01.26/Top Hat Campaign Targets Middle East Using 3rd Party Services
2018.01.27/Dragonfish - New Elise Malware Used for Espionage
2018.01.29/PoriewSpy - Android Malware Targeting India
2018.01.29/VERMIN - Quasar RAT and Custom Malware Used In Ukraine
2018.01.30/APT32 - Maldoc Delivering Elise Backdoor
2018.01.31/Comnie Continues to Target Orgs in East Asia
2018.02.01/Operation Pzchao - A Highly Specialized Espionage Infrastructure
2018.02.02/Gold Dragon - Permanent Presence on Systems During Olympics Attack
2018.02.07/VBS Campaign - Dar El-Jaleel Decoy Documents
2018.02.13/Deciphering Confucius' Cyberespionage Operations
2018.02.13/Lotus Blossom Continues ASEAN Targeting
2018.02.20/APT37 - The Overlooked North Korean Actor
2018.02.20/APT37 - The Overlooked North Korean Actor Summary
2018.02.20/Sofacy (APT28) Analysis
2018.02.20/Musical Chairs Playing Tetris
2018.02.21/Tempting Cedar Spyware - Fake Kik Messenger APK
2018.02.28/Chafer - Latest Attacks Reveal Heightened Ambitions
2018.02.28/Sofacy Attacks Multiple Government Entities
2018.03.01/MuddyWater - A Quick Dip into Recent Activity
2018.03.02/Operation Honeybee - Maldoc Campaign Targeting Humanitarian Aid
2018.03.05/ComboJack - Clipboard-Altering Malware Made to Steal Cryptocurrency
2018.03.06/The Slingshot APT - Exploiting MikroTik Devices and More
2018.03.07/Patchwork Keeps Delivering BADNEWS
2018.03.08/Donot Team Leveraging Modular Malware "yty" in South Asia
2018.03.08/Hidden Cobra - New Bankshot Implant Targets Turkish Financial Sector
2018.03.08/OlympicDestroyer - A Wiper Targeting Winter Olympics
2018.03.08/Territorial Dispute - NSA's perspective on APT landscape
2018.03.09/APT15 - Uncovering New Tools
2018.03.09/APT15 - RoyalCli and RoyalDNS Analysis
2018.03.09/Masha and These Bears - 2018 Sofacy Activity
2018.03.09/New traces of Hacking Team in the wild
2018.03.09/Sandvine's PacketLogic Devices Abused By APT for Delivering Malware
2018.03.12/Suspected New MuddyWater Campaign Targeting Turkey, Pakistan and Tajikistan
2018.03.13/Therapeutic Postmortem of Connected Medicine
2018.03.13/BlackTDS - Drive-By as a Service
2018.03.13/TEMP.Zagros - Iranian Threat Group Updates TTPs in Spear Phishing Campaign
2018.03.13/OceanLotus - Old Techniques, New Backdoor
2018.03.14/Inception Framework - Espionage Group Hiding in Plain Sight
2018.03.14/Tropic Trooper's New Strategy
2018.03.15/Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure (TA18-074A)
2018.03.23/Targeted Attacks on South Korean Organizations Using Local Word Processor (ASEC)
2018.03.27/Panda Banker Targeting Japanese Targets
2018.03.29/ChessMaster Adds Updated Tools to Its' Arsenal
2018.03.31/NavRAT - Using US-North Korea Summit As A Decoy For South Korean Attacks
2018.04.04/OceanLotus - New MacOS Backdoor
2018.04.12/Operation Parliament - Geopolitical Operation Targeting High Profile Organizations
2018.04.17/Iron Tiger Gh0st RAT Variant - Decoding the Network Data
2018.04.23/Energetic Bear / Crouching Yeti - Attacks on Servers
2018.04.23/HOGFISH Targeting Japan With RedLeaves Implants
2018.04.23/Orangeworm - Trojan.Kwampirs Targeting Healthcare Sector
2018.04.24/Metamorfo Campaigns Deliver Banking Trojans to Brazilian Users
2018.04.24/Operation GhostSecret Analysis - Worldwide Data Stealing
2018.04.24/Sednit Group Analysis
2018.04.26/GravityRAT - The Two-Year Evolution of an APT Targeting India
2018.04.27/Ocean Lotus
2018.05.03/Burning Umbrella - Winnti Umbrella and Associated State-Sponsored Attackers
2018.05.03/Red Eyes Hacking Group - A Detailed Analysis
2018.05.03/Who's who in the Zoo: ZooPark Summary
2018.05.03/Who's who in the Zoo: ZooPark Analysis
2018.05.09/CVE-2018-8174 - VBScript 0day Targeting IE and IE Kernel
2018.05.09/Iran's Hacker Hierarchy Exposed
2018.05.22/The Destruction of APT3
2018.05.22/Turla Mosquito - An Update
2018.05.23/Confucius Update - New Tools and Techniques, Further Connections with Patchwork
2018.05.23/VPNFilter Malware Targets At Least 500K Networking Devices Worldwide
2018.05.29/Iron Cybercrime Group Analysis
2018.06.06/Operation Prowli - Monetizing 40K Victim Machines
2018.06.06/Sofacy Group's Parallel Attacks
2018.06.06/VPNFilter Update - Exploiting Endpoints and Targeting New Devices
2018.06.07/Adobe Flash 0day Leveraged for Targeted Middle East Attack
2018.06.07/Patchwork APT Targeting US Think Tanks
2018.06.07/Totally Tubular Treatise on TRITON and TriStation
2018.06.13/LuckyMouse Organizing Country-Level Waterholing Campaign
2018.06.14/New MuddyWater Campaign Leveraging PowerShell-based PRB Backdoor
2018.06.14/MirageFox - APT15 Resurfaces With New Tools
2018.06.19/OlympicDestroyer - Still Alive
2018.06.20/Thrip Espionage Group Hits Satellite-, Telco- and Defense Companies
2018.06.22/Tick Group Weaponizing Secure USB Drives to Hit Air-Gapped Critical Systems
2018.06.23/Andariel Group - A Full Discloser (AhnLab)
2018.06.26/RANCOR - Targeted Attacks in SEA using PLAINTEE and DDKONG Malware
2018.06.xx/Operation Red Gambler
2018.07.08/The Big Bang - APT Attack In the Middle East
2018.07.08/Hussarini - A Targeted Cyber Attack in the Philippines
2018.07.09/BlackTech Group Steals Multiple Taiwanese Certificates
2018.07.12/Malicious MDM In India - An Advanced Mobile Malware Cmampaign
2018.07.13/Operation Roman Holiday - Hunting the Russian APT28
2018.07.16/New Andariel Recon Tactics Hint At Next Targets
2018.07.23/APT27 - A Long-term Espionage Campaign in Syria
2018.07.27/DarkHydrus - A New Threat Actor Targeting Middle East Government
2018.07.31/APT SideWinder Exploiting CVE-2017-11882
2018.07.31/Bisonal Malware Used In Attacks Against Russia and South Korea
2018.08.01/Maldoc Targeting Vietnamese Officials (SideWinder)
2018.08.02/Goblin Panda - Even More Maldocs Exploiting CVE-2017-11882
2018.08.02/GOLDFIN - A Persistent campaign Targeting CIS with SOCKSBOT
2018.08.02/Gorgon Group - An Unit 42 Analysis
2018.08.09/North Korean Malware Code Reuse
2018.08.16/Chinese Cyberespionage Operation Originating from Tshinghua University
2018.08.21/Supply Chain Attack "Operation Red Signature" Targets South Korean Organizations
2018.08.21/Turla Outlook Backdoor - An Unusual Turla Backdoor
2018.08.23/Operation AppleJeus - Lazarus Hits Cryptocurrency Exchange
2018.08.28/CeidPageLock - A Chinese RootKit
2018.08.29/Bahamut Confucius and Patchwork IOCs
2018.08.29/The Urpage Connection to Bahamut, Confucius and Patchwork
2018.08.30/Cobalt Group - "Double the Infection, Double the Fun"
2018.08.30/Hidden Bee Elements - Reversing Malware in a Custom Format
2018.08.30/Two Birds, One STONE PANDA
2018.08.30/In the Trails of WindShift APT
2018.09.04/OilRig Targets ME Government and Adds Evation Techniques to OopsIE Trojan
2018.09.04/Silence - A New and Active Criminal APT (GROUP-IB)
2018.09.07/Domestic Kitten - An Iranian Surveillance Operation
2018.09.07/Goblin Panda Targets Cambodia
2018.09.07/Targeted Attack on Indian Ministry of External Affairs using Crimson RAT
2018.09.10/LuckyMouse - Malicious NDISProxy Driver Signing Using Chinese IT Company Cert
2018.09.13/APT10 Targeting Japanese Corporations Using Updated TTPs
2018.09.19/Green Spot APT
2018.09.20/Poison Trumpet Vine Operation
2018.09.27/LoJax - First UEFI Rootkit Found in the Wild - Courtesy of the Sednit Group
2018.10.03/APT38 - Un-usual Suspects from North Korea
2018.10.10/MuddyWater Expands Operations
2018.10.11/Gallmaker - A New Espionage Group Targeting Gov, Mil and Defense Sectors
2018.10.15/Octopus - Malware Targeting Ex-Soviet Republics in Central Asia
2018.10.17/GreyEnergy - Updated Arsenal of one of the Most Dangerous Threat Actors
2018.10.17/GreyEnergy - A Successor to BlackEnergy
2018.10.17/The SpyRATS of OceanLotus (Cylance)
2018.10.17/MartyMcFly - Cyber-Espionage Campaign Targeting the Naval Industry
2018.10.17/MartyMcFly Malware - Targeting the Naval Industry
2018.10.18/APT Sidewinder - New TTPs to Install Their Backdoor
2018.10.18/Tracking "Tick" Through Recent Campaigns Targeting East Asia
2018.10.18/Operation Oceansalt Attacks South Korea, US and Canada with Chinese Source Code
2018.10.19/DarkPulsar Analysis (Securelist)
2018.11.01/Outlaw Group Utilizing Perl-Based IRC Shellbot
2018.11.05/Inception Attackers Targeting Europe With Year-old Office Vulnerability
2018.11.08/FASTCash - How the Lazarus Group is Emptying Millions from ATMs
2018.11.13/TEMP.Periscope Targets UK-Based Engineering Company using Russian APT Techniques
2018.11.19/Not So Cozy - An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
2018.11.20/Lazarus Attacks Financial Organizations in Latin America
2018.11.27/DNSpionage Campaign Targeting Middle East
2018.11.28/MuddyWater Operations in Lebanon and Oman
2018.11.28/Tropic Trooper Attack - A Microsoft Analysis
2018.11.29/Attacking Pakistan By Exploiting InPage Vulnerability
2018.11.30/New PowerShell-based Backdoor Found in Turkey - Strikingly Similar to MuddyWater
2018.11.xx/The Hunt for 3ve - Taking Down a Major Fraud Operation Through Industry Collaboration
2018.12.11/Poking the Bear - Three-Year Campaign Targets Russian Critical Infrastructure
2018.12.12/Donot Group Targeting Pakistani Businessman Working in China
2018.12.12/Operation Sharpshooter - Campaign Targets Global Defense, Critical Infrastructure
2018.12.13/The Return of The Charming Kitten
2018.12.13/Shamoon 3 Targets Oil and Gas Organization Saipem
2018.12.13/Tiledeb - Analyzing the 18-year-old Implant from the Shadow Brokers' Leak
2018.12.18/URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader
2018.12.20/Analyzing WindShift's Implant: OSX.WindTail (Part 1)
2018.12.27/The Enigmatic "Roma225" Campaign
2018.12.28/Goblin Panda Changes Dropper and Reuses Old Infrastructure

APT Activity: 2019

2019.01.16/Latest Target Attack of DarkHydruns Group Against Middle East (CHI and ENG translation)
2019.01.17/Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security Products
2019.01.18/DarkHydrus delivers new Trojan that can use Google Drive for C2 communications
2019.01.24/Carbon Black TAU & ThreatSight Analysis: GandCrab and Ursnif Campaign
2019.01.30/Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities
2019.02.01/Tracking OceanLotus’ new Downloader, KerrDown
2019.02.05/Analyzing Digital Quartermasters in Asia – Do Chinese and Indian APTs Have a Shared Supply Chain?
2019.02.06/APT10 Targeted Norwegian MSP and US Companies in Sustained Campaign
2019.02.14/Suspected Molerats' New Attack in the Middle East (CHI and ENG translation)
2019.02.18/APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations
2019.02.25/Defeating Compiler-Level Obfuscations Used in APT10 Malware
2019.02.26/The Arsenal Behind the Australian Parliament Hack
2019.02.27/A Peek into BRONZE UNION’s Toolbox
2019.02.28/Ransomware, Trojan and Miner together against “PIK-Group”
2019.03.04/APT40: Examining a China-Nexus Espionage Actor
2019.03.06/Op. “Pistacchietto”: An Italian Job
2019.03.07/New SLUB Backdoor Uses GitHub, Communicates via Slack
2019.03.08/Supply Chain – The Major Target of Cyberespionage Groups
2019.03.11/Gaming industry still in the scope of attackers in Asia
2019.03.12/Operation Comando: How to Run a Cheap and Effective Credit Card Business
2019.03.13/DMSniff POS Malware Actively Leveraged to Target Small-Medium-Sized Businesses
2019.03.22/LUCKY ELEPHANT Campaign Masquerading
2019.03.25/Operation ShadowHammer
2019.03.27/Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
2019.03.28/Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole
2019.04.02/OceanLotus Steganography
2019.04.10/The Muddy Waters of APT Attacks
2019.04.10/Gaza Cybergang Group1, operation SneakyPastes
2019.04.10/Project TajMahal – a sophisticated new APT framework
2019.04.17/AAggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign
2019.04.19/“Funky malware format” found in Ocean Lotus sample
2019.04.22/FINTEAM: Trojanized TeamViewer Against Government Targets
2019.04.23/Operation ShadowHammer: a high-profile supply chain attack
2019.04.24/TA 505 and other Threat Actors targeting US retailers and financial organizations in Europe, APAC and LATAM
2019.04.30/SectorB06 using Mongolian language in lure document
2019.05.03/Who’s Who in the Zoo. Cyberespionage Operation Targets Android Users in the Middle East.
2019.05.07/ATMitch: New Evidence Spotted In The Wild
2019.05.08/FIN7.5: the infamous cybercrime rig “FIN7” continues its activities
2019.05.09/ranian Nation-State APT Groups 'Black Box' Leak
2019.05.11/Chinese Actor APT target Ministry of Justice Vietnamese
2019.05.13/ScarCruft continues to evolve, introduces Bluetooth harvester
2019.05.15/Winnti: More than just Windows and Gates
2019.05.18/Operation BlackLion
2019.05.19/HiddenWasp Malware Stings Targeted Linux Systems
2019.05.22/A journey to Zebrocy land
2019.05.24/Uncovering New Activity By APT10
2019.05.27/Saber Lions Organization (APT-C-38) Attacks Uncovered (CHI and ENG translation)
2019.05.28/Emissary Panda Attacks Middle East Government Sharepoint Servers
2019.05.29/TA505 is Expanding its Operations
2019.05.30/10 years of virtual dynamite: A high-level retrospective of ATM malware
2019.06.03/Zebrocy’s Multilanguage Malware Salad
2019.06.04/An APT Blueprint: Gaining New Visibility into Financial Threats
2019.06.05/Scattered Canary: The Evolution and Inner Workings of a West African Cybercriminal Startup Turned BEC Enterprise
2019.06.10/New Muddy Waters Activity Uncovered
2019.06.10/MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools
2019.06.11/The Discovery of Fishwrap: A New Social Media Information Operation Methodology
2019.06.12/Threat Group Cards: A Threat Actor Encyclopedia
2019.06.20/New Approaches Utilized by OceanLotus to Target An Environmental Group in Vietnam
2019.06.21/Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments
2019.06.25/Analysis of MuddyC3, a New Weapon Used by MuddyWater
2019.06.26/Iranian Threat Actor Amasses Large Cyber Operations Infrastructure Network to Target Saudi Organizations
2019.06.27/ShadowGate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit
2019.07.01/Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus
2019.07.03/Multiple Chinese Threat Groups Exploiting CVE-2018-0798 Equation Editor Vulnerability Since Late 2018
2019.07.04/‘Twas the night before | NewsBeef
2019.07.09/Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques
2019.07.11/BBuhtrap group uses zero‑day in latest espionage campaigns
2019.07.15/SWEED: Exposing years of Agent Tesla campaigns
2019.07.16/SLUB Gets Rid of GitHub, Intensifies Slack Use
2019.07.17/EvilGnome: Rare Malware Spying on Linux Desktop Users
2019.07.18/Hard Pass: Declining APT34’s Invite to Join Their Professional Network
2019.07.24/Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia
2019.08.05/MACHETE just got sharper
2019.08.05/Sharpening the Machete
2019.08.07/APT41: A Dual Espionage and Cyber Crime Operation
2019.08.07/APT41 Double Dragon APT41, a dual espionage and cyber crime operation
2019.08.08/Suspected BITTER APT Continues Targeting Government of China and Chinese Organizations
2019.08.12/Recent Cloud Atlas activity
2019.08.14/In the Balkans, businesses are under fire from a double‑barreled weapon
2019.08.20/Malware analysis about unknown Chinese APT campaign
2019.08.21/The Gamaredon Group: A TTP Profile Analysis
2019.08.22/Operation Task Masters: Cyberespionage in the digital economy age
2019.08.26/APT-C-09 Reappeared as Conflict Intensified Between India and Pakistan
2019.08.27/China Chopper still active 9 years later
2019.08.29/More_eggs, Anyone? Threat Actor ITG08 Strikes Again
2019.08.31/Malware analysis on Bitter APT campaign (31-08-19)
2019.09.04/Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions
2019.09.05/UPSynergy: Chinese-American Spy vs. Spy Story
2019.09.06/BITTER APT: Not So Sweet
2019.09.09/Thrip: Ambitious Attacks Against High Level Targets Continue
2019.09.11/ RANCOR APT: Suspected targeted attacks against South East Asia
2019.09.15/The Kittens Are Back in Town: Charming Kitten Campaign Against Academic Researchers
2019.09.18/Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites
2019.09.18/Tortoiseshell Group
2019.09.24/DeadlyKiss: Hit One to Rule Them All
2019.09.26/Chinese APT Hackers Attack Windows Users via FakeNarrator Malware to Implant PcShare Backdoor
2019.09.30/HELO Winnti: Attack or Scan?
2019.10.01/New Adwind Campaign targets US Petroleum Industry
2019.10.03/PKPLUG: Chinese Cyber Espionage Group Attacking Asia
2019.10.07/The Kittens Are Back in Town 2 – Charming Kitten Campaign Keeps Going on, Using New Impersonation Methods
2019.10.09/FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops
2019.10.10/ESET discovers Attor, a spy platform with curious GSM fingerprinting
2019.10.14/Is Emotet gang targeting companies with external SOC?
2019.10.15/LOWKEY: Hunting for the Missing Volume Serial ID
2019.10.17/Operation Ghost: The Dukes aren’t back — they never left
2019.10.21/Winnti Group’s skip-2.0_ A Microsoft SQL Server backdoor
2019.10.24/HHS HC3: Report on APT41 TTPs
2019.10.28/SWEED Targeting Precision Engineering Companies in Italy
2019.10.31/Calypso APT
2019.11.04/Higaisa APT
2019.11.05/The Lazarus’ gaze to the world: What is behind the first stone?
2019.11.05/DarkUniverse – the mysterious APT framework #27
2019.11.08/Titanium: the Platinum group strikes again
2019.11.1/Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium
2019.11.12/TA-505 Cybercrime on System Integrator Companies
2019.11.13/More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
2019.11.21/Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon
2019.11.25/Studying Donot Team
2019.11.26/Insights from one year of tracking a polymorphic threat | Dexpot
2019.11.28/RevengeHotels: cybercrime targeting hotel front desks worldwide
2019.11.29/Operation ENDTRADE: TICK’s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data
2019.12.03/Threat Actor Targeting Hong Kong Pro-Democracy Figures
2019.12.04/Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
2019.12.06/Cosmic Banker campaign is still active revealing link with Banload malware
2019.12.11/Waterbear is Back, Uses API Hooking to Evade Security Product Detection
2019.12.12/Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry
2019.12.16/MyKings: The Slow But Steady Growth of a Relentless Botnet
2019.12.17/Dacls, the Dual platform RAT
2019.12.19/Operation Wacao: Shining a light on one of China’s hidden hacking groups
2019.12.26/Targeting Portugal: A new trojan ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax
2019.12.29/BRONZE PRESIDENT Targets NGOs

APT Activity: 2020

2020.01.01/The Phantom Wandering in China and Pakistan - The SideWinder APT Targets Pakistan's recent activities and a summary of the organization's activities in 2019
2020.01.06/First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
2020.01.07/Destructive Attack “DUSTMAN”
2020.01.07/Iranian Cyber Response to Death of IRGC Head Would Likely Use Reported TTPs and Previous Access
2020.01.08/Operation AppleJeus Sequel
2020.01.09/North American Electric Cyber Threat Perspective January 2020
2020.01.13/APT27 ZxShell RootKit module updates
2020.01.13/Reviving MuddyC3 Used by MuddyWater (IRAN) APT
2020.01.16/JhoneRAT: Cloud based python RAT targeting Middle Eastern countries
2020.01.31/Winnti Group targeting universities in Hong Kong
2020.02.03/Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations
2020.02.10/Outlaw Updates Kit to Kill Older Miner Versions, Targets More Systems
2020.02.13/New Cyber Espionage Campaigns Targeting Palestinians - Part 2: The Discovery of the New, Mysterious Pierogi Backdoor
2020.02.17/Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign
2020.02.17/CLAMBLING - A New Backdoor Base On Dropbox (EN)
2020.02.17/Fox Kitten Campaign Widespread Iranian Espionage-Offensive Campaign
2020.02.18/Uncovering DRBControl Inside the Cyberespionage Campaign Targeting Gambling Operations
2020.02.19/The Lazarus Constellation A study on North Korean malware
2020.02.21/MyKings Botnet Analysis Report
2020.02.22/Weaponizing a Lazarus Group Implant
2020.02.25/Cloud Snooper attack bypasses firewall security measures
2020.02.28/Who will be the next silent lamb? - Nuo Chong Lions APT organization revealed
2020.03.02/APT34 (aka OilRig, aka Helix Kitten) attacks Lebanon government entities with MailDropper implants
2020.03.03/The North Korean Kimsuky APT keeps threatening South Korea evolving its TTPs
2020.03.05/Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks
2020.03.05/Guildma: The Devil drives electric
2020.03.10/njRat: Indicators of Compromise
2020.03.10/Who's Hacking the Hackers: No Honor Among Thieves
2020.03.10/Threat Alert Hacking the Hackers
2020.03.11/Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan
2020.03.12/Tracking Turla: New backdoor delivered via Armenian watering holes
2020.03.12/The deadly stinger to Palestine - the two-tailed scorpion APT group's attack activities Analysis and Summary
2020.03.12/Vicious Panda: The COVID Campaign
2020.03.15/APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT
2020.03.19/Pawn Storm in 2019 A Year of Scanning and Credential Phishing on High-Profile Targets
2020.03.24/Operation Poisoned News: Hong Kong Users Targeted With Mobile Malware via Local News Links
2020.03.24/WildPressure targets industrial-related entities in the Middle East
2020.03.25/This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
2020.03.26/iOS exploit chain deploys LightSpy feature-rich malware
2020.03.30/The 'Spy Cloud' Operation- Geumseong121 group carries out the APT attack disguising the evidence of North Korean defection
2020.04.07/APTs and COVID-19- How advanced persistent threats use the coronavirus as a lure
2020.04.07/Decade of the RATs: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android
2020.04.07/New Ursnif Campaign: A Shift from PowerShell to Mshta
2020.04.15/APT Group Chimera - APT Operation Skeleton Key Targets Taiwan Semiconductor Vendors
2020.04.15/Nation-state Mobile Malware Targets Syrians with COVID-19 Lures
2020.04.16/Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems
2020.04.16/White Ops | Inside the Largest Connected TV Botnet Attack
2020.04.16/APT Group Chimera - APT Operation Skeleton Key Targets Taiwan Semiconductor Vendors
2020.04.17/Gamaredon APT Group Use Covid-19 Lure in Campaigns
2020.04.20/WINNTI GROUP: Insights From the Past
2020.04.21/Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant
2020.04.24/A new method of targeted attack is revealed. Evil diagnostic tool "Posh C2" Explain the flow of attacks to use
2020.04.28/Grandoreiro: How engorged can an EXE get?
2020.04.28/Outlaw is Back, a New Crypto-Botnet Targets European Organizations
2020.04.29/Chinese Influence Operations Evolve in Campaigns Targeting Taiwanese Elections, Hong Kong Protests
2020.05.05/Nazar: Spirits of the Past
2020.05.06/Leery Turtle Threat Report
2020.05.06/Phantom in the Command Shell
2020.05.07/Introducing Blue Mockingbird
2020.05.07/Naikon APT: Cyber Espionage Reloaded
2020.05.11/JsOutProx RAT: Attack on Indian Government, Financial Institutions
2020.05.11/Updated BackConfig Malware Targeting Government and Military Organizations in South Asia
2020.05.12/Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments
2020.05.13/Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks
2020.05.14/APT Group Planted Backdoors Targeting High Profile Networks in Central Asia
2020.05.14/COMpfun authors spoof visa application with HTTP statusbased Trojan
2020.05.14/Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia
2020.05.14/RATicate: an attacker’s waves of information-stealing malware
2020.05.14/Vendetta-new threat actor from Europe
2020.05.18/APT-C-23: Two-tailed scorpion (APT-C-23) latest campaign targeting the Middle East - 360 Core Security Technology Blog
2020.05.19/Greenbug: Sophisticated Espionage Group Turns Attention to Telecom Providers in South Asia
2020.05.21/The Evolution of APT15’s Codebase 2020
2020.05.21/Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia
2020.05.21/Winnti: No “Game over” for the Winnti Group
2020.05.26/FROM AGENT.BTZ TO COMRAT V4 A ten-year journey
2020.05.28/The zero-day exploits of Operation WizardOpium
2020.05.29/Russian Cyber Attack Campaigns and Actors
2020.06.03/Cycldek: Bridging the (air) gap
2020.06.03/New LNK attack tied to Higaisa APT discovered
2020.06.08/GuLoader? No, CloudEyE
2020.06.08/TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware
2020.06.09/HHS HC3: APT and Cybercriminal Targeting of HCS
2020.06.11/New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa
2020.06.11/Gamaredon group grows its game
2020.06.15/India: Human Rights Defenders Targeted by a Coordinated Spyware Operation
2020.06.16/Cobalt: tactics and tools update
2020.06.17/AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations
2020.06.17/Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature
2020.06.19/Targeted Attack Leverages India-China Border Dispute
2020.06.23/WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
2020.06.24/BRONZE VINEWOOD Targets Supply Chains
2020.06.25/A close look at the advanced techniques used in a Malaysianfocused APT campaign
2020.06.26/WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations
2020.06.29/PROMETHIUM extends global reach with StrongPity3 APT
2020.06.30/StrongPity APT - Revealing Trojanized Tools, Working Hours and Infrastructure
2020.07.01/Mobile APT Surveillance Campaigns Targeting Uyghurs
2020.07.06/North Korean hackers are skimming US and European shoppers
2020.07.08/Copy cat of APT Sidewinder?
2020.07.08/TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware
2020.07.08/Operation ‘Honey Trap’: APT36 Targets Defense Organizations in India
2020.07.09/Cosmic Lynx: The Rise of Russian BEC
2020.07.12/Snakes come from the dark - SideWinder APT Organization First Half of 2020 Annual activity summary report
2020.07.14/Welcome Chat as a secure messaging app? Nothing could be further from the truth
2020.07.14/Turla / Venomous Bear updates its arsenal: “NewPass” appears on the APT threat scene
2020.07.15/THE FAKE CISCO: Hunting for backdoors in Counterfeit Cisco devices
2020.07.16/Advisory: APT29 targets COVID-19 vaccine development
2020.07.20/Study of the APT attacks on state institutions in Kazakhstan and Kyrgyzstan
2020.07.22/OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory
2020.07.22/MATA: Multi-platform targeted malware framework
2020.07.29/Operation (노스 스타) North Star A Job Offer That’s Too Good to be True?
2020.08.03/MAR-10292089-1.v2 – Chinese Remote Access Trojan: TAIDOOR
2020.08.10/Gorgon APT targeting MSME sector in India
2020.08.12/Internet Explorer and Windows zero-day exploits used in Operation PowerFall
2020.08.13/CactusPete APT group’s updated Bisonal backdoor
2020.08.13/Operation ‘Dream Job’ Widespread North Korean Espionage Campaign
2020.08.20/More Evidence of APT Hackers-for-Hire Used for Industrial Espionage
2020.08.24/Lifting the veil on DeathStalker, a mercenary triumvirate
2020.08.27/The Kittens Are Back in Town 3 Charming Kitten Campaign Evolved and Deploying Spear-Phishing link by WhatsApp
2020.08.28/Transparent Tribe: Evolution analysis,part 2
2020.09.01/Chinese APT TA413 Resumes Targeting of Tibet Following COVID-19 Themed Economic Espionage Campaign Delivering Sepulcher Malware Targeting Europe
2020.09.03/Evilnum IOCs: Indicators of Compromise
2020.09.03/No Rest for the Wicked: Evilnum Unleashes PyVil RAT
2020.09.08/TeamTNT activity targets Weave Scope deployments
2020.09.11/The art and science of detecting Cobalt Strike
2020.09.16/Partners in crime: North Koreans and elite Russianspeaking cybercriminals
2020.09.17/Operation Tibbar: A retaliatory targeted attack from the South Asian APT group "Mo Luo Shu"
2020.09.18/U.S. Justice Department Charges APT41 Hackers over Global Cyberattacks
2020.09.21/The art and science of detecting Cobalt Strike
2020.09.22/APT28 Delivers Zebrocy Malware Campaign using NATO Theme as Lure
2020.09.23/Operation SideCopy: An insight into Transparent Tribe’s sub-division which has been incorrectly attributed for years
2020.09.24/Microsoft Security—detecting empires in the cloud
2020.09.25/APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries — HpReact campaign
2020.09.25/German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed
2020.09.29/Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors
2020.09.29/ShadowPad: new activity from the Winnti group
2020.09.30/APT-C-23 group evolves its Android spyware
2020.10.05/MosaicRegressor: Lurking in the Shadows of UEFI
2020.10.06/Release the Kraken: Fileless APT attack abuses Windows Error Reporting service
2020.10.07/BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps
2020.10.13/Blood Madder: A never-ending Chinese intelligence gathering activity
2020.10.14/Silent Librarian APT right on schedule for 20/21 academic year
2020.10.15/Operation Quicksand MuddyWater’s Offensive Attack Against Israeli Organizations
2020.10.19/Operation Earth Kitsune: Tracking SLUB’s Current Operation
2020.10.22/Analysis of the attack activities of the Manlinghua APT organization using malicious CHM documents against domestic research institutions
2020.10.23/North African Fox (APT-C-44) Attack Activity Revealed
2020.10.26/Study of the ShadowPad APT backdoor and its relation to PlugX
2020.10.27/North Korean Advanced Persistent Threat Focus: Kimsuky
2020.11.01/A look into APT36's (Transparent Tribe) tradecraft
2020.11.02/Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945
2020.11.04/A new APT uses DLL side-loads to “KilllSomeOne”
2020.11.06/OceanLotus: Extending Cyber Espionage Operations Through Fake Websites
2020.11.10/New APT32 Malware Campaign Targets Cambodian Government
2020.11.12/The CostaRicto Campaign: Cyber-Espionage Outsourced
2020.11.12/CRAT wants to plunder your endpoints
2020.11.12/Hungry for data, ModPipe backdoor hits POS software used in hospitality sector
2020.11.16/Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions
2020.11.16/TA505: A Brief History Of Their Time
2020.11.17/Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign
2020.11.18/TTPs 2 Analysis of the Bookcodes RAT C2 framework starting with spear phishing
2020.11.19/Cybereason vs. MedusaLocker Ransomware
2020.11.23/[S2W LAB] Analysis of Clop Ransomware suspiciously related to the Recent Incident
2020.11.26/Bandook: Signed & Delivered
2020.11.27/Investigation with a twist: an accidental APT attack and averted data destruction
2020.11.30/Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them
2020.11.30/Shadows From the Past Threaten Italian Enterprises
2020.12.01/Advanced Persistent Threat Actors Targeting U.S. Think Tanks
2020.12.01/Operation Red Kangaroo
2020.12.02/Turla Crutch: Keeping the “back door” open
2020.12.03/Adversary Tracking Report: When a false flag doesn’t work: Exploring the digital-crime underground at campaign preparation stage
2020.12.07/The footprints of Raccoon: a story about operators of JS-sniffer FakeSecurity distributing Raccoon stealer
2020.12.09/SideWinder Uses South Asian Issues for Spear Phishing, Mobile Attacks
2020.12.13/Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
2020.12.15/Wang Thorn Group (APT-C-47) Disclosure of Attack Activities Using ClickOnce Technology
2020.12.15/Greetings from Lazarus Anatomy of a cyber espionage campaign
2020.12.16/Mapping out AridViper Infrastructure Using Augury’s Malware Module
2020.12.17/Operation SignSight: Supply-chain attack against a certification authority in Southeast Asia
2020.12.17/Pay2Kitten Pay2Key Ransomware – A New Campaign by Fox Kitten
2020.12.19/[RE018-1] Analyzing new malware of China Panda hacker group used to attack supply chain against Vietnam Government Certification Authority - Part 1
2020.12.22/Collaboration between FIN7 and the RYUK group, a Truesec Investigation
2020.12.23/Lazarus covets COVID-19-related intelligence
2020.12.29/Revenge RAT targeting users in South America
2020.12.30/SolarWinds Attribution: Are We Getting Ahead of Ourselves?

APT Activity: 2021

2021.01.04/APT 27 Turns to Ransomware
2021.01.04/Stopping Serial Killer: Catching the Next Strike
2021.01.04/Royal Road ReDive
2021.01.05/Earth Wendigo Injects JavaScript Backdoor for Mailbox Exfiltration
2021.01.05/ReconHellcat Uses NIST Theme as Lure To Deliver New BlackSoul Malware
2021.01.06/Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat
2021.01.06/A Deep Dive into Lokibot Infection Chain
2021.01.07/Brunhilda DaaS Malware Analysis Report
2021.01.08/Charming Kitten’s Christmas Gift
2021.01.11/Sunburst backdoor – code overlaps with Kazuar
2021.01.11/Crowdstrike: Sunspot Technical Analysis
2021.01.11/xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement
2021.01.12/Chimera: Abusing cloud services to fly under the radar
2021.01.12/Operation Spalax: Targeted malware attacks in Colombia
2021.01.12/Opening “STEELCORGI”: A Sophisticated APT Swiss Army Knife
2021.01.14/Higaisa or Winnti? APT41 backdoors, old and new
2021.01.20/Commonly Known Tools Used by Lazarus
2021.01.20/A Deep Dive Into Patchwork APT Group
2021.01.28/“Lebanese Cedar” APT Global Lebanese Espionage Campaign Leveraging Web Servers
2021.01.31/A41APT Case: Analysis of the Stealth APT Campaign Threatening Japan
2021.02.01/Operation NightScout: Supply‑chain attack targets online gaming in Asia
2021.02.02/A WILD KOBALOS APPEARS: Tricksy Linux malware goes after HPCs
2021.02.03/Hildegard: New TeamTNT Malware Targeng Kubernetes
2021.02.08/Domestic Kitten – An Inside Look at the Iranian Surveillance Operations
2021.02.09/BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech
2021.02.10/Lookout Discovers Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict
2021.02.17/Confucius APT Android Spyware Targets Pakistani and Other South Asian Regions
2021.02.22/The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day
2021.02.24/Click and Bait: Vietnamese Human Rights Defenders Targeted with Spyware Attacks
2021.02.24/LazyScripter: From Empire to double RAT
2021.02.25/APT10: Tracking down the stealth activity of the A41APT campaign
2021.02.25/Lazarus targets defense industry with ThreatNeedle
2021.02.25/TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations
2021.02.28/China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions
2021.03.02/HAFNIUM targeting Exchange Servers with 0-day exploits
2021.03.02/Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities
2021.03.10/FIN8 Returns with Improved BADHATCH Toolkit
2021.03.10/New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor
2021.03.11/Academics, AI, and APTs: How Six Advanced Persistent Threat-Connected Chinese Universities are Advancing AI Research
2021.03.30/APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign
2021.03.30/BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns
2021.04.07/Sowing Discord: Reaping the benefits of collaboration app abuse
2021.04.08/Iran’s APT34 Returns with an Updated Arsenal
2021.04.08/(Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor
2021.04.09/Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware
2021.04.13/Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild
2021.04.13/Hackers Flood the Web with 100,000 Malicious Pages, Promising Professionals Free Business Forms, But Delivering Malware, Reports eSentire
2021.04.19/A Deep Dive into Zebrocy’s Dropper Docs
2021.04.19/Lazarus APT conceals malicious code within BMP image to drop its RAT
2021.04.20/Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day
2021.04.23/APT35 ‘Charming Kitten' discovered in a pre-infected environment
2021.04.23/NAIKON – Traces from a Military Cyber-Espionage Operation
2021.04.27/Lazarus Group Recruitment: Threat Hunters vs Head Hunters
2021.04.28/Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity
2021.05.06/Operation TunnelSnake
2021.05.07/Further TTPs associated with SVR cyber actors
2021.05.07/Revealing the Snip3 Crypter, a Highly Evasive RAT Loader (TA2541)
2021.05.13/Transparent Tribe APT expands its Windows malware arsenal
2021.05.27/New sophisticated email-based attack from NOBELIUM
2021.05.28/Breaking down NOBELIUM’s latest early-stage toolset
2021.06.02/Cyber Threat Advisory: NOBELIUM Campaigns and Malware
2021.06.03/SharpPanda: Chinese APT Group Targets Southeast Asian Government With Previously Unknown Backdoor
2021.06.08/PuzzleMaker attacks with Chrome zero-day exploit chain
2021.06.10/Big airline heist - APT41 likely behind massive supply chain attack
2021.06.16/Ferocious Kitten: 6 years of covert surveillance in Iran
2021.06.16/Threat Activity Group RedFoxtrot Linked to China’s PLA Unit 69010; Targets Bordering Asian Countries
2021.06.24/Operation Eagle Eye
2021.07.01/IndigoZebra APT continues to attack Central Asia with evolving tools
2021.07.05/Tracking Cobalt Strike: A Trend Micro Vision One Investigation
2021.07.06/Lazarus campaign TTPs and evolution
2021.07.07/InSideCopy: How this APT continues to evolve its arsenal
2021.07.19/Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department
2021.07.20/Tracking the Activities of TeamTNT A Closer Look at a Cloud-Focused Malicious Actor Group
2021.07.27/THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group
2021.07.27/Deep dive into a FIN8 attack – A forensic investigation
2021.07.28/I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona
2021.08.03/The Art of Cyberwarfare
2021.08.03/DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos
2021.08.03/APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere
2021.08.10/UNC215: Spotlight on a Chinese Espionage Campaign in Israel
2021.08.12/Uncovering Tetris – a Full Surveillance Kit Running in your Browser
2021.08.14/Indra — Hackers Behind Recent Attacks on Iran
2021.08.17/North Korean APT InkySquid Infects Victims Using Browser Exploits
2021.08.17/New Iranian Espionage Campaign By “Siamesekitten”
2021.08.25/FIN8 Threat Actor Goes Agile with New Sardonic Backdoor
2021.09.08/Pro-PRC Influence Campaign Expands to Dozens of Social Media Platforms, Websites, and Forums in at Least Seven Languages, Attempted to Physically Mobilize Protesters in the U.S.
2021.09.09/Dark Covenant: Connections Between the Russian State and Criminal Actors
2021.09.13/APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs
2021.09.16/Operation Layover: How we tracked an attack on the aviation industry to five years of compromise (TA2541)
2021.09.23/FamousSparrow: A suspicious hotel guest
2021.09.27/FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
2021.09.28/FinSpy: unseen findings
2021.09.28/PwC: Learning to ChaCha with APT41
2021.09.30/GhostEmperor’s infection chain and postexploitation toolset: technical details
2021.10.04/Malware Gh0stTimes Used by BlackTech
2021.10.05/UEFI threats moving to the ESP: Introducing ESPecter bootkit
2021.10.06/Operation GhostShell: Novel RAT Targets Global Aerospace and Telecoms Firms
2021.10.11/FontOnLake: Previously unknown malware family targeting Linux
2021.10.12/MysterySnail attacks with Windows zero-day
2021.10.14/MirrorBlast Campaign Targets Financial Companies
2021.10.18/Harvester - Nation-state-backed group targets victims in South Asia
2021.10.19/A Roaming Threat to Telecommunications Companies
2021.10.19/PurpleFox Adds New Backdoor That Uses WebSockets
2021.10.19/TA505 Ramps Up Activity, Delivers New FlawedGrace Variant
2021.10.20/VNC Malware (TinyNuke, TightVNC) Used by Kimsuky Group
2021.10.20/Digitally-Signed Rootkits are Back – A Look at FiveSys and Companions
2021.10.26/Malware WinDealer used by LuoYu Attack Group.
2021.10.26/SQUIRRELWAFFLE Leverages malspam to deliver Qakbot Cobalt Strike
2021.10.27/WsLink: Unique and undocumented malicious loader thatruns as a server
2021.10.27/TA2722: New Threat Actor Spoofs Philippine Government, COVID19 Health Data in Widespread RAT Campaigns
2021.10.28/HelloKitty: Tactics, Techniques, and Indicators of Compromise Associated with Hello Kitty/FiveHands Ransomware
2021.10.28/AbstractEmu:Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign
2021.11.03/Dissecting new AppleSeed backdoor of Kimsuky threat actor
2021.11.04/SSU: Gamaredon - FSB RF cyber attacks against Ukraine
2021.11.05/Hunter Becomes Hunted: Zebra2104 Hides a Herd of Malware
2021.11.07/Targeted Attack Campaign Against ManageEngine
2021.11.07/IronTiger APT campaign: New HyperBro and SysUpdate samples
2021.11.08/DEV-0322: Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus
2021.11.10/Lazarus Group trojanized IDA Pro Installer
2021.11.10/Lazarus Group - NukeSped
2021.11.10/Void Balaur Tracking a Cybermercenary’s Activities
2021.11.15/Kimsuky: Operation Light Shell
2021.11.17/Alert (AA21-321A) Iranian Government-Sponsored APT Cyber Actors
2021.11.18/Triple Threat: North Korea-Aligned TA406 Steals, Scams and Spies
2021.11.22/Tardigrade: APT Attack on the Bioeconomy
2021.11.23/Android APT spyware, targeting Middle East victims, enhances evasiveness
2021.11.24/APT-38 / Lazarus; JPCERT: Anatomy of COBRA
2021.11.25/A Deep Dive Into SoWaT: APT31’s Multifunctional Router Implant
2021.11.29/WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019
2021.11.29/ScarCruft surveilling North Korean defectors and human rights activists
2021.11.30/EwDoor Botnet Is Attacking AT&T Customers
2021.12.01/Injection is the New Black: Novel RTF Template Inject
2021.12.01/Tracking a P2P network related to TA505
2021.12.01/Jumping the Air Gap: 15 years of Nation-state effort
2021.12.02/SideCopy APT: Connecting lures to victims, payloads to infrastructure
2021.12.04/APT-C-23 aka Arid Viper: Cyber Espionage in the Palestine region
2021.12.06/APT37 Using a New Android Spyware, Chinotto
2021.12.06/Phishing Campaigns By The Nobelium Intrusion Set
2021.12.07/FIN13: A Cybercriminal Threat Actor Focused on Mexico
2021.12.07/TeamTNT stealing credentials using EC2 Instance Metadata
2021.12.08/A deep dive into the latest obfuscation methods being used by ShadowPad
2021.12.09/A new StrongPity variant hides behind Notepad++ installation
2021.12.13/APT-C-61: Malspam against Navy Pakistan
2021.12.13/Kimsuky: malicious Excel documents targeting cryptocurrencies
2021.12.14/DarkWatchman: A new evolution in fileless techniques
2021.12.14/Tropic Trooper (APT23) targets Transportation and Government
2021.12.14/DoNot targeting Bangladesh with with an Android infostealer
2021.12.15/CERT-FR: APT31 Intrusion set campaign: description, countermeasures and code
2021.12.15/NCSC: Jolly Jellyfish - Non-persistent downloader for shellcode embedded in image files
2021.12.16/Lazarus: PseudoManuscrypt - a mass-scale spyware attack campaign
2021.12.16/New DarkHotel APT attack chain identified
2021.12.16/Avast finds Backdoor on US Government Commission Network
2021.12.17/DSIRF: Uncovering the government spyware "Subzero"
2021.12.17/Serverless infostealer delivered in Eastern European countries
2021.12.17/FBI Flash: APT Actors Exploiting Newly-Identified Zero Day in ManageEngine Desktop Central
2021.12.23/Evilnum aka DeathStalker APT
2021.12.27/A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard
2021.12.28/Flagpro: The new malware used by BlackTech
2021.12.29/Implant.ARM.iLOBleed.a - The first rootkit discovered infecting HP iLO firmware
2021.12.29/AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt
2021.12.30/Kimsuky aka Thallium APT (Backdoors, Infostealers, RATs etc.)
2021.12.31/APT28 aka FancyBear - SkinnyBoy Backdoor + TTP Cheat Sheet

APT Activity: 2022

2022.01.03/North Korean Group “KONNI” Targets the Russian Diplomatic Sector with new Versions of Malware Implants
2022.01.05/Elephant Beetle: Uncovering an Organized Financial-Theft Operation
2022.01.05/The Evolution of Doppel Spider from BitPaymer to Grief Ransomware
2022.01.06/NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies
2022.01.07/Patchwork APT caught in its own web
2022.01.27/LuoYu: Continuous Espionage Activities Targeting Japan with the new version of WinDealer in 2021
2022.01.11/APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit
2022.01.11/CISA: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
2022.01.12/OceanLotus (APT32) hackers turn to web archive files to deploy backdoors
2022.01.12/Iranian intel cyber suite of malware uses open source tools (MuddyWater)
2022.01.13/The BlueNoroff cryptocurrency hunt is still on
2022.01.13/FIN7 Uses Flash Drives to Spread Remote Access Trojan
2022.01.13/North Korean Hackers Have Prolific Year
2022.01.15/Destructive malware targeting Ukrainian organizations
2022.01.17/Earth Lusca Employs Sophisticated Infrastructure, Varied Tools and Techniques
2022.01.17/Tracking A Renewable Energy Intelligence Gathering Campaign
2022.01.18/Knownsec: Annual APT Group Threat Research Report (Chinese)
2022.01.18/DoNot Go! Do not respawn!
2022.01.20/APT41 - MoonBounce: the dark side of UEFI firmware
2022.01.20/Turla Microsoft Outlook Backdoor
2022.01.20/FBI Flash report on the connection between Diavol and the TrickBot Group
2022.01.20/New espionage attack by Molerats APT targeting users in the Middle East
2022.01.24/Investigating APT36’s Attack Chain and Malware Arsenal
2022.01.24/TrickBot Bolsters Layered Defenses to Prevent Injection Research
2022.01.25/Watering hole deploys new macOS malware, DazzleSpy, in Asia
2022.01.25/Prime Minister’s Office Compromised: Details of Recent Espionage Campaign
2022.01.26/German govt warns of APT27 hackers backdooring business networks
2022.01.26/Kimsuky - KONNI evolves into stealthier RAT
2022.01.26/Prophet Spider is exploiting Log4J in VMware Horizon
2022.01.27/Cozy Bear (APT29) - Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign
2022.01.27/North Korea’s Lazarus APT (APT38) leverages Windows Update client, GitHub in latest campaign
2022.01.27/LuoYu: Continuous Espionage Activities Targeting Japan with the new version of WinDealer in 2021
2022.01.27/The current state of Earth Hundun's (BlackTech) arsenal
2022.01.27/The Chaotic A41APT Campaign
2022.01.27/The link between Kwampirs (Orangeworm) and Shamoon APTs
2022.01.27/White Tur - Threat actor of in-Tur-est
2022.01.28/Indian Army Personnel Face Remote Access Trojan Attacks
2022.01.31/Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables
2022.01.31/Gamaredon (Shuckworm) Continues Cyber-Espionage Attacks Against Ukraine
2022.01.31/CERT-UA: Outsteel Stealer and SaintBot Loader targeting government institutions
2022.02.01/StrifeWater RAT: Iranian APT Moses Staff adds new Trojan to Ransomware Operations
2022.02.01/PowerLess Trojan: Iranian APT Phosphorus adds new PowerShell Backdoor for Espionage
2022.02.02/Arid Viper APT targets Palestine with new wave of politically themed phishing attacks, malware
2022.02.02/White Rabbit Continued: Sardonic (FIN8) and F5
2022.02.03/Analysis of Attack Against National Games of China Systems
2022.02.03/Antlion: Chinese APT (APT23) uses custom Backdoor to target Financial Institutions in Taiwan
2022.02.03/Russia’s Gamaredon APT Group Actively Targeting Ukraine
2022.02.04/ACTINIUM targets Ukrainian organizations
2022.02.04/Cyberattack on News Corp, Believed Linked to China, Targeted Emails of Journalists, Others
2022.02.04/Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation
2022.02.08/Molerats targeting Middle Eastern governments
2022.02.08/Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed
2022.02.09/ModifiedElephant APT and a Decade of Fabricating Evidence
2022.02.10/Shared VBA code between Transparent Tribe, Sidewinder, Donot, Operation Hangover, SDUser
2022.02.10/GlowSpark: Maldocs targeting Ukraine
2022.02.11/APT 36 Targeting Indian Government Officials via Spyware
2022.02.14/Insights into an Emissary Panda (APT 27) attack
2022.02.15/TA2541 targeting the aviation, aerospace, transportation, and defense industries with RATs
2022.02.15/ShadowPad linked to MSS and PLA
2022.02.15/Moses Staff Campaigns Against Israeli Organizations Span Several Months
2022.02.16/APT Group Lorec53 (Lori Bear) recently launched a large-scale cyber attack on Ukraine
2022.02.17/Iranian-Aligned Threat Actor “TunnelVision” Actively Exploiting VMware Horizon (Phosphorous, Charming Kitten)
2022.02.18/EvilPlayout: Attack Against Iran’s State Broadcaster
2022.02.18/PseudoManuscrypt being distributed in the same method as Cryptbot
2022.02.20/Technical Analysis of the DDoS Attacks against Ukrainian Websites
2022.02.21/CERT-UA: Group Activity Information UAC-0008 (Buhtrap)
2022.02.21/APT10: Operation Cache Panda supply chain attack against Taiwan's financial industry
2022.02.22/APT Attack Attempts Disguised as North Korea Related Paper Requirements (Kimsuky)
2022.02.23/Dridex bots deliver Entropy ransomware in recent attacks
2022.02.23/UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware
2022.02.23/HermeticWiper: New Destructive Malware Used In Cyber Attacks on Ukraine
2022.02.23/New Golang-based ransomware targeting Ukraine
2022.02.23/New Sandworm malware Cyclops Blink replaces VPNFilter
2022.02.24/CISA AA22-055A: MuddyWater conduct Cyber Operations against Global Government and Commercial Networks
2022.02.24/UNC3313/MuddyWater: Telegram malware spotted in latest Iranian Cyber Espionage Activity
2022.02.24/TiltedTemple: SockDetour backdoor targets U.S. Defense Contractors
2022.02.25/Technical Analysis of PartyTicket Ransomware
2022.02.25/UAC-0056: Spear phishing attacks target organizations in Ukraine with OutSteel and SaintBot
2022.02.25/The Hunt for the Lost Soul: Unraveling the Evolution of the SoulSearcher Malware
2022.02.28/Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks
2022.03.01/Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
2022.03.01/IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
2022.03.07/Cyber ​​attack of the UAC-0051 group (unc1151) on state organizations of Ukraine using the malicious program MicroBackdoor
2022.03.07/TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates
2022.03.07/Google TAG: FancyBear, Ghostwriter, Mustang Panda
2022.03.07/Prophet Spider exploits Citrix ShareFile RCE Vulnerability
2022.03.07/PHOREAL Malware Targets the Southeast Asian Financial Sector
2022.03.08/A Summary of APT41 Targeting U.S. State Governments
2022.03.08/New RURansom Wiper Targets Russia
2022.03.09/Sockbot in GoLand - Linking APT Actors with Ransomware gangs
2022.03.10/Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
2022.03.11/UAC-0056: Cyberattack on the state organs of Ukraine with the help of Cobalt Strike Beacons
2022.03.15/Wizard Spider phishing for Naver accounts
2022.03.15/UAC-0056 targeting Ukraine with fake Translation Software
2022.03.15/CISA Alert (AA22-074A): Russian State-Sponsored Cyber Actors gain network access by exploiting MFA and PrintNightmare
2022.03.16/An Overview of UNC2891
2022.03.16/DirtyMoe: Worming Modules
2022.03.17/Cyclops Blink Sets Sights on Asus Routers
2022.03.17/Exposing initial access broker with ties to Conti
2022.03.17/Suspected DarkHotel APT activity update
2022.03.18/Ghostwriter in the Shell: Expanding on Mandiant’s Attribution of UNC1151 to Belarus
2022.03.18/CISA Alert (AA22-076A): Strengthening Cybersecurity of SATCOM Network Providers and Customers
2022.03.21/Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain
2022.03.21/APT35 Automates Initial Access Using ProxyShell
2022.03.21/Arid Gopher: Newest Micropsia Malware variant
2022.03.22/Cyberattack on Ukrainian enterprises using the DoubleZero destructor program (CERT-UA # 4243)
2022.03.22/APT Attack Being Distributed as Windows Help File
2022.03.22/Operation Dragon Castling: APT group targeting betting companies
2022.03.22/Storm Cloud on the Horizon: GIMMICK Malware Strikes at macOS
2022.03.22/UAC-0026 Cyber ​​Attack Using HeaderTip Malware (CERT-UA # 4244)
2022.03.23/Mustang Panda’s Hodur: Old tricks, new Korplug variant
2022.03.23/Cyberattack on state organizations of Ukraine using Cobalt Strike Beacons (CERT-UA # 4227)
2022.03.23/Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations
2022.03.23/FIN7: New JSSLoader Trojan Delivered Through XLL Files
2022.03.24/Chinese Threat Actor Scarab Targeting Ukraine
2022.03.24/North Korean Threat Actors exploiting the Chrome 0-day CVE-2022-0609
2022.03.28/Under the hood of Wslink’s multilayered virtual machine
2022.03.28/Cyberattack on state bodies of Ukraine using PseudoSteel (CERT-UA # 4299)
2022.03.28/Compromised Philippine Navy Certificate Used in Remote Access Tool
2022.03.28/UAC-0056 cyberattack on Ukrainian authorities using GraphSteel and GrimPlant malware (CERT-UA # 4293)
2022.03.29/NomadPanda aka RedFoxtrot leveraging a new variant of PlugX named Talisman
2022.03.29/Transparent Tribe campaign uses new bespoke malware to target Indian government officials
2022.03.29/APT attack disguised as North Korean defector resume
2022.03.30/Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits
2022.03.30/Cloud Atlas Maldoc
2022.03.30/VajraEleph (APT-Q-43) - Cyber espionage against Pakistani military personnel
2022.03.30/Mass spread of MarsStealer among citizens of Ukraine and domestic organizations (CERT-UA # 4315)
2022.03.31/VIASAT incident: from speculation to technical details.
2022.03.31/AcidRain: A Modem Wiper rains down on Europe
2022.03.31/Lazarus Trojanized DeFi app for delivering malware
2022.04.04/FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7
2022.04.04/Cyber ​​attack of UAC-0010 (Armageddon) on state organizations of Ukraine (CERT-UA # 4378)
2022.04.04/Cyber ​​attack by UAC-0010 (Armageddon) on state institutions of the European Union (CERT-UA # 4334)
2022.04.05/Cicada (APT10/A41APT): Chinese APT Group Widens Targeting in Recent Espionage Activity
2022.04.06/Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials
2022.04.06/Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group
2022.04.07/Cyber ​​attack by UAC-0010 (Armageddon) on state organizations of Ukraine (CERT-UA # 4434)
2022.04.07/Parrot TDS takes over web servers and threatens millions
2022.04.07/Meta’s Adversarial Threat Report, First Quarter 2022: UNC788
2022.04.11/DPRK-NEXUS adversary targets South-Korean individuals in a new chapter of Operation Kitty Phishing
2022.04.12/Cyberattack by Sandworm Group (UAC-0082) on energy facilities of Ukraine using INDUSTROYER2 and CADDYWIPER (CERT-UA # 4435)
2022.04.12/HAFNIUM: Tarrask malware uses scheduled tasks for defense evasion
2022.04.12/Recent attacks by Bahamut group revealed
2022.04.13/INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems
2022.04.14/Cyberattack on Ukrainian government organizations using XSS exploits for Zimbra Collaboration Suite (CVE-2018-6882) (CERT-UA # 4461)
2022.04.14/Cyberattack on state organizations of Ukraine using the malicious program IcedID (CERT-UA # 4464)
2022.04.14/Russian-speaking ransomware gang OldGremlin resumes attacks in Russia
2022.04.14/Lazarus Targets Chemical Sector
2022.04.14/Flight of the BumbleBee Loader
2022.04.18/Nobelium (APT29) - Israeli Embassy Maldoc
2022.04.18/Cyberattack on state organizations of Ukraine using the topic "Azovstal" and Cobalt Strike (CERT-UA # 4490)
2022.04.18/Alert (AA22-108A) TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
2022.04.20/Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine
2022.04.21/TeamTNT targeting AWS, Alibaba
2022.04.21/The ink-stained trail of GOLDBACKDOOR (APT37)
2022.04.25/New Core Impact Backdoor Delivered Via VMWare Vulnerability (APT35)
2022.04.26/Lazarus distributes trojanized Keepass Installers
2022.04.26/UAC-0056 cyberattack using GraphSteel and GrimPlant malware and COVID-19 (CERT-UA # 4545)
2022.04.26/A "Naver"-ending game of Lazarus APT
2022.04.27/A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity
2022.04.27/The origin story of APT32 macros: The StrikeSuit Gift that keeps giving
2022.04.27/New APT group Earth Berberoka targets Gambling Websites
2022.04.27/Industroyer2: Analysis of the IEC 104 Payload
2022.04.27/Special Report: Ukraine - An overview of Russia’s cyberattack activity in Ukraine
2022.04.27/Assembling the Russian Nesting Doll: UNC2452 Merged into APT29
2022.04.27/A deeper look at hacking groups and malware targeting Ukraine
2022.04.27/Mustang Panda (Bronze President) targets Russian speakers with updated PlugX
2022.04.27/Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets
2022.04.28/Trello From the Other Side: Tracking APT29 Phishing Campaigns
2022.04.28/DDoS attacks on Ukrainian websites using malicious JavaScript code BrownFlood (CERT-UA#4553)
2022.04.29/The Lotus Panda is awake, again. Analysis of its last strike
2022.05.02/Moshen Dragon’s Triad-and-Error Approach
2022.05.03/Solardeflection C2 Infrastructure used by Nobelium in company brand misuse
2022.05.04/"SilentBreak": A new secret stash for “fileless” malware
2022.05.03/The strange link between a destructive malware and a ransomware-gang linked custom loader: IsaacWiper vs Vatet
2022.05.03/Google TAG: Update on cyber activity in Eastern Europe
2022.05.05/Raspberry Robin (QNAPworm) gets the worm early
2022.05.06/APT28: CredoMap_v2 (CERT-UA # 4622)
2022.05.07/BPFDoor — an active Chinese global surveillance tool
2022.05.07/Mass distribution of JesterStealer malware using chemical attack themes (CERT-UA # 4625)
2022.05.09/NukeSpeed: From The DPRK With Love
2022.05.10/APT34 targets Jordan Government using new Saitama backdoor
2022.05.11/Bitter APT adds Bangladesh to their targets
2022.05.12/Network Footprints of Gamaredon Group
2022.05.12/Lazarus distributes trojanized sqlite library
2022.05.12/Cobalt Mirage (APT35) Conducts Ransomware Operations in U.S
2022.05.16/Analysis of HUILoader (APT10, A41APT, Blue Termite)
2022.05.16/Wizard Spider Group In-Depth Analysis
2022.05.16/Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
2022.05.16/Operation Dragon Breath (APT-Q-27) targeting the Gaming Industry
2022.05.17/Space Pirates: analyzing the tools and connections of a new hacker group
2022.05.19/ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups
2022.05.19/Twisted Panda: Chinese APT espionage operation against Russian’s state-owned defense institutes
2022.05.19/HHS HC3: Major Cyber Organizations of the Russian Intelligence Services
2022.05.20/Updated version of ArguePatch loader spotted in the wild
2022.05.20/Mustang Panda continuing their attack activities against organizations in Vietnam
2022.05.24/Unknown APT group has targeted Russia repeatedly since Ukraine invasion
2022.05.31/Operation DarkCasino: In-depth analysis of recent attacks by APT group Evilnum
2022.06.01/Sidewinder.AntiBot.Script: new infrastructure, narrows their reach to Pakistan
2022.06.01/Iranian Threat Actor Continues to Develop Mass Exploitation Tools (APT35/CharmingKitten)
2022.06.02/WinDealer dealing on the side
2022.06.02/Cyber attack on Ukraine using Cobalt Strike Beacon and CVE-2021-40444 and CVE-2022-30190 (CERT-UA # 4753)
2022.06.03/Outbreak of Follina in Australia (APT40)
2022.06.09/Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
2022.06.09/Aoqin Dragon - Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years
2022.06.10/Lyceum .NET DNS Backdoor
2022.06.13/GALLIUM expands targeting across Telecommunications, Government and Finance sectors with PingPull
2022.06.14/Iranian Spear-Phishing Operation Targets Former Israeli and US High-Ranking Officials
2022.06.15/DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
2022.06.16/Lookout Uncovers Android Spyware Deployed in Kazakhstan
2022.06.17/BRATA (Android) is evolving into an Advanced Persistent Threat
2022.06.21/Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine
2022.06.21/MuddyWater’s “light” first-stager targetting Middle East
2022.06.21/ToddyCat APT
2022.06.22/Chinese actor takes aim, armed with Nim Language and Bizarro AES
2022.06.27/Attacks on industrial control systems using ShadowPad
2022.06.27/Return of the Evilnum APT with updated TTPs and new targets
2022.06.29/US National Security Agency "Acid Fox" technical analysis report
2022.06.30/SessionManager IIS backdoor
2022.07.04/Bitter APT Using ZxxZ Backdoor to Target Pakistan Public Accounts Committee
2022.07.05/Red-teaming tool Brute Ratel C4 being abused by malicious actors
2022.07.05/Bitter APT continues to target Bangladesh
2022.07.07/Russian Organizations Increasingly Under Attack By Chinese APTs
2022.07.12/An Analysis of Infrastructure linked to the Hagga Threat Actor
2022.07.13/UAC-0056 continues to target Ukraine in its latest campaign
2022.07.13/Transparent Tribe begins targeting education sector in latest campaign
2022.07.13/Targeted Attack on Government Agencies of Afghanistan, India, Italy, Poland, and the United States
2022.07.13/Sidewinder APT successfully cyber attacks Pakistan military focused targets
2022.07.13/Confucius: The Angler Hidden Under CloudFlare
2022.07.14/North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware
2022.07.14/Tracing State-Aligned Activity Targeting Journalists, Media
2022.07.19/Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
2022.07.19/I see what you did there: A look at the CloudMensis macOS spyware
2022.07.20/APT41: A Case Sudy
2022.07.20/New Attack Campaign Observed Possibly Linked to Konni/APT37
2022.07.21/The old school hackers behind APT41
2022.07.21/The Return of Candiru: Zero-days in the Middle East
2022.07.21/Attackers target Ukraine using GoMet backdoor
2022.07.21/Buy, Sell, Steal, EvilNum Targets Cryptocurrency, Forex, Commodities
2022.07.22/APT41: Chengdu 404
2022.07.22/An analysis of Charming Kitten’s new tools and OPSEC errors
2022.07.24/Chinese APTs: Interlinked networks and side hustles
2022.07.25/CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
2022.07.26/Cyberattacks of the UAC-0010 (Armageddon) group using the GammaLoad.PS1_v2
2022.07.27/Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
2022.07.28/SharpTongue Deploys Clever Mail-Stealing Browser Extension “SHARPEXT”
2022.07.28/APT trends report Q2 2022
2022.08.01/FIN13 (Elephant Beetle): Viva la Threat! Anatomy of a Fintech Attack
2022.08.02/Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
2022.08.03/Woody RAT: A new feature-rich malware spotted in the wild
2022.08.04/Likely Iranian threat actor conducts politically motivated disruptive activity against Albanian government Orgs
2022.08.04/Meta’s Adversarial Threat Report, Second Quarter 2022 - Bitter and APT 36
2022.08.08/TA428 APT: Targeted attack on industrial enterprises and public institutions
2022.08.09/Andariel deploys DTrack and Maui ransomware
2022.08.10/VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges
2022.08.11/APT-C-35 Gets a New Upgrade
2022.08.12/LuckyMouse uses a backdoored Electron app to target MacOS
2022.08.15/Disrupting SEABORGIUM’s ongoing phishing operations
2022.08.15/Shuckworm: Russia-Linked Group Maintains Ukraine Focus
2022.08.16/Operation In(ter)ception: Lazarus Group targeting Mac users
2022.08.16/RedAlpha Conducts Multi-Year Credential Theft Campaign Targeting Global Humanitarian, Think Tank, and Government Organizations
2022.08.17/Suspected Iranian Actor (UNC3890) Targeting Israeli Shipping, Healthcare, Government and Energy Sectors
2022.08.18/You Can’t Audit Me: APT29 Continues Targeting Microsoft 365
2022.08.18/APT41 World Tour 2021 on a tight schedule
2022.08.18/Reservations Requested: TA558 Targets Hospitality and Travel
2022.08.18/New APT group MurenShark investigative report: Torpedoes hit Turkish Navy
2022.08.23/New Iranian APT data extraction tool (APT35/Charming Kitten)
2022.08.24/MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
2022.08.25/Kimsuky’s GoldDragon cluster and its C2 operations
2022.08.25/MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
2022.08.29/GO#WEBBFUSCATOR leverages Office Macros and James Webb Images to infect systems
2022.08.30/Rising Tide: Chasing the Currents of Espionage in the South China Sea
2022.09.01/JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks
2022.09.01/Raspberry Robin and Dridex: Two Birds of a Feather
2022.09.02/BumbleBee, a New Modular Backdoor Evolved From BookWorm
2022.09.05/Northwestern Polytechnical University was attacked by the US NSA network attack
2022.09.05/Spyware Campaign Targeting The Uyghur Community
2022.09.06/TA505 Group's TeslaGun In-Depth Analysis
2022.09.06/DangerousSavanna: Two-year long campaign targets financial institutions in French-speaking Africa
2022.09.06/Worok: The big picture
2022.09.06/Pro-Russian Group Targeting Ukraine Supporters with DDoS Attacks
2022.09.07/Profiling DEV-0270: PHOSPHORUS’ ransomware operations
2022.09.07/Initial access broker repurposing techniques in targeted attacks against Ukraine
2022.09.07/MagicRAT: Lazarus’ latest gateway into victim networks
2022.09.07/APT42: Crooked Charms, Cons, and Compromises
2022.09.08/Lazarus and the tale of three RATs
2022.09.08/BRONZE PRESIDENT Targets Government Officials
2022.09.09/Treasury Sanctions Iranian Ministry of Intelligence and Minister for Malign Cyber Activities
2022.09.13/APT41: New Wave of Espionage Activity Targets Asian Governments
2022.09.13/Look What You Made Me Do: TA453 Uses Multi-Persona Impersonation to Capitalize on FOMO
2022.09.13/Magento vendor Fishpig hacked, backdoors added
2022.09.13/Bvp47 – A Top-tier Backdoor of US NSA Equation Group: Technical Details II
2022.09.14/Dissecting PlugX to Extract Its Crown Jewels
2022.09.14/You never walk alone: The SideWalk backdoor gets a Linux variant
2022.09.14/Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations
2022.09.14/Opsec mistakes reveal Cobalt Mirage Threat Actors
2022.09.14/It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp
2022.09.15/Webworm: Espionage Attackers Testing and Using Older Modified RATs
2022.09.15/Gamaredon APT targets Ukrainian government agencies in new campaign
2022.09.15/F5 BIG-IP Vulnerability (CVE-2022-1388) Exploited by BlackTech
2022.09.19/Russia-Nexus UAC-0113 Emulating Telecommunication Providers in Ukraine
2022.09.22/Chinese State-Sponsored Group TA413 Adopts New Capabilities in Pursuit of Tibetan Targets
2022.09.22/Raspberry Robin’s Roshtyak: A Little Lesson in Trickery
2022.09.22/7 Years of Scarlet Mimic’s Mobile Surveillance Campaign Targeting Uyghurs
2022.09.22/Void Balaur - The Sprawling Infrastructure of a Careless Mercenary
2022.09.22/The Mystery of Metador - An Unattributed Threat Hiding in Telcos, ISPs, and Universities
2022.09.22/HHS HC3: APT41 and recent Activity
2022.09.23/In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants
2022.09.23/GRU: Rise of the (Telegram) MinIOns
2022.09.26/Hunting for Unsigned DLLs to Find APTs (Mustang Panda, Lazarus)
2022.09.27/STEEP#MAVERICK: New Covert Attack Campaign Targeting Military Contractors
2022.09.28/A Deep Dive Into the APT28’s stealer called CredoMap
2022.09.28/New campaign uses government, union-themed lures to deliver Cobalt Strike beacons
2022.09.29/Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors
2022.09.29/ZINC weaponizing open-source software
2022.09.29/Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East
2022.09.30/Detailed analysis of a ShadowPad intrusion
2022.09.30/Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium
2022.10.03/DeftTorero: tactics, techniques and procedures of intrusions revealed
2022.10.03/Revealing Emperor Dragonfly: Night Sky and Cheerscrypt - A Single Ransomware Group
2022.10.04/Tracking Earth Aughisky’s Malware and Changes
2022.10.04/CISA AA22-277A - Impacket, HyperBro and CovalentStealer used to steal sensitive information from Defense Industrial Base Organization
2022.10.04/Maggie - MSSQL Backdoor
2022.10.06/Mustang Panda Abuses Legitimate Apps to Target Myanmar Based Victims
2022.10.07/Making oRAT, Go (Earth Berberoka)
2022.10.11/The Russian SpyAgent (Teamspy) – a Decade Later and RAT Tools Remain at Risk
2022.10.12/WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware
2022.10.12/Winnti APT group docks in Sri Lanka for new campaign
2022.10.13/Budworm: Espionage Group Returns to Targeting U.S. Organizations
2022.10.13/Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
2022.10.14/New “Prestige” ransomware impacts organizations in Ukraine and Poland
2022.10.17/DiceyF deploys GamePlayerFramework in online casino development studio
2022.10.18/Unknown Actor: Powershell Backdoor disguising itself as part of a Windows update process
2022.10.18/Spyder Loader: Malware Seen in Recent Campaign Targeting Organizations in Hong Kong (Winnti)
2022.10.18/APT27 – One Year To Exfiltrate Them All: Intrusion In-Depth Analysis
2022.10.20/Domestic Kitten campaign spying on Iranian citizens with new FurBall malware
2022.10.21/WarHawk: the New Backdoor in the Arsenal of the SideWinder APT Group
2022.10.23/Unattributed RomCom Threat Actor hits Ukrainian Militaries (UNC2596?)
2022.10.24/Kimsuky targeting Android devices with newly discovered mobile malware
2022.10.27/Shadowpad: Active C2 Discovery Using Protocol Emulation
2022.10.28/Cranefly: Threat Actor Uses Previously Unseen Techniques and Tools in Stealthy Campaign
2022.10.31/APT10: Tracking down LODEINFO 2022
2022.11.01/Analysis of Suspected Lazarus Attacks Against South Korea
2022.11.02/RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom
2022.11.03/Not a dream job: Hunting for malicious job offers from an APT
2022.11.03/Financially motivated, dangerously activated: OPERA1ER APT in Africa
2022.11.03/APT-36 Uses New TTPs and New Tools to Target Indian Governmental Organizations
2022.11.07/Sanctioned deals: the Irano-Russian connection under Ankara's supervision. Analysis of the NPPD leak
2022.11.08/They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming
2022.11.09/Hack the Real Box: APT41’s New Subgroup Earth Longzhi
2022.11.10/PNG Steganography Hides Backdoor
2022.11.10/APT 15 conducting long-running Surveillance Campaigns targeting Uyghurs
2022.11.11/CERT-UA: UAC-0118 (FRwL) group's cyber attacks using the Somnia malware
2022.11.14/Operation (Đường chín đoạn) typhoon: OceanLotus coveting the nine-dash line in the South China Sea
2022.11.15/DTrack activity targeting Europe and Latin America
2022.11.15/Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries
2022.11.17/Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester
2022.11.18/GRU 26165: The Russian cyber unit that hacks targets on-site
2022.11.18/Earth Preta Spear-Phishing Governments Worldwide
2022.11.23/From Coercion to Invasion: The Theory and Execution of China’s Cyber Activity in Cross-Strait Relations
2022.11.28/Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia
2022.11.25/Analysis of APT-C-60 Attack on South Korea
2022.11.26/Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations
2022.11.29/Suspected Iran-Nexus TAG-56 uses UAE Forum Lure for Credential Theft against US Think Tank
2022.11.30/Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin
2022.12.01/₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware
2022.12.01/New CryWiper data wiper targets Russian courts, mayor’s offices
2022.12.01/ZetaNile: Open source software trojans from North Korea/
2022.12.02/Hitching a ride with Mustang Panda
2022.12.05/Iran: State-Backed Hacking of Activists, Journalists, Politicians
2022.12.05/Exposing TAG-53’s Credential Harvesting Infrastructure Used for Russia-Aligned Espionage Operations
2022.12.05/Hackers linked to Chinese government (APT41) stole millions in Covid benefits, Secret Service says
2022.12.05/Calisto (COLDRIVER) show interests into entities involved in Ukraine war support
2022.12.06/Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets
2022.12.07/Internet Explorer 0-day exploited by North Korean actor APT37
2022.12.07/Fantasy: a new Agrius wiper deployed through a supply‑chain attack
2022.12.08/New MuddyWater Threat: Old Kitten; New Tricks
2022.12.08/DeathStalker targets legal entities with new Janicab variant
2022.12.08/Attacks on Ukrainian government organizations using Iranian drone theme, DolphinCape malware
2022.12.09/APT Cloud Atlas: Unbroken Threat
2022.12.09/Cloud Atlas targets entities in Russia and Belarus amid the ongoing war in Ukraine
2022.12.09/Drokbk Malware uses GitHub as Dead Drop resolver
2022.12.09/Iranian Exploitation Activities continue as of November 2022 (APT35)
2022.12.12/Pulling the Curtains on Azov Ransomware: Not a Skidsware but Polymorphic Wiper
2022.12.13/APT5: Citrix ADC Threat Hunting Guidance
2022.12.14/Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities
2022.12.14/Would’ve, Could’ve, Should’ve…Did: TA453 Refuses to be Bound by Expectations
2022.12.15/Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government
2022.12.16/Russia’s Wartime Cyber Operations in Ukraine: Military Impacts, Influences, and Implications
2022.12.16/The DPRK delicate sound of cyber
2022.12.18/Cyberattack on DELTA system users using RomCom/FateGrab/StealDeal malware
2022.12.20/Russia’s Gamaredon APT Cyber Conflict Operations Unwavering Since Invasion of Ukraine
2022.12.20/Lazarus APT’s Operation Interception Uses Signed Binary
2022.12.20/Raspberry Robin Malware Targets Telecom, Governments
2022.12.20/XLLing in Excel - threat actors using malicious add-ins
2022.12.22/Albania: Ransomware and wiper signed with stolen certificates
2022.12.22/Fin7 Unveiled: A deep dive into notorious cybercrime gang
2022.12.23/STEPPY#KAVACH (Sidecopy/APT 36) Attack Campaign Likely Targeting Indian Government
2022.12.23/RedDelta Targets European Government Organizations and Continues to Iterate Custom PlugX Variant
2022.12.24/No-limits relationship? China’s state hackers scoop up intelligence on Ukraine… and Russia
2022.12.24/APT41 — The spy who failed to encrypt me
2022.12.24/SlowMist: Investigation of North Korean APT’s Large-Scale Phishing Attack on NFT Users
2022.12.27/BlueNoroff introduces new methods bypassing MoTW
2022.12.27/Analysis of recent attack activities of APT-C-36 (Blind Eagle)
2022.12.28/Hidden Fangs in South Asia — A ​​Briefing on Recent Rattlesnake Attacks
2022.12.28/Confucius's cyber attack against IBO anti-terrorism operations in Pakistan
2022.12.29/Analysis of the 'ferry' Trojan horse organized by CNC for the military and education industry

APT Activity: 2023

2023.01.03/Poland warns of attacks by Russia-linked Ghostwriter hacking group
2023.01.05/Turla: A Galaxy of Opportunity
2023.01.05/BlindEagle Targeting Ecuador With Sharpened Tools
2023.01.05/Bluebottle (OPERA1ER): Campaign Hits Banks in French-speaking Countries in Africa
2023.01.05/The Cyber Threat from Pyongyang
2023.01.06/Links between the Coldriver group (SEABORGIUM) and the Russian Government
2023.01.06/2023.01.06/Russian hackers (COLDRIVER) targeted U.S. nuclear scientists
2023.01.07/Moldovaʼs government hit by flood of phishing attacks
2023.01.10/Xdr33, A Variant Of CIA’s HIVE Attack Kit Emerges
2023.01.10/StrongPity espionage campaign targeting Android users
2023.01.11/Dark Pink - New APT hitting Asia-Pacific, Europe that goes deeper and darker
2023.01.17/Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures
2023.01.17/Kasablanka Group Probably Conducted Compaigns Targeting Russia
2023.01.18/Chinese Playful Taurus (APT 15) Activity in Iran
2023.01.18/360 APT Annual Research Report 2022 (CN)
2023.01.19/Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations
2023.01.19/Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)
2023.01.19/Following the LNK metadata trail
2023.01.24/DragonSpark - Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation
2023.01.26/SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest
2023.01.27/Cyber attack on the Ukrinform information and communication system (CERT-UA #5850)
2023.01.27/SwiftSlicer: New destructive wiper malware strikes Ukraine
2023.01.31/Dalbit (m00nlight): Chinese hacker group's APT attack campaign
2023.02.01/Operation Ice Breaker Targets The Gam(bl)ing Industry Right Before It's Biggest Gathering
2023.02.01/UAC-0114 aka Winter Vivern to target Ukrainian and Polish GOV entities
2023.02.02/No Pineapple! – DPRK Targeting of Medical Research and Technology Sector
2023.02.02/Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware
2023.02.02/Update to the REF2924 intrusion set and related campaigns (SIESTAGRAPH, DOORME)
2023.02.02/New APT34 Malware Targets The Middle East
2023.02.06/CERT-UA #5926: Cyber attack against the state bodies of Ukraine Remcos
2023.02.08/Graphiron: New Russian Information Stealing Malware Deployed Against Ukraine
2023.02.09/CISA: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
2023.02.09/NewsPenguin, a Previously Unknown Threat Actor, Targets Pakistan with Advanced Espionage Tool
2023.02.10/Uncle Sow: Dark Caracal in Latin America
2023.02.13/Nice Try Tonto Team - How a nation-state APT attempted to attack Group-IB
2023.02.14/Hangeul (HWP) malware using steganography: RedEyes (ScarCruft)
2023.02.15/CERT-EU: Sustained activity by specific threat actors
2023.02.15/Distributed Malware Exploiting Vulnerable Innorix: Andariel
2023.02.16/Invitation to a Secret Event: Uncovering Earth Yako’s Campaigns
2023.02.16/Frebniis: New Malware Abuses Microsoft IIS Feature to Establish Backdoor
2023.02.17/Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack
2023.02.22/Hydrochasma: Previously Unknown Group Targets Medical and Shipping Organizations in Asia
2023.02.23/Anti-Forensic Techniques Used By Lazarus Group
2023.02.23/WinorDLL64: A backdoor from the vast Lazarus arsenal?
2023.02.24/Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool
2023.02.24/A year of wiper attacks in Ukraine
2023.02.27/Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia's Judiciary, Financial, Public, and Law Enforcement Entities
2023.02.28/Blackfly: Espionage Group Targets Materials Technology
2023.03.01/BlackLotus UEFI bootkit: Myth confirmed
2023.03.01/Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting
2023.03.02/MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT
2023.03.07/Pandas with a Soul: Chinese Espionage Attacks Against Southeast Asian Government Entities
2023.03.08/Suspected Chinese Campaign to Persist on SonicWall Devices, Highlights Importance of Monitoring Edge Devices
2023.03.09/Stealing the LIGHTSHOW — North Korea's UNC2970 (Part 1 and 2)
2023.03.09/A border-hopping PlugX USB worm takes its act on the road
2023.03.09/PlugX Malware Being Distributed via Vulnerability Exploitation
2023.03.10/Dark Pink APT Group Strikes Government Entities in South Asian Countries
2023.03.13/CHM Malware Disguised as North Korea-related Questionnaire (Kimsuky)
2023.03.14/NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine
2023.03.14/Talos uncovers YoroTropper espionage campaigns targeting CIS countries, embassies and EU health care agency
2023.03.16/Peeking at Reaper’s surveillance operations (APT37)
2023.03.20/KIMSUKY’s cyber campaigns against Google's browser and app store services targeting experts on the Korean Peninsula and North Korea issues
2023.03.21/The Unintentional Leak: A glimpse into the attack vectors of APT37
2023.03.21/SideCopy sets sights on India’s DRDO
2023.03.21/Bad magic: new APT found in the area of Russo-Ukrainian conflict
2023.03.23/Pack it Secretly: Earth Preta’s Updated Stealthy Strategies
2023.03.23/Operation Tainted Love | Chinese APTs Target Telcos in New Attacks
2023.03.23/UNC961 in the Multiverse of Mandiant: Three Encounters with a Financially Motivated Threat Actor
2023.03.24/Bitter: Phishing Campaign Targets Chinese Nuclear Energy Industry
2023.03.24/APT attacks on industrial organizations in H2 2022
2023.03.28/Mélofée: a new alien malware in the Panda's toolset targeting Linux hosts
2023.03.28/APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations
2023.03.29/CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers
2023.03.29/SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack
2023.03.29/Ironing out (the macOS details) of a Smooth Operator (Part 1 and 2)
2023.03.30/SEKOIA.IO analysis of the VulkanFiles leak
2023.03.30/The Vulkan Files: A Look Inside Putin's Secret Plans for Cyber-Warfare
2023.03.30/Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe
2023.03.30/Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan
2023.03.30/With KEYPLUG, China’s RedGolf Spies On, Steals From Wide Field of Targets
2023.03.30/3CX Supply Chain Compromise Leads to ICONIC Incident
2023.03.30/New TACTICAL#OCTOPUS Attack Campaign Targets US Entities with Malware Bundled in Tax-Themed Documents
2023.04.04/Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
2023.04.05/Google TAG: Protecting users from government-backed attacks from North Korea
2023.04.07/MERCURY and DEV-1084: Destructive attack on hybrid environment
2023.04.11/Analysis of APT-C-28 (ScarCruft) organization's attack activities in South Korea
2023.04.12/Following the Lazarus group by tracking DeathNote campaign
2023.04.13/Espionage campaign linked to Russian intelligence services (APT29)
2023.04.13/Transparent Tribe (APT36) | Pakistan-Aligned Threat Actor Expands Interest in Indian Education Sector
2023.04.17/Cyber Espionage in India: Decoding APT-36's New Linux Malware Campaign
2023.04.17/Exposed Web Panel Reveals Gamaredon Group's Automated Spear Phishing Campaigns
2023.04.17/The Bitter Group Targets Chinese Agencies with CHM Malware via Email Attachments
2023.04.17/Additional Activities of the Tick Group That Attacks with a Modified Q-Dir and Their Ties with Operation Triple Tiang
2023.04.17/APT41's Use of Open Source GC2 Tool to Target Media and Job Sites
2023.04.18/APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers
2023.04.18/Nation-state threat actor Mint Sandstorm (APT35) refines tradecraft to attack high-value targets
2023.04.18/SimpleHarm: Tracking MuddyWater's infrastructure
2023.04.19/AllaKore(d) the SideCopy Train
2023.04.20/Xiaoqiying/Genesis Day Threat Actor Group Targets South Korea, Taiwan
2023.04.20/APT43: An investigation into the North Korean group's cybercrime operations
2023.04.20/Linux malware strengthens links between Lazarus and the 3CX supply-chain attack
2023.04.20/Daggerfly: APT Actor Targets Telecoms Company in Africa
2023.04.20/UCID902: Uncovering nation state watering hole credential harvesting campaigns targeting human rights activists by APT threat group UCID902
2023.04.20/Patchwork organization update technology makes a comeback, launching another attack on domestic education and scientific research units
2023.04.21/BlueNoroff APT group targets macOS with 'RustBucket' Malware
2023.04.21/X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe
2023.04.24/Tomiris called, they want their Turla malware back
2023.04.25/Educated Manticore - Iran Aligned Threat Actor Targeting Israel via Improved Arsenal of Tools
2023.04.26/Unpacking BellaCiao: A Closer Look at Iran's (APT35) Latest Malware
2023.04.26/Chinese Alloy Taurus Updates PingPull Malware
2023.04.26/Evasive Panda APT group delivers malware via updates for popular Chinese software
2023.04.26/Tonto Team Using Anti-Malware Related Files for DLL Side-Loading
2023.04.26/RokRAT Malware Distributed Through LNK Files: RedEyes (ScarCruft, APT37)
2023.04.27/Nomadic Octopus' Paperbug Campaign
2023.04.27/Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy
2023.05.01/Chain Reaction: APT37 ROKRAT's Missing Link
2023.05.02/Attack on Security Titans: Earth Longzhi (APT41) Returns With New Tricks
2023.05.03/A doubled "Dragon Breath" adds new air to DLL sideloading attacks
2023.05.04/Clean Rooms, Nuclear Missiles, and SideCopy, Oh My!
2023.05.08/SideWinder Uses Server-side Polymorphism to Attack Pakistan Government Officials - and Is Now Targeting Turkey
2023.05.10/Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020
2023.05.12/Attack Trends Related to DangerousPassword
2023.05.12/APT31: The Illustrious Graduates of Wuhan Kerui
2023.05.12/The Five Bears: Russia's Offensive Cyber Capabilities
2023.05.13/APT31: All roads lead back to Wuhan... Xiaoruizhi Science and Technology Company
2023.05.15/Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors
2023.05.16/APT31: Introducing Cheng Feng
2023.05.17/APT31: MiSSing links
2023.05.17/The distinctive rattle of APT SideWinder
2023.05.19/CloudWizard APT: the bad magic story goes on
2023.05.22/Bluenoroff's RustBucket campaign
2023.05.22/WINTAPIX: A New Kernel Driver Targeting Countries in The Middle East
2023.05.23/Kimsuky - Ongoing Campaign Using Tailored Reconnaissance Toolkit
2023.05.23/Meet the GoldenJackal APT group. Don't expect any howls
2023.05.25/COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises
2023.05.31/Dark Pink - Episode 2
2023.06.01/Operation Triangulation: iOS devices targeted with previously unknown malware
2023.06.01/SharpPanda APT Campaign Expands its Arsenal Targeting G20 Nations
2023.06.02/Chinese Threat Actor Used Modified Cobalt Strike Variant to Attack Taiwanese Critical Infrastructure


sponsor World's Best Penis Enhancement Pills




sponsor Tutorial from zetalytics.com


sponsor Phantom Overlay, the best COD cheat available!

Want to sponsor vx-underground?

Your information could go here