v x

Invisible Text. f0wL was here :)

Home Code Archive ICS SCADA Papers Linux Papers Malware Defense Papers Other Papers Russian Papers The Old New Thing Papers Windows Papers Malware Collections

APT Activity: 2014

NA/Illuminating the Etumbot APT Backdoor
NA/TR-25 Analysis - Turla - Pfinet - Snake- Uroburos
NA/The 'Penquin' Turla
NA/Operation Arachnophobia
NA/New Indicators of Compromise for APT Group Nitro Uncovered
NA/Democracy in Hong Kong Under Attack
NA/Putter Panda
NA/BLACKENERGY & QUEDAGH
NA/Scanbox
NA/Invincea
NA/Targeted Attacks Against the Energy Sector
NA/Hikit Analysis
NA/ZoxPNG Analysis
NA/The Rotten Tomato Campaign
NA/THE REGIN PLATFORM
NA/Uroburos
NA/When Governments Hack Opponents: A Look at Actors and Technology
NA/Dragonfly: Cyberespionage Attacks Against Energy Suppliers
NA/The Epic Turla Operation
NA/Embassy of Greece Beijing - Compromise
NA/BlackEnergy2 - Plugins - Router
NA/TOOHASH
NA/The Monju Incident
NA/Regin: Top-tier espionage tool enables stealthy surveillance
NA/Energetic Bear – Crouching Yeti
NA/Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN
NA/Operation Poisoned Handover
NA/FIN4 LIKELY PLAYING THE MARKET
NA/SAFFRON ROSE
NA/The mystery of North Korea’s cyber threat landscape
NA/Forced to Adapt: XSLCmd Backdoor Now on OS X
NA/Analysis of Chinese MITM on Google
NA/Targeted Threat Index: Characterizing and Quantifying Politically-Motivated Targeted Malware
NA/Aided Frame - Aided Direction (Because it’s a redirect)
NA/Full Disclosure of Havex Trojans
NA/El Machete
NA/ScanBox framework
NA/Zombie!Zero
NA/Operation Poisoned Hurricane
NA/OPERATION QUANTUM ENTANGLEMENT
NA/XtremeRAT: Nuisance or Threat
NA/Threat Spotlight: Group 72
NA/COSMICDUKE
NA/Snake
NA/Derusbi (Server Variant) Analysis
NA/DEEP PANDA
NA/SIDEWINDER
NA/New CDTO: A Sneakernet Trojan Solution
NA/NetTraveler APT Gets a Makeover for 10th Birthday
NA/Cloud Atlas: RedOctober APT is back in style
NA/The Uroburos case: new sophisticated RAT identified
NA/LeoUncia and OrcaRat
NA/OrcaRAT
NA/APT 28: A Window into Russia’s Cyber Espionage Operations
NA/Survival of the Fittest: New York Times Attackers Evolve Quickly
NA/Korplug military targeted attacks: Afghanistan & Tajikistan
NA/Miniduke still duking it out
NA/Darwin’s Favorite APT Group
2014.01.21/RSA Incident Response: Emerging Threat Profile Shell_Crew
2014.02.11/Unveiling “Careto” - The Masked APT
2014.02.13/Operation SnowMan DeputyDog Actor Compromises US Veterans of Foreign Wars Website
2014.02.20/Operation GreedyWonk: Multiple Economic and Foreign Policy Sites Compromised, Serving Up Flash Zero-Day Exploit
2014.02.20/Mo’ Shells Mo’ Problems – File List Stacking
2014.02.25/The French Connection: French Aerospace-Focused CVE-2014-0322 Attack Shares Similarities with 2012 Capstone Turbine Activity
2014.03.06/The Siesta Campaign: A New Cybercrime Operation Awakens
2014.03.12/A Detailed Examination of the Siesta Campaign
2014.05.28/NEWSCASTER: An Iranian Threat Within Social Networks
2014.05.28/Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation
2014.07.07/Deep in Thought: Chinese Targeting of National Security Think Tanks
2014.07.11/The Eye of the Tiger Part - PityTiger
2014.07.20/Sayad (Flying Kitten) Infostealer – is this the work of the Iranian Ajax Security Team?
2014.07.29/Threat Group-3279 Targets the Video Game Industry
2014.08.13/A Look at Targeted Attacks Through the Lense of an NGO
2014.08.18/Syrian Malware, the ever-evolving threat
2014.08.18/The Syrian Malware House of Cards
2014.10.22/Operation Pawn Storm - Using Decoys to Evade Detection
2014.11.10/DARKHOTEL IOC
2014.11.10/The Darkhotel APT - A Story of Unusual Hospitality
2014.11.13/Operation CloudyOmega - Ichitaro zero-day and ongoing
2014.11.14/OnionDuke - APT Attacks Via the Tor Network - F-Secure Weblog
2014.11.20/EvilBunny - SUSPECT #4
2014.11.21/Operation DoubleTap
2014.11.24/I am Ironman: DEEP PANDA Uses Sakula Malware to Target Organizations in Multiple Sectors
2014.12.02/Operation Cleaver
2014.12.05/WIPALL Malware Routines lead to #GOP Warning (Sony Hack)
2014.12.09/The Inception Framework: Cloud-hosted APT
2014.12.10/W32.Regin Stage 1
2014.12.12/Vinself now with steganography
2014.12.17/Wiper Malware - A Detection Deep Dive
2014.12.18/Malware Attack Targeting Syrian ISIS Critics
2014.12.19/Alert (TA14-353A)
2014.12.21/Operation Poisoned Helmand
2014.12.22/Anunak: APT against financial institutions

APT Activity: 2015

2015.01.11/Hong Kong SWC Attack
2015.01.12/Skeleton Key Malware Analysis
2015.01.15/Evolution of sophisticated spyware: from Agent.BTZ to ComRAT
2015.01.20/Analysis of Project Cobra
2015.01.20/Reversing the Inception APT Analysis
2015.01.22/An analysis of Regin's Hopscotch Legspin
2015.01.22/Scarab attackers took aim at select Russian targets since 2012
2015.01.22/The Waterbug attack group
2015.01.27/Module 50251 and the “Qwerty” keylogger
2015.01.29/Backdoor.Winnti attackers have a skeleton in their closet?
2015.01.29/Analysis of a Recent PlugX Variant - “P2P PlugX”
2015.02.02/Behind the syria conflict's Digital Front Lines
2015.02.04/Pawn Storm Update: iOS Espionage App Found
2015.02.10/Global Threat Intel Report
2015.02.16/Carbanak APT - The Great Bank Robbery
2015.02.16/Star of the malware galaxy
2015.02.16/Operation Arid Viper - Bypassing the Iron Dome
2015.02.17/Desert Falcons - Targeted Attacks
2015.02.17/A Fanny Equation - Am your father, Stuxnet
2015.02.18/Babar - espionage software finally found and put under the microscope
2015.02.18/Shooting Elephants
2015.02.24/Scanbox II
2015.02.25/Plugx Goes to the Registry (and India)
2015.02.25/Southeast Asia - An Evolving Cyber Threat Landscape
2015.02.27/The Anthem Hack: All Roads Lead to China
2015.03.05/Casper Malware - After Babar and Bunny, Another Espionage Cartoon
2015.03.06/Animals in the APT Farm
2015.03.06/Babar or Bunny
2015.03.10/Tibetan Uprising Day Malware Attacks
2015.03.11/Inside the EquationDrug Espionage Platform
2015.03.19/Operation Woolen-Goldfish - When Kittens Go Phishing
2015.03.31/Volatile Cedar
2015.04.12/APT 30 - And The Mechanics Of A Long-Running Cyber Espionage Operation
2015.04.15/The Chronicles of the Hellsing APT
2015.04.15/Indicators of Compormise Hellsing
2015.04.16/Operation Pawn Storm
2015.04.18/Operation RussianDoll - Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28
2015.04.20/Sofacy II– Same Sofacy, Different Day
2015.04.21/The CozyDuke APT
2015.04.22/CozyDuke
2015.04.27/Attacks Against Israeli & Palestinian Interests
2015.05.05/Attacks on France TV5 Monde
2015.05.07/Analysis of the Kraken malware that was used for a targeted attack in UAE
2015.05.12/APT28 Targets Financial markets: zero day hashes released
2015.05.13/Cylance SPEAR Team: A Threat Actor Resurfaces
2015.05.14/The Naikon APT - Tracking Down Geo-Political Intelligence Across APAC, One Nation at a Time
2015.05.14/Operation Tropic Trooper
2015.05.18/Cmstar Downloader: Lurid and Enfal’s New Cousin
2015.05.19/Operation Oil Tanker
2015.05.21/Naikon APT - The MsnMM Campaigns
2015.05.26/Dissecting-LinuxMoose
2015.05.27/Analysis On APT-To-Be Attack That Focusing On China's Government Agency
2015.05.27/Black Energy - Exfiltration of Data in ICS Networks
2015.05.28/Grabit and the RATs
2015.05.29/Ocean Lotus
2015.06.03/Thamar Reservoir - An Iranian cyber-attack campaign against targets in the Middle East
2015.06.04/Blue Termite
2015.06.09/Duqu 2.0 Win32K Exploit
2015.06.10/The Mystery of Duqu 2.0
2015.06.10/Duqu 2.0 - Technical Details
2015.06.12/Afghan Government Compromise - Browser Beware
2015.06.15/Targeted Attacks against Tibetan and Hong Kong Groups Exploiting CVE-2014-4114
2015.06.16/Operation Lotus Blossom
2015.06.22/Winnti targeting pharmaceutical companies
2015.06.24/UnFIN4ished Business
2015.06.26/Operation Clandestine Wolf
2015.06.28/APT on Taiwan
2015.06.30/Dino – the latest spying malware from an allegedly French espionage group analyzed
2015.07.08/APT Wekby Leveraging Adobe Flash Exploit CVE-2015-5119
2015.07.08/Wild Neutron – Economic espionage threat actor returns with new tricks
2015.07.09/Butterfly - Corporate spies out for financial gain
2015.07.10/APT group ups targets us gov
2015.07.13/Forkmeiam famous - SeaDuke, latest weapon in the Duke armory
2015.07.13/Demonstrating Hustle - Chinese APT Groups Quickly Use Zero‐Day Vulnerability (CVE‐2015‐5119)
2015.07.14/Mini Dionis: CozyCar’s New Ride Is Related to Seaduke
2015.07.14/How pawn storms java zero day was used
2015.07.20/Watering Hole Aerospace CVE-2015-5122 IsSpace
2015.07.20/China Hacks the Peace Palace
2015.07.22/Duke APT group's latest tools: cloud services and Linux support
2015.07.27/Apt29-Hammertoss: Stealthy Tactics Define a Russian Cyber Threat Group
2015.07.28/Black Vine cyberespionage group
2015.07.30/Operation Potao Express
2015.08.04/Terracotta VPN - Enabler of Advanced Threat Anonymity
2015.08.05/Threat Group-3390 Targets Organizations for Cyberespionage
2015.08.08/PoisonIvy and Links to an Extended PlugX Campaign
2015.08.10/HT_Exploit Cluster Telemetry
2015.08.19/New Internet Explorer zero-day exploited in Hong Kong attacks
2015.08.20/New Activity of the Blue Termite APT
2015.08.20/PlugX Threat Activity in Myanmar
2015.09.01/The Spy Kittens Are Back: Rocket Kitten 2
2015.09.08/Musical Chairs - gh0st Malware
2015.09.09/Satellite Turla APT Command and Control in the Sky
2015.09.15/PlugX in Russia
2015.09.16/The Shadow Knows - Malvertising campaigns use domain shadowing to pull in Angler EK
2015.09.17/Operation Iron Tiger
2015.09.17/Dukes - 7 years of Russian cyberespionage
2015.09.23/Project CameraShy
2015.10.03/Webmail Server APT - Methodology Targeting Microsoft Outlook Web Application
2015.10.05/njRAT and Dark Comet- Threat Identification Neutralizes Remote Access Trojan Efficacy
2015.10.15/Mapping FinFisher’s Continuing Proliferation
2015.10.16/Malware Attacks Against NGO & Burmese Govt Websites
2015.11.04/Evoling Threats - dissection of a Cyber-Espionage attack
2015.11.09/Rocket Kitten: A Campaign With 9 Lives
2015.11.10/Bookworm Trojan: A Model of Modular Architecture
2015.11.17/Pinpointing Targets Exploiting Web Analytics To Ensnare Victims
2015.11.18/Sakula Reloaded
2015.11.18/Tdrop 2 Attacks Suggest Dark Seoul Attackers Return
2015.11.18/Damballa discovers new toolset linked to Destover
2015.11.18/Russian financial cybercrime
2015.11.19/Decrypting Strings in Emdivi
2015.11.23/Prototype Nation - The Chinese Cybercriminal Underground in 2015
2015.11.23/Glass RAT - A Zero Detection Trojan from China
2015.11.23/Copy Kittens
2015.11.24/Bookworm Trojan - Attack Campaign on the Government of Thailand
2015.11.30/Ponmocup - A giant hiding in the shadows
2015.12.01/Admin-388 China Based Threat Group Uses Dropbox for Malware Communications
2015.12.04/Sofacy APT Hits High Profile Targets With Updated Toolset
2015.12.07/Iran Based Attackers use back door threats to spy on Middle Eastern targets
2015.12.07/Fin1 targets boot record
2015.12.08/Packrat: Seven Years of a South American Threat Actor
2015.12.13/Elise - Security Through Obesity
2015.12.15/Newcomers in the Derusbi family
2015.12.16/Operation Black Atlas
2015.12.17/APT 28: A Journey into Exfiltrating Intelligence and Government Information
2015.12.16/Dissecting the Malware Involved in the INOCNATION Campaign
2015.12.18/Attack on French Diplomat Linked to Operation Lotus Blossom
2015.12.20/The EPS Awakens
2015.12.22/BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger

APT Activity: 2016

2016.01.03/BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry
2016.01.07/Operation DustySky
2016.01.07/Rigging compromise - RIG Exploit Kit
2016.01.14/Waterbug Attack Group
2016.01.14/Needles in a Haystack
2016.01.19/China Advanced Persistent Threats Research Project
2016.01.21/NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan
2016.01.24/Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists
2016.01.26/Analyzing a New Variant of BlackEnergy 3 Likely Insider-Based Execution
2016.01.27/Hi ZOR RAT
2016.01.28/BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents
2016.01.29/Malicious Office files dropping Kasidet and Dridex
2016.01.29/Tinbapore: Millions of Dollars at Risk
2016.02.01/Massive Admedia Adverting iFrame Infection
2016.02.01/Organized Cybercrime Big in Japan: URLZone Now on the Scene
2016.02.03/Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?
2016.02.04/Advanced Modular Backdoor
2016.02.08/Know your enemies
2016.02.09/Poseidon’s APT Boutique
2016.02.11/india pakistan cyber rivalry
2016.02.12/Fysbis Sofacy Linux Backdoor
2016.02.23/Operation Dust Storm
2016.02.24/Operation Blockbuster Destructive Malware Report
2016.02.29/The Turbo Campaign, Featuring Derusbi for 64-bit Linux
2016.03.01/Operation Transparent Tribe
2016.03.02/New self‑protecting USB trojan able to avoid detection
2016.03.03/Shedding Light on BlackEnergy With Open Source Intelligence
2016.03.08/Operation OnionDog: Disclosing Targeted Attacks on Government and Industry Sectors in Korea
2016.03.09/MATRYOSHKA MINING: Lessons from Operation Russian Doll
2016.03.10/Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans
2016.03.14/Carbanak Group Targets Executives of Financial Organizations in the Middle East
2016.03.15/Suckfly: Revealing the secret life of your code signing certificates
2016.03.17/Taiwan Presidential Election A Case Study on Thematic Targeting
2016.03.18/Attack on Ukraine Power Grid
2016.03.23/Operation C-Major: Information Theft Campaign Targets Military Personnel in India
2016.03.25/ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe
2016.04.12/Targeted attacks in South and Southeast Asia
2016.04.15/Pandas & Bears
2016.04.18/Between Hong Kong and Burma Tracking UP007 and SLServer Espionage Campaigns
2016.04.21/New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists
2016.04.21/teaching an old rat new tricks
2016.04.22/The Ghost Dragon
2016.04.26/Iran opens a new front
2016.04.26/New Poison Ivy Activity Targeting Myanmar, Asian Countries
2016.04.27/Freezer Paper around Free Meat- Repackaging Open Source BeEF for Tracking and More
2016.05.02/goznym malware
2016.05.02/Prince of Persia: Infy Malware Active In Decade of Targeted Attacks
2016.05.05/Jaku Botnet Campaign
2016.05.06/Exploring CVE-2015-2545 and its users
2016.05.09/Using honeypots & diamond model for ics threat analysis
2016.05.10/Backdoor as a Software Suite: How TinyLoader Distributes and Upgrades PoS Threats
2016.05.17/indian organizations targeted suckfly attacks
2016.05.17/Mofang A politically motivated information stealing adversary
2016.05.18/Operation Groundbait: Analysis of a surveillance toolkit
2016.05.22/Operation Ke3chang Resurfaces With New TidePool Malware
2016.05.22/Targeted attacks against banks in middle east
2016.05.23/APT Case RUAG Technical Report
2016.05.24/New Wekby Attacks Use DNS Requests As Command and Control Mechanism
2016.05.25/cve-2015-2545: overview of current threats
2016.05.26/The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoo
2016.05.27/ixeshe derivative iheate targets users in america
2016.06.02/FastPOS: Quick and Easy Credit Card Theft
2016.06.09/Operation- Dusty Sky II
2016.06.16/Bears in the Midst Intrusion into the Democratic National Committee »
2016.06.16/DNC networks
2016.06.17/Operation Daybreak
2016.06.21/REDLINE DRAWN: CHINA RECALCULATES ITS USE OF CYBER ESPIONAGE
2016.06.21/the curious case of an unknown trojan targeting german speaking users
2016.06.21/visiting the bear den recon 2016 calvet campos dupuy
2016.06.23/Tracking Elirks Variants in Japan: Similarities to Previous Attacks
2016.06.26/Nigerian cybercriminals target high impact industries in India
2016.06.26/The State of the ESILE/Lotus Blossom Campaign
2016.06.28/Investigation of traces of execution of attack tools, etc. for incident investigation report
2016.06.28/Prince of Persia Game Over
2016.06.29/MONSOON – ANALYSIS OF AN APT CAMPAIGN
2016.06.30/Asruex: Malware Infecting through Shortcut Files
2016.07.01/Pacifier APT
2016.07.01/SBDH toolkit targeting central eastern europe uncovered
2016.07.03/From HummingBad to Worse NEW DETAILS AND AN IN-DEPTH ANALYSIS OF THE HUMMINGBAD ANDROID MALWARE CAMPAIGN
2016.07.07/nettraveler apt targets russian european interests
2016.07.07/Unveiling Patchwork The Copy-Paste APT: A targeted attack caught with cyber deception
2016.07.08/The Dropping Elephant – aggressive cyberespionage in the Asian region
2016.07.12/NANHAISHU RATing the South China Sea
2016.07.13/SFG: Furtim's Derivative
2016.07.21/Hide and Seek: How Threat Actors Respond in the Face of Public Exposure
2016.07.21/Sphinx (APT-C-15) Targeted Attacks in the Middle East
2016.07.26/attack delivers 9002 trojan through google drive
2016.07.28/China's Espionage Dynasty: Economic Death by a Thousand Cuts
2016.08.02/Group5: Syria and the Iranian Connection
2016.08.03/Operation Manul: I Got a Letter From the Government the Other Day... Unveiling a Campaign of Intimidation, Kidnapping, and Malware in Kazakhstan
2016.08.04/Running for Office: Russian APT Toolkit Revealed
2016.08.06/The Mahabharata Group (APT-C-09) Targeted Attack Threat from South Asia
2016.08.07/Strider: Cyberespionage group turns eye of Sauron on targets
2016.08.08/MONSOON – ANALYSIS OF AN APT CAMPAIGN
2016.08.08/The ProjectSauron APT Technical Analysis
2016.08.11/Iran And The Soft War For Internet-Dominance
2016.08.16/Aveo Malware Family Targets Japanese Speaking Users
2016.08.17/Operation Ghoul: targeted attacks on industrial and engineering organizations
2016.08.19/Russian Cyber Operations On Steroids
2016.08.24/Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender
2016.08.25/Pegasus Technical Analysis
2016.09.01/Iran And The Soft War For Internet Dominance
2016.09.06/Buckeye cyberespionage group shifts gaze from US to Hong Kong
2016.09.14/MILE TEA: Cyber Espionage Campaign Targets Asia Pacific Businesses and Government Agencies
2016.09.18/Hunting Libyan Scorpions
2016.09.26/Sofacy’s ‘Komplex’ OS X Trojan
2016.09.28/Confucius Says…Malware Families Get Further By Abusing Legitimate Websites
2016.09.28/Russia Hacks Bellingcat MH17 Investigation
2016.09.29/China & Cyber Attitudes Strategies Organisation
2016.10.03/On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users
2016.10.05/WAVE YOUR FALSE FLAGS! DECEPTION TACTICS MUDDYING ATTRIBUTION IN TARGETED ATTACKS
2016.10.16/A Tale of Two Targets
2016.10.20/En Route with Sednit Part 1: Approaching the Target
2016.10.25/Houdini's Magic Reappearance
2016.10.25/En Route with Sednit Part 2: Observing the Comings and Goings
2016.10.26/Moonlight – Targeted attacks in the Middle East
2016.10.27/BLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List
2016.10.27/En Route with Sednit Part 3: A Mysterious Downloader
2016.10.31/Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?
2016.11.03/When the Lights Went Out: A Comprehensive Review of the 2015 Attacks on Ukranian Critical Infrastructure
2016.11.09/Down the H-W0rm Hole with Houdini's RAT
2016.11.22/Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy
2016.11.30/MALWARE ACTORS USING NIC CYBER SECURITY THEMED SPEAR PHISHING TO TARGET INDIAN GOVERNMENT ORGANIZATIONS
2016.12.13/The rise of TeleBots: Analyzing disruptive KillDisk attacks
2016.12.15/Microsoft Security Intelligence Report

APT Activity: 2017

2017.01.05/Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford
2017.01.09/Second Wave of Shamoon 2 Attacks Identified
2017.01.11/APT28: AT THE CENTER OF THE STORM RUSSIA STRATEGICALLY EVOLVES ITS CYBER OPERATIONS
2017.01.12/The “EyePyramid” Attacks
2017.01.15/Bear Spotting Vol. 1: Russian Nation State Targeting of Government and Military Interests
2017.01.18/Operation Grand Mars: Defending Against Carbanak Cyber Attacks
2017.01.19/URI TERROR ATTACK & KASHMIR PROTEST THEMED SPEAR PHISHING EMAILS TARGETING INDIAN EMBASSIES AND INDIAN MINISTRY OF EXTERNAL AFFAIRS
2017.01.25/Detecting threat actors in recent German industrial attacks with Windows Defender ATP
2017.01.30/Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments
2017.02.02/Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX
2017.02.03/KINGSLAYER– A SUPPLY CHAIN ATTACK
2017.02.03/Several Polish banks hacked, information stolen by unknown attackers
2017.02.10/CYBER ATTACK TARGETING INDIAN NAVY’S SUBMARINE AND WARSHIP MANUFACTURER
2017.02.10/Enhanced Analysis of GRIZZLY STEPPE Activity
2017.02.12/LAZARUS & WATERING-HOLE ATTACKS
2017.02.14/Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal
2017.02.15/Deep Dive On The DragonOK Rambo Backdoor
2017.02.15/Iranian PupyRAT Bites Middle Eastern Organizations
2017.02.15/Magic Hound Campaign Attacks Saudi Targets
2017.02.15/The Full Shamoon: How the Devastating Malware Was Inserted Into Networks
2017.02.16/Technical analysis of recent attacks against Polish banks
2017.02.17/ChChes – Malware that Communicates with C&C Servers Using Cookie Headers
2017.02.20/Lazarus False Flag Malware
2017.02.21/Additional Insights on Shamoon2
2017.02.22/Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government
2017.02.23/Dissecting the APT28 Mac OS X Payload
2017.02.27/The Gamaredon Group Toolset Evolution
2017.02.28/AtomBombing: A Code Injection that Bypasses Current Security Solutions
2017.03.06/FROM SHAMOON TO STONEDRILL Wipers attacking Saudi organizations and beyond
2017.03.08/Targeted Attack Campaigns with Multi-Variate Malware Observed in the Cloud
2017.03.14/Operation Electric Powder – Who is targeting Israel Electric Company?
2017.03.15/English Report of "FHAPPI Campaign" - FreeHosting APT PowerSploit Poison Ivy
2017.04.05/Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA
2017.04.06/Operation Cloud Hopper
2017.04.10/Longhorn: Tools used by cyberespionage group linked to Vault 7
2017.04.11/Unraveling the Lamberts Toolkit
2017.04.13/Callisto Group
2017.04.13/Teamspy - A deeper look into malware abusing TeamViewer
2017.04.14/PlexingEagle: A surprise encounter with a Telco APT
2017.04.27/Iranian Fileless Attack Infiltrates Israeli Organizations
2017.05.03/Kazuar: Multiplatform Espionage Backdoor with API Access
2017.05.03/KONNI: A Malware Under The Radar For
2017.05.03/Spy Tracker: The world's first UEFI motherboard BIOS Trojan
2017.05.14/Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations
2017.05.24/OPERATION COBALT KITTY- A LARGESCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP
2017.05.30/LAZARUS ARISEN ARCHITECTURE / TOOLS / ATTRIBUTION
2017.06.12/CRASHOVERRIDE: Analysis of the Threat to Electric Grid Operations
2017.06.12/WIN32/INDUSTROYER A new threat for industrial control systems
2017.06.13/HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure
2017.06.14/Phantom of the Opaera: New KASPERAGENT Malware Campaign
2017.06.15/North Korea Is Not Crazy
2017.06.18/APT3 Uncovered: The code evolution of Pirpi
2017.06.19/SHELLTEA + POSLURP MALWARE: MEMORY-RESIDENT POINT-OF-SALE MALWARE ATTACKS INDUSTRY
2017.06.22/Following the Trail of BlackTech’s Cyber Espionage Campaigns
2017.06.22/The New and Improved macOS Backdoor from OceanLotus
2017.06.26/Threat Group-4127 Targets Google Accounts
2017.06.30/A gut feeling of old acquaintances, new tools, and a common battleground
2017.06.30/TeleBots are back: Supply-chain attacks against Ukraine
2017.07.05/Insider Information: An intrusion campaign targeting Chinese language news sites
2017.07.06/Operation Desert Eagle
2017.07.10/OSX Malware Linked to Operation Emmental Hijacks User Network Traffic
2017.07.11/Winnti Evolution - Going Open Source
2017.07.18/Inexsmar: An unusual DarkHotel campaign
2017.07.18/Recent Winnti Infrastructure and Samples
2017.07.24/“Tick” Group Continues Attacks
2017.07.27/ChessMaster Makes its Move: A Look into the Campaign's Cyberespionage Arsenal
2017.07.27/OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group
2017.07.27/Operation Wilted Tulip Exposing a cyber espionage apparatus
2017.08.01/Cobalt strikes back: an evolving multinational threat to finance
2017.08.08/APT Trends report Q2 2017
2017.08.11/APT28 Targets Hospitality Sector, Presents Threat to Travelers
2017.08.15/The Curious Case of Notepad and Chthonic: Exposing a Malicious Infrastructure
2017.08.17/Turla APT actor refreshes KopiLuwak JavaScript backdoor for usein G20-themed attack
2017.08.18/Russian Bank Offices Hit with Broad Phishing Wave
2017.08.25/Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures
2017.08.30/Gazing at Gazer Turla’s new second stage backdoor
2017.08.30/WhiteBear
2017.09.06/Dragony: Western energy sector targeted by sophisticated attack group
2017.09.06/Intelligence Games in the Power Grid
2017.09.12/Fireye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY
2017.09.18/CCleanup: A Vast Number of Machines at Risk
2017.09.18/An (un)documented Word feature abused by attackers
2017.09.20/Evidence Aurora Operation Still Active- Supply Chain Attack Through CCleaner
2017.09.20/CCleaner Command and Control Causes Concern
2017.09.28/Threat Actors Target Government of Belarus Using CMSTAR Trojan
2017.10.02/E vidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers
2017.10.10/Post-Soviet Bank Heists: A Hybrid Cybercrime Study
2017.10.12/BRONZE BUTLER Targets Japanese Enterprises
2017.10.16/BlackOasis APT - new targed attacks leveraging zero-day exploit
2017.10.16/Leviathan: Espionage actor spearphishes maritime and defense targets
2017.10.16/Taiwan Heist: Lazarus Tools and Ransomware
2017.10.19/Operation PZCHAO Inside a highly specialized espionage infrastructure
2017.10.20/Bad Patch
2017.10.24/Iranian Threat Agent Greenbug Impersonates Israeli High-Tech and Cyber Security Companies
2017.10.27/Bahamut Revisited, More Cyber Espionage in the Middle East and South Asia
2017.10.30/New targets, use of MS Access Macros and CVE 2017-0199, and possible mobile espionage
2017.10.31/Night of the Devil: Ransomware or wiper? A look into targeted attacks in Japan using MBR-ONI
2017.11.02/New Insights into Energetic Bear's Attacks on Turkish Critical Infrastructure
2017.11.02/Recent InPage Exploits Lead to Multiple Malware Families
2017.11.02/The KeyBoys are back in town
2017.11.02/LeetMX – a Yearlong Cyber-Attack Campaign Against Targets in Latin America
2017.11.06/ChessMaster’s New Strategy: Evolving Tools and Tactics
2017.11.06/OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society
2017.11.07/Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror
2017.11.07/Sowbug: Cyber espionage group targets South American and Southeast Asian governments
2017.11.10/New Malware with Ties to SunOrcal Discovered
2017.11.14/Muddying the Water: Targeted Attacks in the Middle East
2017.11.22/A dive into MuddyWater APT targeting Middle-East
2017.12.04/The Shadows of Ghosts: Inside the Response of a Unique Carbanak Intrusion Blog Post
2017.12.04/The Shadows of Ghosts: Inside the Response of a Unique Carbanak Intrusion Whitepaper
2017.12.05/Charming Kitten Iranian cyber espionage against human rights activists, academic researchers and media outlets - and the HBO hacker connection
2017.12.07/New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit
2017.12.11/MoneyTaker 1.5 YEARS OF SILENT OPERATIONS
2017.12.11/Untangling the Patchwork Cyberespionage Group
2017.12.14/Attackers Deploy New ICS Attack Framework "Triton" and Cause Operational Disruption to Critical Infrastructure
2017.12.17/Operation Dragony Analysis Suggests Links to Earlier Attacks
2017.12.19/North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group

APT Activity: 2018

2018.01.04/Iran's Cyber Threat Carnegie
2018.01.06/Pyeong Olympics Maldoc
2018.01.07/Operation DustySky
2018.01.07/Operation DustySky - Additional Info
2018.01.09/The Turla Mosquito - Targeting Eastern Diplomats
2018.01.09/Turla - Deployment via Adobe Flash Installer
2018.01.11/North Korean Defectors and Journalists Targeted via Social Networks and KakaoTalk
2018.01.12/Pawn Storm - Update
2018.01.15/New KillDisk Variant Hits Financial Organizations in Latin America
2018.01.16/Group 123 - Korea In The Crosshairs
2018.01.16/Lazarus - South Korean Cryptocurrency Users and Exchange Targeted in 2017
2018.01.16/Skygofree IOCs
2018.01.16/Skygofree - In the Footsteps of HackingTeam
2018.01.18/Dark Caracal - Cyber-espionage at a Global Scale
2018.01.18/Turla Neuron Malware
2018.01.24/Lazarus - New RATANKBA and More
2018.01.25/OilRig - RGDoor IIS Backdoor on Targets in Middle East
2018.01.26/Top Hat Campaign Targets Middle East Using 3rd Party Services
2018.01.27/Dragonfish - New Elise Malware Used for Espionage
2018.01.29/PoriewSpy - Android Malware Targeting India
2018.01.29/VERMIN - Quasar RAT and Custom Malware Used In Ukraine
2018.01.30/APT32 - Maldoc Delivering Elise Backdoor
2018.01.31/Comnie Continues to Target Orgs in East Asia
2018.02.01/Operation Pzchao - A Highly Specialized Espionage Infrastructure
2018.02.02/Gold Dragon - Permanent Presence on Systems During Olympics Attack
2018.02.07/VBS Campaign - Dar El-Jaleel Decoy Documents
2018.02.13/Deciphering Confucius' Cyberespionage Operations
2018.02.13/Lotus Blossom Continues ASEAN Targeting
2018.02.20/APT37 - The Overlooked North Korean Actor
2018.02.20/APT37 - The Overlooked North Korean Actor Summary
2018.02.20/Sofacy (APT28) Analysis
2018.02.20/Musical Chairs Playing Tetris
2018.02.21/Tempting Cedar Spyware - Fake Kik Messenger APK
2018.02.28/Chafer - Latest Attacks Reveal Heightened Ambitions
2018.02.28/Sofacy Attacks Multiple Government Entities
2018.03.01/MuddyWater - A Quick Dip into Recent Activity
2018.03.02/Operation Honeybee - Maldoc Campaign Targeting Humanitarian Aid
2018.03.05/ComboJack - Clipboard-Altering Malware Made to Steal Cryptocurrency
2018.03.06/The Slingshot APT - Exploiting MikroTik Devices and More
2018.03.07/Patchwork Keeps Delivering BADNEWS
2018.03.08/Donot Team Leveraging Modular Malware "yty" in South Asia
2018.03.08/Hidden Cobra - New Bankshot Implant Targets Turkish Financial Sector
2018.03.08/OlympicDestroyer - A Wiper Targeting Winter Olympics
2018.03.08/Territorial Dispute - NSA's perspective on APT landscape
2018.03.09/APT15 - Uncovering New Tools
2018.03.09/APT15 - RoyalCli and RoyalDNS Analysis
2018.03.09/Masha and These Bears - 2018 Sofacy Activity
2018.03.09/New traces of Hacking Team in the wild
2018.03.09/Sandvine's PacketLogic Devices Abused By APT for Delivering Malware
2018.03.12/Suspected New MuddyWater Campaign Targeting Turkey, Pakistan and Tajikistan
2018.03.13/Therapeutic Postmortem of Connected Medicine
2018.03.13/BlackTDS - Drive-By as a Service
2018.03.13/TEMP.Zagros - Iranian Threat Group Updates TTPs in Spear Phishing Campaign
2018.03.13/OceanLotus - Old Techniques, New Backdoor
2018.03.14/Inception Framework - Espionage Group Hiding in Plain Sight
2018.03.14/Tropic Trooper's New Strategy
2018.03.15/Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure (TA18-074A)
2018.03.23/Targeted Attacks on South Korean Organizations Using Local Word Processor (ASEC)
2018.03.27/Panda Banker Targeting Japanese Targets
2018.03.29/ChessMaster Adds Updated Tools to Its' Arsenal
2018.03.31/NavRAT - Using US-North Korea Summit As A Decoy For South Korean Attacks
2018.04.04/OceanLotus - New MacOS Backdoor
2018.04.12/Operation Parliament - Geopolitical Operation Targeting High Profile Organizations
2018.04.17/Iron Tiger Gh0st RAT Variant - Decoding the Network Data
2018.04.23/Energetic Bear / Crouching Yeti - Attacks on Servers
2018.04.23/HOGFISH Targeting Japan With RedLeaves Implants
2018.04.23/Orangeworm - Trojan.Kwampirs Targeting Healthcare Sector
2018.04.24/Metamorfo Campaigns Deliver Banking Trojans to Brazilian Users
2018.04.24/Operation GhostSecret Analysis - Worldwide Data Stealing
2018.04.24/Sednit Group Analysis
2018.04.26/GravityRAT - The Two-Year Evolution of an APT Targeting India
2018.04.27/Ocean Lotus
2018.05.03/Burning Umbrella - Winnti Umbrella and Associated State-Sponsored Attackers
2018.05.03/Red Eyes Hacking Group - A Detailed Analysis
2018.05.03/Who's who in the Zoo: ZooPark Summary
2018.05.03/Who's who in the Zoo: ZooPark Analysis
2018.05.09/CVE-2018-8174 - VBScript 0day Targeting IE and IE Kernel
2018.05.09/Iran's Hacker Hierarchy Exposed
2018.05.22/The Destruction of APT3
2018.05.22/Turla Mosquito - An Update
2018.05.23/Confucius Update - New Tools and Techniques, Further Connections with Patchwork
2018.05.23/VPNFilter Malware Targets At Least 500K Networking Devices Worldwide
2018.05.29/Iron Cybercrime Group Analysis
2018.06.06/Operation Prowli - Monetizing 40K Victim Machines
2018.06.06/Sofacy Group's Parallel Attacks
2018.06.06/VPNFilter Update - Exploiting Endpoints and Targeting New Devices
2018.06.07/Adobe Flash 0day Leveraged for Targeted Middle East Attack
2018.06.07/Patchwork APT Targeting US Think Tanks
2018.06.07/Totally Tubular Treatise on TRITON and TriStation
2018.06.13/LuckyMouse Organizing Country-Level Waterholing Campaign
2018.06.14/New MuddyWater Campaign Leveraging PowerShell-based PRB Backdoor
2018.06.14/MirageFox - APT15 Resurfaces With New Tools
2018.06.19/OlympicDestroyer - Still Alive
2018.06.20/Thrip Espionage Group Hits Satellite-, Telco- and Defense Companies
2018.06.22/Tick Group Weaponizing Secure USB Drives to Hit Air-Gapped Critical Systems
2018.06.23/Andariel Group - A Full Discloser (AhnLab)
2018.06.26/RANCOR - Targeted Attacks in SEA using PLAINTEE and DDKONG Malware
2018.06.xx/Operation Red Gambler
2018.07.08/The Big Bang - APT Attack In the Middle East
2018.07.08/Hussarini - A Targeted Cyber Attack in the Philippines
2018.07.09/BlackTech Group Steals Multiple Taiwanese Certificates
2018.07.12/Malicious MDM In India - An Advanced Mobile Malware Cmampaign
2018.07.13/Operation Roman Holiday - Hunting the Russian APT28
2018.07.16/New Andariel Recon Tactics Hint At Next Targets
2018.07.23/APT27 - A Long-term Espionage Campaign in Syria
2018.07.27/DarkHydrus - A New Threat Actor Targeting Middle East Government
2018.07.31/APT SideWinder Exploiting CVE-2017-11882
2018.07.31/Bisonal Malware Used In Attacks Against Russia and South Korea
2018.08.01/Maldoc Targeting Vietnamese Officials (SideWinder)
2018.08.02/Goblin Panda - Even More Maldocs Exploiting CVE-2017-11882
2018.08.02/GOLDFIN - A Persistent campaign Targeting CIS with SOCKSBOT
2018.08.02/Gorgon Group - An Unit 42 Analysis
2018.08.09/North Korean Malware Code Reuse
2018.08.16/Chinese Cyberespionage Operation Originating from Tshinghua University
2018.08.21/Supply Chain Attack "Operation Red Signature" Targets South Korean Organizations
2018.08.21/Turla Outlook Backdoor - An Unusual Turla Backdoor
2018.08.23/Operation AppleJeus - Lazarus Hits Cryptocurrency Exchange
2018.08.28/CeidPageLock - A Chinese RootKit
2018.08.29/Bahamut Confucius and Patchwork IOCs
2018.08.29/The Urpage Connection to Bahamut, Confucius and Patchwork
2018.08.30/Cobalt Group - "Double the Infection, Double the Fun"
2018.08.30/Hidden Bee Elements - Reversing Malware in a Custom Format
2018.08.30/Two Birds, One STONE PANDA
2018.08.30/In the Trails of WindShift APT
2018.09.04/OilRig Targets ME Government and Adds Evation Techniques to OopsIE Trojan
2018.09.04/Silence - A New and Active Criminal APT (GROUP-IB)
2018.09.07/Domestic Kitten - An Iranian Surveillance Operation
2018.09.07/Goblin Panda Targets Cambodia
2018.09.07/Targeted Attack on Indian Ministry of External Affairs using Crimson RAT
2018.09.10/LuckyMouse - Malicious NDISProxy Driver Signing Using Chinese IT Company Cert
2018.09.13/APT10 Targeting Japanese Corporations Using Updated TTPs
2018.09.19/Green Spot APT
2018.09.20/Poison Trumpet Vine Operation
2018.09.27/LoJax - First UEFI Rootkit Found in the Wild - Courtesy of the Sednit Group
2018.10.03/APT38 - Un-usual Suspects from North Korea
2018.10.10/MuddyWater Expands Operations
2018.10.11/Gallmaker - A New Espionage Group Targeting Gov, Mil and Defense Sectors
2018.10.15/Octopus - Malware Targeting Ex-Soviet Republics in Central Asia
2018.10.17/GreyEnergy - Updated Arsenal of one of the Most Dangerous Threat Actors
2018.10.17/GreyEnergy - A Successor to BlackEnergy
2018.10.17/The SpyRATS of OceanLotus (Cylance)
2018.10.17/MartyMcFly - Cyber-Espionage Campaign Targeting the Naval Industry
2018.10.17/MartyMcFly Malware - Targeting the Naval Industry
2018.10.18/APT Sidewinder - New TTPs to Install Their Backdoor
2018.10.18/Tracking "Tick" Through Recent Campaigns Targeting East Asia
2018.10.18/Operation Oceansalt Attacks South Korea, US and Canada with Chinese Source Code
2018.10.19/DarkPulsar Analysis (Securelist)
2018.11.01/Outlaw Group Utilizing Perl-Based IRC Shellbot
2018.11.05/Inception Attackers Targeting Europe With Year-old Office Vulnerability
2018.11.08/FASTCash - How the Lazarus Group is Emptying Millions from ATMs
2018.11.13/TEMP.Periscope Targets UK-Based Engineering Company using Russian APT Techniques
2018.11.19/Not So Cozy - An Uncomfortable Examination of a Suspected APT29 Phishing Campaign
2018.11.20/Lazarus Attacks Financial Organizations in Latin America
2018.11.27/DNSpionage Campaign Targeting Middle East
2018.11.28/MuddyWater Operations in Lebanon and Oman
2018.11.28/Tropic Trooper Attack - A Microsoft Analysis
2018.11.29/Attacking Pakistan By Exploiting InPage Vulnerability
2018.11.30/New PowerShell-based Backdoor Found in Turkey - Strikingly Similar to MuddyWater
2018.11.xx/The Hunt for 3ve - Taking Down a Major Fraud Operation Through Industry Collaboration
2018.12.11/Poking the Bear - Three-Year Campaign Targets Russian Critical Infrastructure
2018.12.12/Donot Group Targeting Pakistani Businessman Working in China
2018.12.12/Operation Sharpshooter - Campaign Targets Global Defense, Critical Infrastructure
2018.12.13/The Return of The Charming Kitten
2018.12.13/Shamoon 3 Targets Oil and Gas Organization Saipem
2018.12.13/Tiledeb - Analyzing the 18-year-old Implant from the Shadow Brokers' Leak
2018.12.18/URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader
2018.12.20/Analyzing WindShift's Implant: OSX.WindTail (Part 1)
2018.12.27/The Enigmatic "Roma225" Campaign
2018.12.28/Goblin Panda Changes Dropper and Reuses Old Infrastructure

APT Activity: 2019

2019.01.16/Latest Target Attack of DarkHydruns Group Against Middle East (CHI and ENG translation)
2019.01.17/Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security Products
2019.01.18/DarkHydrus delivers new Trojan that can use Google Drive for C2 communications
2019.01.24/Carbon Black TAU & ThreatSight Analysis: GandCrab and Ursnif Campaign
2019.01.30/Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities
2019.02.01/Tracking OceanLotus’ new Downloader, KerrDown
2019.02.05/Analyzing Digital Quartermasters in Asia – Do Chinese and Indian APTs Have a Shared Supply Chain?
2019.02.06/APT10 Targeted Norwegian MSP and US Companies in Sustained Campaign
2019.02.14/Suspected Molerats' New Attack in the Middle East (CHI and ENG translation)
2019.02.18/APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations
2019.02.20/IT IS IDENTIFIED ATTACKS OF THE CIBERCRIMINAL LAZARUS GROUP DIRECTED TO ORGANIZATIONS IN RUSSIA (SPA and ENG translation)
2019.02.25/Defeating Compiler-Level Obfuscations Used in APT10 Malware
2019.02.26/The Arsenal Behind the Australian Parliament Hack
2019.02.27/A Peek into BRONZE UNION’s Toolbox
2019.02.28/Ransomware, Trojan and Miner together against “PIK-Group”
2019.03.04/APT40: Examining a China-Nexus Espionage Actor
2019.03.06/Op. “Pistacchietto”: An Italian Job
2019.03.07/New SLUB Backdoor Uses GitHub, Communicates via Slack
2019.03.08/Supply Chain – The Major Target of Cyberespionage Groups
2019.03.11/Gaming industry still in the scope of attackers in Asia
2019.03.12/Operation Comando: How to Run a Cheap and Effective Credit Card Business
2019.03.13/DMSniff POS Malware Actively Leveraged to Target Small-Medium-Sized Businesses
2019.03.22/LUCKY ELEPHANT Campaign Masquerading
2019.03.25/Operation ShadowHammer
2019.03.27/Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
2019.03.28/Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole
2019.04.02/OceanLotus Steganography
2019.04.10/The Muddy Waters of APT Attacks
2019.04.10/Gaza Cybergang Group1, operation SneakyPastes
2019.04.10/Project TajMahal – a sophisticated new APT framework
2019.04.17/AAggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign
2019.04.19/“Funky malware format” found in Ocean Lotus sample
2019.04.22/FINTEAM: Trojanized TeamViewer Against Government Targets
2019.04.23/Operation ShadowHammer: a high-profile supply chain attack
2019.04.24/TA 505 and other Threat Actors targeting US retailers and financial organizations in Europe, APAC and LATAM
2019.04.30/SectorB06 using Mongolian language in lure document
2019.05.03/Who’s Who in the Zoo. Cyberespionage Operation Targets Android Users in the Middle East.
2019.05.07/ATMitch: New Evidence Spotted In The Wild
2019.05.08/FIN7.5: the infamous cybercrime rig “FIN7” continues its activities
2019.05.09/ranian Nation-State APT Groups 'Black Box' Leak
2019.05.11/Chinese Actor APT target Ministry of Justice Vietnamese
2019.05.13/ScarCruft continues to evolve, introduces Bluetooth harvester
2019.05.15/Winnti: More than just Windows and Gates
2019.05.18/Operation BlackLion
2019.05.19/HiddenWasp Malware Stings Targeted Linux Systems
2019.05.22/A journey to Zebrocy land
2019.05.24/Uncovering New Activity By APT10
2019.05.27/Saber Lions Organization (APT-C-38) Attacks Uncovered (CHI and ENG translation)
2019.05.28/Emissary Panda Attacks Middle East Government Sharepoint Servers
2019.05.29/TA505 is Expanding its Operations
2019.05.30/10 years of virtual dynamite: A high-level retrospective of ATM malware
2019.06.03/Zebrocy’s Multilanguage Malware Salad
2019.06.04/An APT Blueprint: Gaining New Visibility into Financial Threats
2019.06.05/Scattered Canary: The Evolution and Inner Workings of a West African Cybercriminal Startup Turned BEC Enterprise
2019.06.10/New Muddy Waters Activity Uncovered
2019.06.10/MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools
2019.06.11/The Discovery of Fishwrap: A New Social Media Information Operation Methodology
2019.06.12/Threat Group Cards: A Threat Actor Encyclopedia
2019.06.20/New Approaches Utilized by OceanLotus to Target An Environmental Group in Vietnam
2019.06.21/Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments
2019.06.25/Analysis of MuddyC3, a New Weapon Used by MuddyWater
2019.06.26/Iranian Threat Actor Amasses Large Cyber Operations Infrastructure Network to Target Saudi Organizations
2019.06.27/ShadowGate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit
2019.07.01/Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus
2019.07.03/Multiple Chinese Threat Groups Exploiting CVE-2018-0798 Equation Editor Vulnerability Since Late 2018
2019.07.04/‘Twas the night before | NewsBeef
2019.07.09/Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques
2019.07.11/BBuhtrap group uses zero‑day in latest espionage campaigns
2019.07.15/SWEED: Exposing years of Agent Tesla campaigns
2019.07.16/SLUB Gets Rid of GitHub, Intensifies Slack Use
2019.07.17/EvilGnome: Rare Malware Spying on Linux Desktop Users
2019.07.18/Hard Pass: Declining APT34’s Invite to Join Their Professional Network
2019.07.24/Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia
2019.08.05/MACHETE just got sharper
2019.08.05/Sharpening the Machete
2019.08.07/APT41: A Dual Espionage and Cyber Crime Operation
2019.08.07/APT41 Double Dragon APT41, a dual espionage and cyber crime operation
2019.08.08/Suspected BITTER APT Continues Targeting Government of China and Chinese Organizations
2019.08.12/Recent Cloud Atlas activity
2019.08.14/In the Balkans, businesses are under fire from a double‑barreled weapon
2019.08.20/Malware analysis about unknown Chinese APT campaign
2019.08.21/The Gamaredon Group: A TTP Profile Analysis
2019.08.22/Operation Task Masters: Cyberespionage in the digital economy age
2019.08.26/APT-C-09 Reappeared as Conflict Intensified Between India and Pakistan
2019.08.27/China Chopper still active 9 years later
2019.08.29/More_eggs, Anyone? Threat Actor ITG08 Strikes Again
2019.08.31/Malware analysis on Bitter APT campaign (31-08-19)
2019.09.04/Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions
2019.09.05/UPSynergy: Chinese-American Spy vs. Spy Story
2019.09.06/BITTER APT: Not So Sweet
2019.09.09/Thrip: Ambitious Attacks Against High Level Targets Continue
2019.09.11/ RANCOR APT: Suspected targeted attacks against South East Asia
2019.09.15/The Kittens Are Back in Town: Charming Kitten Campaign Against Academic Researchers
2019.09.18/Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites
2019.09.18/Tortoiseshell Group
2019.09.24/DeadlyKiss: Hit One to Rule Them All
2019.09.26/Chinese APT Hackers Attack Windows Users via FakeNarrator Malware to Implant PcShare Backdoor
2019.09.30/HELO Winnti: Attack or Scan?
2019.10.01/New Adwind Campaign targets US Petroleum Industry
2019.10.03/PKPLUG: Chinese Cyber Espionage Group Attacking Asia
2019.10.04/GEOST BOTNET. THE STORY OF THE DISCOVERY OF A NEW ANDROID BANKING TROJAN FROM AN OPSEC ERROR
2019.10.07/The Kittens Are Back in Town 2 – Charming Kitten Campaign Keeps Going on, Using New Impersonation Methods
2019.10.09/FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops
2019.10.10/AT COMMANDS, TOR-BASED COMMUNICATIONS:MEET ATTOR, A FANTASY CREATURE AND ALSO A SPY PLATFORM
2019.10.10/ESET discovers Attor, a spy platform with curious GSM fingerprinting
2019.10.14/Is Emotet gang targeting companies with external SOC?
2019.10.15/LOWKEY: Hunting for the Missing Volume Serial ID
2019.10.17/Operation Ghost: The Dukes aren’t back — they never left
2019.10.21/Winnti Group’s skip-2.0_ A Microsoft SQL Server backdoor
2019.10.24/HHS HC3: Report on APT41 TTPs
2019.10.28/SWEED Targeting Precision Engineering Companies in Italy
2019.10.31/Calypso APT
2019.11.04/Higaisa APT
2019.11.05/The Lazarus’ gaze to the world: What is behind the first stone?
2019.11.05/DarkUniverse – the mysterious APT framework #27
2019.11.08/Titanium: the Platinum group strikes again
2019.11.1/Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium
2019.11.12/TA-505 Cybercrime on System Integrator Companies
2019.11.13/More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
2019.11.20/APT-C-34
2019.11.21/Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon
2019.11.25/Studying Donot Team
2019.11.26/Insights from one year of tracking a polymorphic threat | Dexpot
2019.11.28/RevengeHotels: cybercrime targeting hotel front desks worldwide
2019.11.29/Operation ENDTRADE: TICK’s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data
2019.12.03/Threat Actor Targeting Hong Kong Pro-Democracy Figures
2019.12.04/Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
2019.12.06/Cosmic Banker campaign is still active revealing link with Banload malware
2019.12.10/TRICKBOT PROJECT “ANCHOR:” WINDOW INTO SOPHISTICATED OPERATION
2019.12.11/Waterbear is Back, Uses API Hooking to Evade Security Product Detection
2019.12.12/Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry
2019.12.16/MyKings: The Slow But Steady Growth of a Relentless Botnet
2019.12.17/Dacls, the Dual platform RAT
2019.12.19/Operation Wacao: Shining a light on one of China’s hidden hacking groups
2019.12.26/Targeting Portugal: A new trojan ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax
2019.12.29/BRONZE PRESIDENT Targets NGOs

APT Activity: 2020

2020.01.01/The Phantom Wandering in China and Pakistan - The SideWinder APT Targets Pakistan's recent activities and a summary of the organization's activities in 2019
2020.01.06/First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
2020.01.07/Destructive Attack “DUSTMAN”
2020.01.07/Iranian Cyber Response to Death of IRGC Head Would Likely Use Reported TTPs and Previous Access
2020.01.08/Operation AppleJeus Sequel
2020.01.09/North American Electric Cyber Threat Perspective January 2020
2020.01.13/APT27 ZxShell RootKit module updates
2020.01.13/Reviving MuddyC3 Used by MuddyWater (IRAN) APT
2020.01.16/JhoneRAT: Cloud based python RAT targeting Middle Eastern countries
2020.01.31/Winnti Group targeting universities in Hong Kong
2020.01.xx/ZeroCleare
2020.02.03/Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations
2020.02.10/Outlaw Updates Kit to Kill Older Miner Versions, Targets More Systems
2020.02.13/New Cyber Espionage Campaigns Targeting Palestinians - Part 2: The Discovery of the New, Mysterious Pierogi Backdoor
2020.02.17/Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign
2020.02.17/CLAMBLING - A New Backdoor Base On Dropbox (EN)
2020.02.17/Fox Kitten Campaign Widespread Iranian Espionage-Offensive Campaign
2020.02.18/Uncovering DRBControl Inside the Cyberespionage Campaign Targeting Gambling Operations
2020.02.19/The Lazarus Constellation A study on North Korean malware
2020.02.21/MyKings Botnet Analysis Report
2020.02.22/Weaponizing a Lazarus Group Implant
2020.02.25/Cloud Snooper attack bypasses firewall security measures
2020.02.28/Who will be the next silent lamb? - Nuo Chong Lions APT organization revealed
2020.03.02/APT34 (aka OilRig, aka Helix Kitten) attacks Lebanon government entities with MailDropper implants
2020.03.03/The North Korean Kimsuky APT keeps threatening South Korea evolving its TTPs
2020.03.05/Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks
2020.03.05/Guildma: The Devil drives electric
2020.03.10/njRat: Indicators of Compromise
2020.03.10/Who's Hacking the Hackers: No Honor Among Thieves
2020.03.10/Threat Alert Hacking the Hackers
2020.03.11/Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan
2020.03.12/Tracking Turla: New backdoor delivered via Armenian watering holes
2020.03.12/The deadly stinger to Palestine - the two-tailed scorpion APT group's attack activities Analysis and Summary
2020.03.12/Vicious Panda: The COVID Campaign
2020.03.15/APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT
2020.03.19/Pawn Storm in 2019 A Year of Scanning and Credential Phishing on High-Profile Targets
2020.03.24/Operation Poisoned News: Hong Kong Users Targeted With Mobile Malware via Local News Links
2020.03.24/WildPressure targets industrial-related entities in the Middle East
2020.03.25/This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
2020.03.26/iOS exploit chain deploys LightSpy feature-rich malware
2020.03.30/The 'Spy Cloud' Operation- Geumseong121 group carries out the APT attack disguising the evidence of North Korean defection
2020.04.07/APTs and COVID-19- How advanced persistent threats use the coronavirus as a lure
2020.04.07/Decade of the RATs: Cross-Platform APT Espionage Attacks Targeting Linux, Windows and Android
2020.04.07/New Ursnif Campaign: A Shift from PowerShell to Mshta
2020.04.15/APT Group Chimera - APT Operation Skeleton Key Targets Taiwan Semiconductor Vendors
2020.04.15/Nation-state Mobile Malware Targets Syrians with COVID-19 Lures
2020.04.16/Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems
2020.04.16/White Ops | Inside the Largest Connected TV Botnet Attack
2020.04.16/APT Group Chimera - APT Operation Skeleton Key Targets Taiwan Semiconductor Vendors
2020.04.17/Gamaredon APT Group Use Covid-19 Lure in Campaigns
2020.04.20/WINNTI GROUP: Insights From the Past
2020.04.21/Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant
2020.04.24/A new method of targeted attack is revealed. Evil diagnostic tool "Posh C2" Explain the flow of attacks to use
2020.04.28/Grandoreiro: How engorged can an EXE get?
2020.04.28/Outlaw is Back, a New Crypto-Botnet Targets European Organizations
2020.04.29/Chinese Influence Operations Evolve in Campaigns Targeting Taiwanese Elections, Hong Kong Protests
2020.05.05/Nazar: Spirits of the Past
2020.05.06/Leery Turtle Threat Report
2020.05.06/Phantom in the Command Shell
2020.05.07/Introducing Blue Mockingbird
2020.05.07/Naikon APT: Cyber Espionage Reloaded
2020.05.11/JsOutProx RAT: Attack on Indian Government, Financial Institutions
2020.05.11/Updated BackConfig Malware Targeting Government and Military Organizations in South Asia
2020.05.12/Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments
2020.05.13/Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks
2020.05.14/APT Group Planted Backdoors Targeting High Profile Networks in Central Asia
2020.05.14/COMpfun authors spoof visa application with HTTP statusbased Trojan
2020.05.14/Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia
2020.05.14/RATicate: an attacker’s waves of information-stealing malware
2020.05.14/Vendetta-new threat actor from Europe
2020.05.18/APT-C-23: Two-tailed scorpion (APT-C-23) latest campaign targeting the Middle East - 360 Core Security Technology Blog
2020.05.19/Greenbug: Sophisticated Espionage Group Turns Attention to Telecom Providers in South Asia
2020.05.21/The Evolution of APT15’s Codebase 2020
2020.05.21/Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia
2020.05.21/Winnti: No “Game over” for the Winnti Group
2020.05.26/FROM AGENT.BTZ TO COMRAT V4 A ten-year journey
2020.05.28/The zero-day exploits of Operation WizardOpium
2020.05.29/Russian Cyber Attack Campaigns and Actors
2020.06.03/Cycldek: Bridging the (air) gap
2020.06.03/New LNK attack tied to Higaisa APT discovered
2020.06.08/GuLoader? No, CloudEyE
2020.06.08/TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware
2020.06.09/HHS HC3: APT and Cybercriminal Targeting of HCS
2020.06.11/New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa
2020.06.11/Gamaredon group grows its game
2020.06.15/India: Human Rights Defenders Targeted by a Coordinated Spyware Operation
2020.06.16/Cobalt: tactics and tools update
2020.06.17/AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations
2020.06.17/Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature
2020.06.17/OPERATION IN(TER)CEPTION: TARGETED ATTACKS AGAINST EUROPEAN AEROSPACE AND MILITARY COMPANIES
2020.06.18/INVISIMOLE: THE HIDDEN PART OF THE STORY UNEARTHING INVISIMOLE’S ESPIONAGE TOOLSET AND STRATEGIC COOPERATIONS
2020.06.19/Targeted Attack Leverages India-China Border Dispute
2020.06.23/WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
2020.06.24/BRONZE VINEWOOD Targets Supply Chains
2020.06.25/A close look at the advanced techniques used in a Malaysianfocused APT campaign
2020.06.26/WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations
2020.06.29/PROMETHIUM extends global reach with StrongPity3 APT
2020.06.30/StrongPity APT - Revealing Trojanized Tools, Working Hours and Infrastructure
2020.07.01/Mobile APT Surveillance Campaigns Targeting Uyghurs
2020.07.06/North Korean hackers are skimming US and European shoppers
2020.07.08/Copy cat of APT Sidewinder?
2020.07.08/TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware
2020.07.08/Operation ‘Honey Trap’: APT36 Targets Defense Organizations in India
2020.07.09/Cosmic Lynx: The Rise of Russian BEC
2020.07.12/Snakes come from the dark - SideWinder APT Organization First Half of 2020 Annual activity summary report
2020.07.14/Welcome Chat as a secure messaging app? Nothing could be further from the truth
2020.07.14/Turla / Venomous Bear updates its arsenal: “NewPass” appears on the APT threat scene
2020.07.15/THE FAKE CISCO: Hunting for backdoors in Counterfeit Cisco devices
2020.07.16/Advisory: APT29 targets COVID-19 vaccine development
2020.07.17/THE MALWARE DRIDEX: ORIGINS AND USES
2020.07.20/Study of the APT attacks on state institutions in Kazakhstan and Kyrgyzstan
2020.07.22/OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory
2020.07.22/MATA: Multi-platform targeted malware framework
2020.07.28/GROUP−IB EXPOSES FINANCIAL CRIME NETWORK OF ONLINE PIRATES IN DEVELOPING COUNTRIES
2020.07.29/Operation (노스 스타) North Star A Job Offer That’s Too Good to be True?
2020.08.03/MAR-10292089-1.v2 – Chinese Remote Access Trojan: TAIDOOR
2020.08.10/Gorgon APT targeting MSME sector in India
2020.08.12/Internet Explorer and Windows zero-day exploits used in Operation PowerFall
2020.08.13/CactusPete APT group’s updated Bisonal backdoor
2020.08.13/Operation ‘Dream Job’ Widespread North Korean Espionage Campaign
2020.08.18/LAZARUS GROUP CAMPAIGN TARGETING THE CRYPTOCURRENCY VERTICAL
2020.08.20/More Evidence of APT Hackers-for-Hire Used for Industrial Espionage
2020.08.20/DEVELOPMENT OF THE ACTIVITY OF THE TA505 CYBERCRIMINAL GROUP
2020.08.24/Lifting the veil on DeathStalker, a mercenary triumvirate
2020.08.27/The Kittens Are Back in Town 3 Charming Kitten Campaign Evolved and Deploying Spear-Phishing link by WhatsApp
2020.08.28/Transparent Tribe: Evolution analysis,part 2
2020.09.01/Chinese APT TA413 Resumes Targeting of Tibet Following COVID-19 Themed Economic Espionage Campaign Delivering Sepulcher Malware Targeting Europe
2020.09.03/Evilnum IOCs: Indicators of Compromise
2020.09.03/No Rest for the Wicked: Evilnum Unleashes PyVil RAT
2020.09.08/TeamTNT activity targets Weave Scope deployments
2020.09.11/The art and science of detecting Cobalt Strike
2020.09.16/Partners in crime: North Koreans and elite Russianspeaking cybercriminals
2020.09.17/Operation Tibbar: A retaliatory targeted attack from the South Asian APT group "Mo Luo Shu"
2020.09.18/U.S. Justice Department Charges APT41 Hackers over Global Cyberattacks
2020.09.21/The art and science of detecting Cobalt Strike
2020.09.22/APT28 Delivers Zebrocy Malware Campaign using NATO Theme as Lure
2020.09.23/Operation SideCopy: An insight into Transparent Tribe’s sub-division which has been incorrectly attributed for years
2020.09.24/Microsoft Security—detecting empires in the cloud
2020.09.25/APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries — HpReact campaign
2020.09.25/German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed
2020.09.29/Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors
2020.09.29/ShadowPad: new activity from the Winnti group
2020.09.30/APT-C-23 group evolves its Android spyware
2020.10.05/MosaicRegressor: Lurking in the Shadows of UEFI
2020.10.06/Release the Kraken: Fileless APT attack abuses Windows Error Reporting service
2020.10.07/BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps
2020.10.13/Blood Madder: A never-ending Chinese intelligence gathering activity
2020.10.14/Silent Librarian APT right on schedule for 20/21 academic year
2020.10.15/Operation Quicksand MuddyWater’s Offensive Attack Against Israeli Organizations
2020.10.19/Operation Earth Kitsune: Tracking SLUB’s Current Operation
2020.10.22/Analysis of the attack activities of the Manlinghua APT organization using malicious CHM documents against domestic research institutions
2020.10.23/North African Fox (APT-C-44) Attack Activity Revealed
2020.10.26/Study of the ShadowPad APT backdoor and its relation to PlugX
2020.10.27/North Korean Advanced Persistent Threat Focus: Kimsuky
2020.11.01/A look into APT36's (Transparent Tribe) tradecraft
2020.11.02/Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945
2020.11.04/A new APT uses DLL side-loads to “KilllSomeOne”
2020.11.06/OceanLotus: Extending Cyber Espionage Operations Through Fake Websites
2020.11.10/New APT32 Malware Campaign Targets Cambodian Government
2020.11.12/The CostaRicto Campaign: Cyber-Espionage Outsourced
2020.11.12/CRAT wants to plunder your endpoints
2020.11.12/THREAT PROFILE JUPYTER INFOSTEALER
2020.11.12/Hungry for data, ModPipe backdoor hits POS software used in hospitality sector
2020.11.16/Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions
2020.11.16/TA505: A Brief History Of Their Time
2020.11.17/Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign
2020.11.18/TTPs 2 Analysis of the Bookcodes RAT C2 framework starting with spear phishing
2020.11.19/Cybereason vs. MedusaLocker Ransomware
2020.11.23/[S2W LAB] Analysis of Clop Ransomware suspiciously related to the Recent Incident
2020.11.26/Bandook: Signed & Delivered
2020.11.27/Investigation with a twist: an accidental APT attack and averted data destruction
2020.11.30/Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them
2020.11.30/Shadows From the Past Threaten Italian Enterprises
2020.12.01/Advanced Persistent Threat Actors Targeting U.S. Think Tanks
2020.12.01/Operation Red Kangaroo
2020.12.02/Turla Crutch: Keeping the “back door” open
2020.12.03/Adversary Tracking Report: When a false flag doesn’t work: Exploring the digital-crime underground at campaign preparation stage
2020.12.07/The footprints of Raccoon: a story about operators of JS-sniffer FakeSecurity distributing Raccoon stealer
2020.12.09/SideWinder Uses South Asian Issues for Spear Phishing, Mobile Attacks
2020.12.13/Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
2020.12.15/Wang Thorn Group (APT-C-47) Disclosure of Attack Activities Using ClickOnce Technology
2020.12.15/Greetings from Lazarus Anatomy of a cyber espionage campaign
2020.12.16/Mapping out AridViper Infrastructure Using Augury’s Malware Module
2020.12.17/Operation SignSight: Supply-chain attack against a certification authority in Southeast Asia
2020.12.17/Pay2Kitten Pay2Key Ransomware – A New Campaign by Fox Kitten
2020.12.19/[RE018-1] Analyzing new malware of China Panda hacker group used to attack supply chain against Vietnam Government Certification Authority - Part 1
2020.12.22/Collaboration between FIN7 and the RYUK group, a Truesec Investigation
2020.12.23/Lazarus covets COVID-19-related intelligence
2020.12.29/Revenge RAT targeting users in South America
2020.12.30/SolarWinds Attribution: Are We Getting Ahead of Ourselves?

APT Activity: 2021

2021.01.04/APT 27 Turns to Ransomware
2021.01.04/Stopping Serial Killer: Catching the Next Strike
2021.01.04/Royal Road ReDive
2021.01.05/Earth Wendigo Injects JavaScript Backdoor for Mailbox Exfiltration
2021.01.05/ReconHellcat Uses NIST Theme as Lure To Deliver New BlackSoul Malware
2021.01.06/Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat
2021.01.06/A Deep Dive into Lokibot Infection Chain
2021.01.07/Brunhilda DaaS Malware Analysis Report
2021.01.08/Charming Kitten’s Christmas Gift
2021.01.11/Sunburst backdoor – code overlaps with Kazuar
2021.01.11/Crowdstrike: Sunspot Technical Analysis
2021.01.11/xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement
2021.01.12/Chimera: Abusing cloud services to fly under the radar
2021.01.12/Operation Spalax: Targeted malware attacks in Colombia
2021.01.12/Opening “STEELCORGI”: A Sophisticated APT Swiss Army Knife
2021.01.14/Higaisa or Winnti? APT41 backdoors, old and new
2021.01.20/Commonly Known Tools Used by Lazarus
2021.01.20/A Deep Dive Into Patchwork APT Group
2021.01.28/“Lebanese Cedar” APT Global Lebanese Espionage Campaign Leveraging Web Servers
2021.01.31/A41APT Case: Analysis of the Stealth APT Campaign Threatening Japan
2021.02.01/Operation NightScout: Supply‑chain attack targets online gaming in Asia
2021.02.02/A WILD KOBALOS APPEARS: Tricksy Linux malware goes after HPCs
2021.02.03/Hildegard: New TeamTNT Malware Targeng Kubernetes
2021.02.08/Domestic Kitten – An Inside Look at the Iranian Surveillance Operations
2021.02.09/BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech
2021.02.10/Lookout Discovers Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict
2021.02.17/Confucius APT Android Spyware Targets Pakistani and Other South Asian Regions
2021.02.22/The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day
2021.02.24/Click and Bait: Vietnamese Human Rights Defenders Targeted with Spyware Attacks
2021.02.24/LazyScripter: From Empire to double RAT
2021.02.25/APT10: Tracking down the stealth activity of the A41APT campaign
2021.02.25/Lazarus targets defense industry with ThreatNeedle
2021.02.25/TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations
2021.02.28/China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions
2021.03.02/HAFNIUM targeting Exchange Servers with 0-day exploits
2021.03.02/Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities
2021.03.10/FIN8 Returns with Improved BADHATCH Toolkit
2021.03.10/New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor
2021.03.11/Academics, AI, and APTs: How Six Advanced Persistent Threat-Connected Chinese Universities are Advancing AI Research
2021.03.30/APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign
2021.03.30/BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns
2021.04.07/Sowing Discord: Reaping the benefits of collaboration app abuse
2021.04.08/Iran’s APT34 Returns with an Updated Arsenal
2021.04.08/(Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor
2021.04.09/Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware
2021.04.13/Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild
2021.04.13/Hackers Flood the Web with 100,000 Malicious Pages, Promising Professionals Free Business Forms, But Delivering Malware, Reports eSentire
2021.04.19/A Deep Dive into Zebrocy’s Dropper Docs
2021.04.19/Lazarus APT conceals malicious code within BMP image to drop its RAT
2021.04.20/Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day
2021.04.23/APT35 ‘Charming Kitten' discovered in a pre-infected environment
2021.04.23/NAIKON – Traces from a Military Cyber-Espionage Operation
2021.04.27/Lazarus Group Recruitment: Threat Hunters vs Head Hunters
2021.04.28/Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity
2021.05.06/Operation TunnelSnake
2021.05.07/Further TTPs associated with SVR cyber actors
2021.05.07/Revealing the Snip3 Crypter, a Highly Evasive RAT Loader (TA2541)
2021.05.13/Transparent Tribe APT expands its Windows malware arsenal
2021.05.25/FROM WIPER TO RANSOMWARE: THE EVOLUTION OF AGRIUS
2021.05.27/New sophisticated email-based attack from NOBELIUM
2021.05.28/Breaking down NOBELIUM’s latest early-stage toolset
2021.06.02/Cyber Threat Advisory: NOBELIUM Campaigns and Malware
2021.06.03/SharpPanda: Chinese APT Group Targets Southeast Asian Government With Previously Unknown Backdoor
2021.06.08/PuzzleMaker attacks with Chrome zero-day exploit chain
2021.06.10/Big airline heist - APT41 likely behind massive supply chain attack
2021.06.16/Ferocious Kitten: 6 years of covert surveillance in Iran
2021.06.16/Threat Activity Group RedFoxtrot Linked to China’s PLA Unit 69010; Targets Bordering Asian Countries
2021.06.24/Operation Eagle Eye
2021.07.01/IndigoZebra APT continues to attack Central Asia with evolving tools
2021.07.05/Tracking Cobalt Strike: A Trend Micro Vision One Investigation
2021.07.06/Lazarus campaign TTPs and evolution
2021.07.07/InSideCopy: How this APT continues to evolve its arsenal
2021.07.19/Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department
2021.07.20/Tracking the Activities of TeamTNT A Closer Look at a Cloud-Focused Malicious Actor Group
2021.07.27/THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group
2021.07.27/Deep dive into a FIN8 attack – A forensic investigation
2021.07.28/I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona
2021.08.02/TG1021: “Praying Mantis” DISSECTING AN ADVANCED MEMORY-RESIDENT ATTACK
2021.08.03/The Art of Cyberwarfare
2021.08.03/DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos
2021.08.03/APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere
2021.08.10/UNC215: Spotlight on a Chinese Espionage Campaign in Israel
2021.08.12/Uncovering Tetris – a Full Surveillance Kit Running in your Browser
2021.08.14/Indra — Hackers Behind Recent Attacks on Iran
2021.08.17/North Korean APT InkySquid Infects Victims Using Browser Exploits
2021.08.17/New Iranian Espionage Campaign By “Siamesekitten”
2021.08.19/SHADOWPAD: A MASTERPIECE OF PRIVATELY SOLD MALWARE IN CHINESE ESPIONAGE
2021.08.25/FIN8 Threat Actor Goes Agile with New Sardonic Backdoor
2021.09.08/Pro-PRC Influence Campaign Expands to Dozens of Social Media Platforms, Websites, and Forums in at Least Seven Languages, Attempted to Physically Mobilize Protesters in the U.S.
2021.09.09/Dark Covenant: Connections Between the Russian State and Criminal Actors
2021.09.13/APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs
2021.09.16/Operation Layover: How we tracked an attack on the aviation industry to five years of compromise (TA2541)
2021.09.23/FamousSparrow: A suspicious hotel guest
2021.09.27/FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
2021.09.28/FinSpy: unseen findings
2021.09.28/PwC: Learning to ChaCha with APT41
2021.09.30/GhostEmperor’s infection chain and postexploitation toolset: technical details
2021.10.04/Malware Gh0stTimes Used by BlackTech
2021.10.05/UEFI threats moving to the ESP: Introducing ESPecter bootkit
2021.10.06/Operation GhostShell: Novel RAT Targets Global Aerospace and Telecoms Firms
2021.10.11/FontOnLake: Previously unknown malware family targeting Linux
2021.10.12/MysterySnail attacks with Windows zero-day
2021.10.14/MirrorBlast Campaign Targets Financial Companies
2021.10.18/Harvester - Nation-state-backed group targets victims in South Asia
2021.10.19/A Roaming Threat to Telecommunications Companies
2021.10.19/PurpleFox Adds New Backdoor That Uses WebSockets
2021.10.19/TA505 Ramps Up Activity, Delivers New FlawedGrace Variant
2021.10.20/VNC Malware (TinyNuke, TightVNC) Used by Kimsuky Group
2021.10.20/Digitally-Signed Rootkits are Back – A Look at FiveSys and Companions
2021.10.26/Malware WinDealer used by LuoYu Attack Group.
2021.10.26/SQUIRRELWAFFLE Leverages malspam to deliver Qakbot Cobalt Strike
2021.10.27/WsLink: Unique and undocumented malicious loader thatruns as a server
2021.10.27/TA2722: New Threat Actor Spoofs Philippine Government, COVID19 Health Data in Widespread RAT Campaigns
2021.10.28/HelloKitty: Tactics, Techniques, and Indicators of Compromise Associated with Hello Kitty/FiveHands Ransomware
2021.10.28/AbstractEmu:Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign
2021.11.02/APT-C-59
2021.11.03/Dissecting new AppleSeed backdoor of Kimsuky threat actor
2021.11.04/SSU: Gamaredon - FSB RF cyber attacks against Ukraine
2021.11.05/Hunter Becomes Hunted: Zebra2104 Hides a Herd of Malware
2021.11.07/Targeted Attack Campaign Against ManageEngine
2021.11.07/IronTiger APT campaign: New HyperBro and SysUpdate samples
2021.11.08/DEV-0322: Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus
2021.11.10/Lazarus Group trojanized IDA Pro Installer
2021.11.10/Lazarus Group - NukeSped
2021.11.10/Void Balaur Tracking a Cybermercenary’s Activities
2021.11.15/Kimsuky: Operation Light Shell
2021.11.17/Alert (AA21-321A) Iranian Government-Sponsored APT Cyber Actors
2021.11.18/Triple Threat: North Korea-Aligned TA406 Steals, Scams and Spies
2021.11.22/Tardigrade: APT Attack on the Bioeconomy
2021.11.23/Android APT spyware, targeting Middle East victims, enhances evasiveness
2021.11.24/APT-38 / Lazarus; JPCERT: Anatomy of COBRA
2021.11.25/A Deep Dive Into SoWaT: APT31’s Multifunctional Router Implant
2021.11.29/WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019
2021.11.29/ScarCruft surveilling North Korean defectors and human rights activists
2021.11.30/EwDoor Botnet Is Attacking AT&T Customers
2021.12.01/Injection is the New Black: Novel RTF Template Inject
2021.12.01/Tracking a P2P network related to TA505
2021.12.01/Jumping the Air Gap: 15 years of Nation-state effort
2021.12.02/SideCopy APT: Connecting lures to victims, payloads to infrastructure
2021.12.03/ESTABLISHING THE TIGERRAT AND TIGERDOWNLOADER MALWARE FAMILIES
2021.12.04/APT-C-23 aka Arid Viper: Cyber Espionage in the Palestine region
2021.12.06/APT37 Using a New Android Spyware, Chinotto
2021.12.06/Phishing Campaigns By The Nobelium Intrusion Set
2021.12.07/FIN13: A Cybercriminal Threat Actor Focused on Mexico
2021.12.07/TeamTNT stealing credentials using EC2 Instance Metadata
2021.12.08/A deep dive into the latest obfuscation methods being used by ShadowPad
2021.12.09/A new StrongPity variant hides behind Notepad++ installation
2021.12.13/APT-C-61: Malspam against Navy Pakistan
2021.12.13/Kimsuky: malicious Excel documents targeting cryptocurrencies
2021.12.14/DarkWatchman: A new evolution in fileless techniques
2021.12.14/Tropic Trooper (APT23) targets Transportation and Government
2021.12.14/DoNot targeting Bangladesh with with an Android infostealer
2021.12.15/CERT-FR: APT31 Intrusion set campaign: description, countermeasures and code
2021.12.15/NCSC: Jolly Jellyfish - Non-persistent downloader for shellcode embedded in image files
2021.12.16/Lazarus: PseudoManuscrypt - a mass-scale spyware attack campaign
2021.12.16/New DarkHotel APT attack chain identified
2021.12.16/Avast finds Backdoor on US Government Commission Network
2021.12.17/DSIRF: Uncovering the government spyware "Subzero"
2021.12.17/Serverless infostealer delivered in Eastern European countries
2021.12.17/FBI Flash: APT Actors Exploiting Newly-Identified Zero Day in ManageEngine Desktop Central
2021.12.23/Evilnum aka DeathStalker APT
2021.12.27/A Deep Dive into DoubleFeature, Equation Group’s Post-Exploitation Dashboard
2021.12.28/Flagpro: The new malware used by BlackTech
2021.12.29/Implant.ARM.iLOBleed.a - The first rootkit discovered infecting HP iLO firmware
2021.12.29/AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt
2021.12.30/Kimsuky aka Thallium APT (Backdoors, Infostealers, RATs etc.)
2021.12.31/APT28 aka FancyBear - SkinnyBoy Backdoor + TTP Cheat Sheet

APT Activity: 2022

2022.01.03/North Korean Group “KONNI” Targets the Russian Diplomatic Sector with new Versions of Malware Implants
2022.01.05/Elephant Beetle: Uncovering an Organized Financial-Theft Operation
2022.01.05/The Evolution of Doppel Spider from BitPaymer to Grief Ransomware
2022.01.06/NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies
2022.01.07/Patchwork APT caught in its own web
2022.01.27/LuoYu: Continuous Espionage Activities Targeting Japan with the new version of WinDealer in 2021
2022.01.11/APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit
2022.01.11/CISA: Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure
2022.01.12/OceanLotus (APT32) hackers turn to web archive files to deploy backdoors
2022.01.12/Iranian intel cyber suite of malware uses open source tools (MuddyWater)
2022.01.13/The BlueNoroff cryptocurrency hunt is still on
2022.01.13/FIN7 Uses Flash Drives to Spread Remote Access Trojan
2022.01.13/North Korean Hackers Have Prolific Year
2022.01.15/Destructive malware targeting Ukrainian organizations
2022.01.17/Earth Lusca Employs Sophisticated Infrastructure, Varied Tools and Techniques
2022.01.17/Tracking A Renewable Energy Intelligence Gathering Campaign
2022.01.18/Knownsec: Annual APT Group Threat Research Report (Chinese)
2022.01.18/DoNot Go! Do not respawn!
2022.01.20/APT41 - MoonBounce: the dark side of UEFI firmware
2022.01.20/Turla Microsoft Outlook Backdoor
2022.01.20/FBI Flash report on the connection between Diavol and the TrickBot Group
2022.01.20/New espionage attack by Molerats APT targeting users in the Middle East
2022.01.24/Investigating APT36’s Attack Chain and Malware Arsenal
2022.01.24/TrickBot Bolsters Layered Defenses to Prevent Injection Research
2022.01.25/Watering hole deploys new macOS malware, DazzleSpy, in Asia
2022.01.25/Prime Minister’s Office Compromised: Details of Recent Espionage Campaign
2022.01.26/German govt warns of APT27 hackers backdooring business networks
2022.01.26/Kimsuky - KONNI evolves into stealthier RAT
2022.01.26/Prophet Spider is exploiting Log4J in VMware Horizon
2022.01.27/Cozy Bear (APT29) - Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign
2022.01.27/North Korea’s Lazarus APT (APT38) leverages Windows Update client, GitHub in latest campaign
2022.01.27/LuoYu: Continuous Espionage Activities Targeting Japan with the new version of WinDealer in 2021
2022.01.27/The current state of Earth Hundun's (BlackTech) arsenal
2022.01.27/Malsmoke
2022.01.27/The Chaotic A41APT Campaign
2022.01.27/The link between Kwampirs (Orangeworm) and Shamoon APTs
2022.01.27/White Tur - Threat actor of in-Tur-est
2022.01.28/Indian Army Personnel Face Remote Access Trojan Attacks
2022.01.31/Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables
2022.01.31/Gamaredon (Shuckworm) Continues Cyber-Espionage Attacks Against Ukraine
2022.01.31/CERT-UA: Outsteel Stealer and SaintBot Loader targeting government institutions
2022.02.01/StrifeWater RAT: Iranian APT Moses Staff adds new Trojan to Ransomware Operations
2022.02.01/PowerLess Trojan: Iranian APT Phosphorus adds new PowerShell Backdoor for Espionage
2022.02.02/Arid Viper APT targets Palestine with new wave of politically themed phishing attacks, malware
2022.02.02/White Rabbit Continued: Sardonic (FIN8) and F5
2022.02.03/Analysis of Attack Against National Games of China Systems
2022.02.03/Antlion: Chinese APT (APT23) uses custom Backdoor to target Financial Institutions in Taiwan
2022.02.03/Russia’s Gamaredon APT Group Actively Targeting Ukraine
2022.02.04/ACTINIUM targets Ukrainian organizations
2022.02.04/Cyberattack on News Corp, Believed Linked to China, Targeted Emails of Journalists, Others
2022.02.04/Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation
2022.02.08/Molerats targeting Middle Eastern governments
2022.02.08/Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed
2022.02.09/ModifiedElephant APT and a Decade of Fabricating Evidence
2022.02.10/Shared VBA code between Transparent Tribe, Sidewinder, Donot, Operation Hangover, SDUser
2022.02.10/GlowSpark: Maldocs targeting Ukraine
2022.02.11/APT 36 Targeting Indian Government Officials via Spyware
2022.02.14/Insights into an Emissary Panda (APT 27) attack
2022.02.15/TA2541 targeting the aviation, aerospace, transportation, and defense industries with RATs
2022.02.15/ShadowPad linked to MSS and PLA
2022.02.15/Moses Staff Campaigns Against Israeli Organizations Span Several Months
2022.02.16/APT Group Lorec53 (Lori Bear) recently launched a large-scale cyber attack on Ukraine
2022.02.17/Iranian-Aligned Threat Actor “TunnelVision” Actively Exploiting VMware Horizon (Phosphorous, Charming Kitten)
2022.02.18/EvilPlayout: Attack Against Iran’s State Broadcaster
2022.02.18/PseudoManuscrypt being distributed in the same method as Cryptbot
2022.02.20/Technical Analysis of the DDoS Attacks against Ukrainian Websites
2022.02.21/CERT-UA: Group Activity Information UAC-0008 (Buhtrap)
2022.02.21/APT10: Operation Cache Panda supply chain attack against Taiwan's financial industry
2022.02.22/APT Attack Attempts Disguised as North Korea Related Paper Requirements (Kimsuky)
2022.02.23/Dridex bots deliver Entropy ransomware in recent attacks
2022.02.23/UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware
2022.02.23/HermeticWiper: New Destructive Malware Used In Cyber Attacks on Ukraine
2022.02.23/New Golang-based ransomware targeting Ukraine
2022.02.23/New Sandworm malware Cyclops Blink replaces VPNFilter
2022.02.24/CISA AA22-055A: MuddyWater conduct Cyber Operations against Global Government and Commercial Networks
2022.02.24/UNC3313/MuddyWater: Telegram malware spotted in latest Iranian Cyber Espionage Activity
2022.02.24/TiltedTemple: SockDetour backdoor targets U.S. Defense Contractors
2022.02.25/Technical Analysis of PartyTicket Ransomware
2022.02.25/UAC-0056: Spear phishing attacks target organizations in Ukraine with OutSteel and SaintBot
2022.02.25/The Hunt for the Lost Soul: Unraveling the Evolution of the SoulSearcher Malware
2022.02.28/Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks
2022.03.01/Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
2022.03.01/IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
2022.03.07/Cyber ​​attack of the UAC-0051 group (unc1151) on state organizations of Ukraine using the malicious program MicroBackdoor
2022.03.07/TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates
2022.03.07/Google TAG: FancyBear, Ghostwriter, Mustang Panda
2022.03.07/Prophet Spider exploits Citrix ShareFile RCE Vulnerability
2022.03.07/PHOREAL Malware Targets the Southeast Asian Financial Sector
2022.03.08/A Summary of APT41 Targeting U.S. State Governments
2022.03.08/New RURansom Wiper Targets Russia
2022.03.09/Sockbot in GoLand - Linking APT Actors with Ransomware gangs
2022.03.10/Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
2022.03.11/UAC-0056: Cyberattack on the state organs of Ukraine with the help of Cobalt Strike Beacons
2022.03.15/Wizard Spider phishing for Naver accounts
2022.03.15/UAC-0056 targeting Ukraine with fake Translation Software
2022.03.15/CISA Alert (AA22-074A): Russian State-Sponsored Cyber Actors gain network access by exploiting MFA and PrintNightmare
2022.03.16/An Overview of UNC2891
2022.03.16/DirtyMoe: Worming Modules
2022.03.17/Cyclops Blink Sets Sights on Asus Routers
2022.03.17/Exposing initial access broker with ties to Conti
2022.03.17/Suspected DarkHotel APT activity update
2022.03.18/Ghostwriter in the Shell: Expanding on Mandiant’s Attribution of UNC1151 to Belarus
2022.03.18/CISA Alert (AA22-076A): Strengthening Cybersecurity of SATCOM Network Providers and Customers
2022.03.21/Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain
2022.03.21/APT35 Automates Initial Access Using ProxyShell
2022.03.21/Arid Gopher: Newest Micropsia Malware variant
2022.03.22/Cyberattack on Ukrainian enterprises using the DoubleZero destructor program (CERT-UA # 4243)
2022.03.22/APT Attack Being Distributed as Windows Help File
2022.03.22/Operation Dragon Castling: APT group targeting betting companies
2022.03.22/Storm Cloud on the Horizon: GIMMICK Malware Strikes at macOS
2022.03.22/UAC-0026 Cyber ​​Attack Using HeaderTip Malware (CERT-UA # 4244)
2022.03.23/Mustang Panda’s Hodur: Old tricks, new Korplug variant
2022.03.23/Cyberattack on state organizations of Ukraine using Cobalt Strike Beacons (CERT-UA # 4227)
2022.03.23/Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations
2022.03.23/FIN7: New JSSLoader Trojan Delivered Through XLL Files
2022.03.24/Chinese Threat Actor Scarab Targeting Ukraine
2022.03.24/North Korean Threat Actors exploiting the Chrome 0-day CVE-2022-0609
2022.03.28/Under the hood of Wslink’s multilayered virtual machine
2022.03.28/Cyberattack on state bodies of Ukraine using PseudoSteel (CERT-UA # 4299)
2022.03.28/Compromised Philippine Navy Certificate Used in Remote Access Tool
2022.03.28/UAC-0056 cyberattack on Ukrainian authorities using GraphSteel and GrimPlant malware (CERT-UA # 4293)
2022.03.29/NomadPanda aka RedFoxtrot leveraging a new variant of PlugX named Talisman
2022.03.29/Transparent Tribe campaign uses new bespoke malware to target Indian government officials
2022.03.29/APT attack disguised as North Korean defector resume
2022.03.30/Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits
2022.03.30/Cloud Atlas Maldoc
2022.03.30/VajraEleph (APT-Q-43) - Cyber espionage against Pakistani military personnel
2022.03.30/Mass spread of MarsStealer among citizens of Ukraine and domestic organizations (CERT-UA # 4315)
2022.03.31/VIASAT incident: from speculation to technical details.
2022.03.31/AcidRain: A Modem Wiper rains down on Europe
2022.03.31/Lazarus Trojanized DeFi app for delivering malware
2022.04.04/FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7
2022.04.04/Cyber ​​attack of UAC-0010 (Armageddon) on state organizations of Ukraine (CERT-UA # 4378)
2022.04.04/Cyber ​​attack by UAC-0010 (Armageddon) on state institutions of the European Union (CERT-UA # 4334)
2022.04.05/Cicada (APT10/A41APT): Chinese APT Group Widens Targeting in Recent Espionage Activity
2022.04.06/Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials
2022.04.06/Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group
2022.04.07/Cyber ​​attack by UAC-0010 (Armageddon) on state organizations of Ukraine (CERT-UA # 4434)
2022.04.07/Parrot TDS takes over web servers and threatens millions
2022.04.07/Meta’s Adversarial Threat Report, First Quarter 2022: UNC788
2022.04.11/DPRK-NEXUS adversary targets South-Korean individuals in a new chapter of Operation Kitty Phishing
2022.04.12/Cyberattack by Sandworm Group (UAC-0082) on energy facilities of Ukraine using INDUSTROYER2 and CADDYWIPER (CERT-UA # 4435)
2022.04.12/HAFNIUM: Tarrask malware uses scheduled tasks for defense evasion
2022.04.12/Recent attacks by Bahamut group revealed
2022.04.13/INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems
2022.04.14/Cyberattack on Ukrainian government organizations using XSS exploits for Zimbra Collaboration Suite (CVE-2018-6882) (CERT-UA # 4461)
2022.04.14/Cyberattack on state organizations of Ukraine using the malicious program IcedID (CERT-UA # 4464)
2022.04.14/Russian-speaking ransomware gang OldGremlin resumes attacks in Russia
2022.04.14/Lazarus Targets Chemical Sector
2022.04.14/Flight of the BumbleBee Loader
2022.04.18/Nobelium (APT29) - Israeli Embassy Maldoc
2022.04.18/Cyberattack on state organizations of Ukraine using the topic "Azovstal" and Cobalt Strike (CERT-UA # 4490)
2022.04.18/Alert (AA22-108A) TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
2022.04.20/Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine
2022.04.21/TeamTNT targeting AWS, Alibaba
2022.04.21/The ink-stained trail of GOLDBACKDOOR (APT37)
2022.04.25/New Core Impact Backdoor Delivered Via VMWare Vulnerability (APT35)
2022.04.26/Lazarus distributes trojanized Keepass Installers
2022.04.26/UAC-0056 cyberattack using GraphSteel and GrimPlant malware and COVID-19 (CERT-UA # 4545)
2022.04.26/A "Naver"-ending game of Lazarus APT
2022.04.27/A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity
2022.04.27/The origin story of APT32 macros: The StrikeSuit Gift that keeps giving
2022.04.27/New APT group Earth Berberoka targets Gambling Websites
2022.04.27/Industroyer2: Analysis of the IEC 104 Payload
2022.04.27/Special Report: Ukraine - An overview of Russia’s cyberattack activity in Ukraine
2022.04.27/Assembling the Russian Nesting Doll: UNC2452 Merged into APT29
2022.04.27/A deeper look at hacking groups and malware targeting Ukraine
2022.04.27/Mustang Panda (Bronze President) targets Russian speakers with updated PlugX
2022.04.27/Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets
2022.04.28/Trello From the Other Side: Tracking APT29 Phishing Campaigns
2022.04.28/DDoS attacks on Ukrainian websites using malicious JavaScript code BrownFlood (CERT-UA#4553)
2022.04.29/The Lotus Panda is awake, again. Analysis of its last strike
2022.05.02/Moshen Dragon’s Triad-and-Error Approach
2022.05.03/Solardeflection C2 Infrastructure used by Nobelium in company brand misuse
2022.05.04/"SilentBreak": A new secret stash for “fileless” malware
2022.05.03/The strange link between a destructive malware and a ransomware-gang linked custom loader: IsaacWiper vs Vatet
2022.05.03/Google TAG: Update on cyber activity in Eastern Europe
2022.05.05/Raspberry Robin (QNAPworm) gets the worm early
2022.05.06/APT28: CredoMap_v2 (CERT-UA # 4622)
2022.05.07/BPFDoor — an active Chinese global surveillance tool
2022.05.07/Mass distribution of JesterStealer malware using chemical attack themes (CERT-UA # 4625)
2022.05.09/NukeSpeed: From The DPRK With Love
2022.05.10/APT34 targets Jordan Government using new Saitama backdoor
2022.05.11/Bitter APT adds Bangladesh to their targets
2022.05.12/Network Footprints of Gamaredon Group
2022.05.12/Lazarus distributes trojanized sqlite library
2022.05.12/Cobalt Mirage (APT35) Conducts Ransomware Operations in U.S
2022.05.16/Analysis of HUILoader (APT10, A41APT, Blue Termite)
2022.05.16/Wizard Spider Group In-Depth Analysis
2022.05.16/Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
2022.05.16/Operation Dragon Breath (APT-Q-27) targeting the Gaming Industry
2022.05.17/Space Pirates: analyzing the tools and connections of a new hacker group
2022.05.19/ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups
2022.05.19/Twisted Panda: Chinese APT espionage operation against Russian’s state-owned defense institutes
2022.05.19/HHS HC3: Major Cyber Organizations of the Russian Intelligence Services
2022.05.20/Updated version of ArguePatch loader spotted in the wild
2022.05.20/Mustang Panda continuing their attack activities against organizations in Vietnam
2022.05.24/Unknown APT group has targeted Russia repeatedly since Ukraine invasion
2022.05.31/Operation DarkCasino: In-depth analysis of recent attacks by APT group Evilnum
2022.06.01/Sidewinder.AntiBot.Script: new infrastructure, narrows their reach to Pakistan
2022.06.01/Iranian Threat Actor Continues to Develop Mass Exploitation Tools (APT35/CharmingKitten)
2022.06.02/WinDealer dealing on the side
2022.06.02/Cyber attack on Ukraine using Cobalt Strike Beacon and CVE-2021-40444 and CVE-2022-30190 (CERT-UA # 4753)
2022.06.03/Outbreak of Follina in Australia (APT40)
2022.06.09/Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
2022.06.09/Aoqin Dragon - Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years
2022.06.10/Lyceum .NET DNS Backdoor
2022.06.13/GALLIUM expands targeting across Telecommunications, Government and Finance sectors with PingPull
2022.06.14/Iranian Spear-Phishing Operation Targets Former Israeli and US High-Ranking Officials
2022.06.15/DriftingCloud: Zero-Day Sophos Firewall Exploitation and an Insidious Breach
2022.06.16/Lookout Uncovers Android Spyware Deployed in Kazakhstan
2022.06.17/BRATA (Android) is evolving into an Advanced Persistent Threat
2022.06.21/Russia’s APT28 uses fear of nuclear war to spread Follina docs in Ukraine
2022.06.21/MuddyWater’s “light” first-stager targetting Middle East
2022.06.21/ToddyCat APT
2022.06.22/Chinese actor takes aim, armed with Nim Language and Bizarro AES
2022.06.27/Attacks on industrial control systems using ShadowPad
2022.06.27/Return of the Evilnum APT with updated TTPs and new targets
2022.06.29/US National Security Agency "Acid Fox" technical analysis report
2022.06.30/SessionManager IIS backdoor
2022.07.04/Bitter APT Using ZxxZ Backdoor to Target Pakistan Public Accounts Committee
2022.07.05/Red-teaming tool Brute Ratel C4 being abused by malicious actors
2022.07.05/Bitter APT continues to target Bangladesh
2022.07.07/Russian Organizations Increasingly Under Attack By Chinese APTs
2022.07.12/An Analysis of Infrastructure linked to the Hagga Threat Actor
2022.07.13/UAC-0056 continues to target Ukraine in its latest campaign
2022.07.13/Transparent Tribe begins targeting education sector in latest campaign
2022.07.13/Targeted Attack on Government Agencies of Afghanistan, India, Italy, Poland, and the United States
2022.07.13/Sidewinder APT successfully cyber attacks Pakistan military focused targets
2022.07.13/Confucius: The Angler Hidden Under CloudFlare
2022.07.14/North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware
2022.07.14/Tracing State-Aligned Activity Targeting Journalists, Media
2022.07.19/Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
2022.07.19/I see what you did there: A look at the CloudMensis macOS spyware
2022.07.20/APT41: A Case Sudy
2022.07.20/New Attack Campaign Observed Possibly Linked to Konni/APT37
2022.07.21/The old school hackers behind APT41
2022.07.21/The Return of Candiru: Zero-days in the Middle East
2022.07.21/Attackers target Ukraine using GoMet backdoor
2022.07.21/Buy, Sell, Steal, EvilNum Targets Cryptocurrency, Forex, Commodities
2022.07.22/APT41: Chengdu 404
2022.07.22/An analysis of Charming Kitten’s new tools and OPSEC errors
2022.07.24/Chinese APTs: Interlinked networks and side hustles
2022.07.25/CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
2022.07.26/Cyberattacks of the UAC-0010 (Armageddon) group using the GammaLoad.PS1_v2
2022.07.27/Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
2022.07.28/SharpTongue Deploys Clever Mail-Stealing Browser Extension “SHARPEXT”
2022.07.28/APT trends report Q2 2022
2022.08.01/FIN13 (Elephant Beetle): Viva la Threat! Anatomy of a Fintech Attack
2022.08.02/Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
2022.08.03/Woody RAT: A new feature-rich malware spotted in the wild
2022.08.04/Likely Iranian threat actor conducts politically motivated disruptive activity against Albanian government Orgs
2022.08.04/Meta’s Adversarial Threat Report, Second Quarter 2022 - Bitter and APT 36
2022.08.08/TA428 APT: Targeted attack on industrial enterprises and public institutions
2022.08.09/Andariel deploys DTrack and Maui ransomware
2022.08.10/VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges
2022.08.11/APT-C-35 Gets a New Upgrade
2022.08.12/LuckyMouse uses a backdoored Electron app to target MacOS
2022.08.15/Disrupting SEABORGIUM’s ongoing phishing operations
2022.08.15/Shuckworm: Russia-Linked Group Maintains Ukraine Focus
2022.08.16/Operation In(ter)ception: Lazarus Group targeting Mac users
2022.08.16/RedAlpha Conducts Multi-Year Credential Theft Campaign Targeting Global Humanitarian, Think Tank, and Government Organizations
2022.08.17/Suspected Iranian Actor (UNC3890) Targeting Israeli Shipping, Healthcare, Government and Energy Sectors
2022.08.18/You Can’t Audit Me: APT29 Continues Targeting Microsoft 365
2022.08.18/APT41 World Tour 2021 on a tight schedule
2022.08.18/Reservations Requested: TA558 Targets Hospitality and Travel
2022.08.18/New APT group MurenShark investigative report: Torpedoes hit Turkish Navy
2022.08.23/New Iranian APT data extraction tool (APT35/Charming Kitten)
2022.08.24/MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
2022.08.25/Kimsuky’s GoldDragon cluster and its C2 operations
2022.08.25/MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
2022.08.29/GO#WEBBFUSCATOR leverages Office Macros and James Webb Images to infect systems
2022.08.30/Rising Tide: Chasing the Currents of Espionage in the South China Sea
2022.09.01/JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks
2022.09.01/Raspberry Robin and Dridex: Two Birds of a Feather
2022.09.02/BumbleBee, a New Modular Backdoor Evolved From BookWorm
2022.09.05/Northwestern Polytechnical University was attacked by the US NSA network attack
2022.09.05/Spyware Campaign Targeting The Uyghur Community
2022.09.06/TA505 Group's TeslaGun In-Depth Analysis
2022.09.06/DangerousSavanna: Two-year long campaign targets financial institutions in French-speaking Africa
2022.09.06/Worok: The big picture
2022.09.06/Pro-Russian Group Targeting Ukraine Supporters with DDoS Attacks
2022.09.07/Profiling DEV-0270: PHOSPHORUS’ ransomware operations
2022.09.07/Initial access broker repurposing techniques in targeted attacks against Ukraine
2022.09.07/MagicRAT: Lazarus’ latest gateway into victim networks
2022.09.07/APT42: Crooked Charms, Cons, and Compromises
2022.09.08/Lazarus and the tale of three RATs
2022.09.08/BRONZE PRESIDENT Targets Government Officials
2022.09.09/Treasury Sanctions Iranian Ministry of Intelligence and Minister for Malign Cyber Activities
2022.09.13/APT41: New Wave of Espionage Activity Targets Asian Governments
2022.09.13/Look What You Made Me Do: TA453 Uses Multi-Persona Impersonation to Capitalize on FOMO
2022.09.13/Magento vendor Fishpig hacked, backdoors added
2022.09.13/Bvp47 – A Top-tier Backdoor of US NSA Equation Group: Technical Details II
2022.09.14/Dissecting PlugX to Extract Its Crown Jewels
2022.09.14/You never walk alone: The SideWalk backdoor gets a Linux variant
2022.09.14/Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations
2022.09.14/Opsec mistakes reveal Cobalt Mirage Threat Actors
2022.09.14/It's Time to PuTTY! DPRK Job Opportunity Phishing via WhatsApp
2022.09.15/Webworm: Espionage Attackers Testing and Using Older Modified RATs
2022.09.15/Gamaredon APT targets Ukrainian government agencies in new campaign
2022.09.15/F5 BIG-IP Vulnerability (CVE-2022-1388) Exploited by BlackTech
2022.09.19/Russia-Nexus UAC-0113 Emulating Telecommunication Providers in Ukraine
2022.09.22/Chinese State-Sponsored Group TA413 Adopts New Capabilities in Pursuit of Tibetan Targets
2022.09.22/Raspberry Robin’s Roshtyak: A Little Lesson in Trickery
2022.09.22/7 Years of Scarlet Mimic’s Mobile Surveillance Campaign Targeting Uyghurs
2022.09.22/Void Balaur - The Sprawling Infrastructure of a Careless Mercenary
2022.09.22/The Mystery of Metador - An Unattributed Threat Hiding in Telcos, ISPs, and Universities
2022.09.22/HHS HC3: APT41 and recent Activity
2022.09.23/In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants
2022.09.23/GRU: Rise of the (Telegram) MinIOns
2022.09.26/Hunting for Unsigned DLLs to Find APTs (Mustang Panda, Lazarus)
2022.09.27/STEEP#MAVERICK: New Covert Attack Campaign Targeting Military Contractors
2022.09.28/A Deep Dive Into the APT28’s stealer called CredoMap
2022.09.28/New campaign uses government, union-themed lures to deliver Cobalt Strike beacons
2022.09.29/Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors
2022.09.29/ZINC weaponizing open-source software
2022.09.29/Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East
2022.09.30/Detailed analysis of a ShadowPad intrusion
2022.09.30/Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium
2022.10.03/DeftTorero: tactics, techniques and procedures of intrusions revealed
2022.10.03/Revealing Emperor Dragonfly: Night Sky and Cheerscrypt - A Single Ransomware Group
2022.10.04/Tracking Earth Aughisky’s Malware and Changes
2022.10.04/CISA AA22-277A - Impacket, HyperBro and CovalentStealer used to steal sensitive information from Defense Industrial Base Organization
2022.10.04/Maggie - MSSQL Backdoor
2022.10.06/Mustang Panda Abuses Legitimate Apps to Target Myanmar Based Victims
2022.10.07/Making oRAT, Go (Earth Berberoka)
2022.10.11/The Russian SpyAgent (Teamspy) – a Decade Later and RAT Tools Remain at Risk
2022.10.12/WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware
2022.10.12/Winnti APT group docks in Sri Lanka for new campaign
2022.10.13/Budworm: Espionage Group Returns to Targeting U.S. Organizations
2022.10.13/Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
2022.10.14/New “Prestige” ransomware impacts organizations in Ukraine and Poland
2022.10.17/DiceyF deploys GamePlayerFramework in online casino development studio
2022.10.18/Unknown Actor: Powershell Backdoor disguising itself as part of a Windows update process
2022.10.18/Spyder Loader: Malware Seen in Recent Campaign Targeting Organizations in Hong Kong (Winnti)
2022.10.18/APT27 – One Year To Exfiltrate Them All: Intrusion In-Depth Analysis
2022.10.20/Domestic Kitten campaign spying on Iranian citizens with new FurBall malware
2022.10.21/WarHawk: the New Backdoor in the Arsenal of the SideWinder APT Group
2022.10.23/Unattributed RomCom Threat Actor hits Ukrainian Militaries (UNC2596?)
2022.10.24/Kimsuky targeting Android devices with newly discovered mobile malware
2022.10.27/Shadowpad: Active C2 Discovery Using Protocol Emulation
2022.10.28/Cranefly: Threat Actor Uses Previously Unseen Techniques and Tools in Stealthy Campaign
2022.10.31/APT10: Tracking down LODEINFO 2022
2022.11.01/Analysis of Suspected Lazarus Attacks Against South Korea
2022.11.02/RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom
2022.11.03/Not a dream job: Hunting for malicious job offers from an APT
2022.11.03/Financially motivated, dangerously activated: OPERA1ER APT in Africa
2022.11.03/APT-36 Uses New TTPs and New Tools to Target Indian Governmental Organizations
2022.11.07/Sanctioned deals: the Irano-Russian connection under Ankara's supervision. Analysis of the NPPD leak
2022.11.08/They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming
2022.11.09/Hack the Real Box: APT41’s New Subgroup Earth Longzhi
2022.11.10/PNG Steganography Hides Backdoor
2022.11.10/APT 15 conducting long-running Surveillance Campaigns targeting Uyghurs
2022.11.11/CERT-UA: UAC-0118 (FRwL) group's cyber attacks using the Somnia malware
2022.11.14/Operation (Đường chín đoạn) typhoon: OceanLotus coveting the nine-dash line in the South China Sea
2022.11.15/DTrack activity targeting Europe and Latin America
2022.11.15/Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries
2022.11.17/Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester
2022.11.18/GRU 26165: The Russian cyber unit that hacks targets on-site
2022.11.18/Earth Preta Spear-Phishing Governments Worldwide
2022.11.23/From Coercion to Invasion: The Theory and Execution of China’s Cyber Activity in Cross-Strait Relations
2022.11.28/Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia
2022.11.25/Analysis of APT-C-60 Attack on South Korea
2022.11.26/Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations
2022.11.29/Suspected Iran-Nexus TAG-56 uses UAE Forum Lure for Credential Theft against US Think Tank
2022.11.30/Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin
2022.12.01/₿uyer ₿eware: Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware
2022.12.01/New CryWiper data wiper targets Russian courts, mayor’s offices
2022.12.01/ZetaNile: Open source software trojans from North Korea/
2022.12.02/Hitching a ride with Mustang Panda
2022.12.05/Iran: State-Backed Hacking of Activists, Journalists, Politicians
2022.12.05/Exposing TAG-53’s Credential Harvesting Infrastructure Used for Russia-Aligned Espionage Operations
2022.12.05/Hackers linked to Chinese government (APT41) stole millions in Covid benefits, Secret Service says
2022.12.05/Calisto (COLDRIVER) show interests into entities involved in Ukraine war support
2022.12.06/Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets
2022.12.07/Internet Explorer 0-day exploited by North Korean actor APT37
2022.12.07/Fantasy: a new Agrius wiper deployed through a supply‑chain attack
2022.12.08/New MuddyWater Threat: Old Kitten; New Tricks
2022.12.08/DeathStalker targets legal entities with new Janicab variant
2022.12.08/Attacks on Ukrainian government organizations using Iranian drone theme, DolphinCape malware
2022.12.09/APT Cloud Atlas: Unbroken Threat
2022.12.09/Cloud Atlas targets entities in Russia and Belarus amid the ongoing war in Ukraine
2022.12.09/Drokbk Malware uses GitHub as Dead Drop resolver
2022.12.09/Iranian Exploitation Activities continue as of November 2022 (APT35)
2022.12.12/Pulling the Curtains on Azov Ransomware: Not a Skidsware but Polymorphic Wiper
2022.12.13/APT5: Citrix ADC Threat Hunting Guidance
2022.12.14/Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities
2022.12.14/Would’ve, Could’ve, Should’ve…Did: TA453 Refuses to be Bound by Expectations
2022.12.15/Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government
2022.12.16/Russia’s Wartime Cyber Operations in Ukraine: Military Impacts, Influences, and Implications
2022.12.16/The DPRK delicate sound of cyber
2022.12.18/Cyberattack on DELTA system users using RomCom/FateGrab/StealDeal malware
2022.12.20/Russia’s Gamaredon APT Cyber Conflict Operations Unwavering Since Invasion of Ukraine
2022.12.20/Lazarus APT’s Operation Interception Uses Signed Binary
2022.12.20/Raspberry Robin Malware Targets Telecom, Governments
2022.12.20/XLLing in Excel - threat actors using malicious add-ins
2022.12.22/Albania: Ransomware and wiper signed with stolen certificates
2022.12.22/Fin7 Unveiled: A deep dive into notorious cybercrime gang
2022.12.23/STEPPY#KAVACH (Sidecopy/APT 36) Attack Campaign Likely Targeting Indian Government
2022.12.23/RedDelta Targets European Government Organizations and Continues to Iterate Custom PlugX Variant
2022.12.24/No-limits relationship? China’s state hackers scoop up intelligence on Ukraine… and Russia
2022.12.24/APT41 — The spy who failed to encrypt me
2022.12.24/SlowMist: Investigation of North Korean APT’s Large-Scale Phishing Attack on NFT Users
2022.12.27/BlueNoroff introduces new methods bypassing MoTW
2022.12.27/Analysis of recent attack activities of APT-C-36 (Blind Eagle)
2022.12.28/Hidden Fangs in South Asia — A ​​Briefing on Recent Rattlesnake Attacks
2022.12.28/Confucius's cyber attack against IBO anti-terrorism operations in Pakistan
2022.12.29/Analysis of the 'ferry' Trojan horse organized by CNC for the military and education industry

APT Activity: 2023

2023.01.03/Poland warns of attacks by Russia-linked Ghostwriter hacking group
2023.01.05/Turla: A Galaxy of Opportunity
2023.01.05/BlindEagle Targeting Ecuador With Sharpened Tools
2023.01.05/Bluebottle (OPERA1ER): Campaign Hits Banks in French-speaking Countries in Africa
2023.01.05/The Cyber Threat from Pyongyang
2023.01.06/Links between the Coldriver group (SEABORGIUM) and the Russian Government
2023.01.06/2023.01.06/Russian hackers (COLDRIVER) targeted U.S. nuclear scientists
2023.01.07/Moldovaʼs government hit by flood of phishing attacks
2023.01.10/Xdr33, A Variant Of CIA’s HIVE Attack Kit Emerges
2023.01.10/StrongPity espionage campaign targeting Android users
2023.01.11/Dark Pink - New APT hitting Asia-Pacific, Europe that goes deeper and darker
2023.01.17/Earth Bogle: Campaigns Target the Middle East with Geopolitical Lures
2023.01.17/Kasablanka Group Probably Conducted Compaigns Targeting Russia
2023.01.18/Chinese Playful Taurus (APT 15) Activity in Iran
2023.01.18/360 APT Annual Research Report 2022 (CN)
2023.01.19/Gamaredon (Ab)uses Telegram to Target Ukrainian Organizations
2023.01.19/Suspected Chinese Threat Actors Exploiting FortiOS Vulnerability (CVE-2022-42475)
2023.01.19/Following the LNK metadata trail
2023.01.24/DragonSpark - Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation
2023.01.26/SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest
2023.01.27/Cyber attack on the Ukrinform information and communication system (CERT-UA #5850)
2023.01.27/SwiftSlicer: New destructive wiper malware strikes Ukraine
2023.01.31/Dalbit (m00nlight): Chinese hacker group's APT attack campaign
2023.02.01/Operation Ice Breaker Targets The Gam(bl)ing Industry Right Before It's Biggest Gathering
2023.02.01/UAC-0114 aka Winter Vivern to target Ukrainian and Polish GOV entities
2023.02.02/No Pineapple! – DPRK Targeting of Medical Research and Technology Sector
2023.02.02/Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware
2023.02.02/Update to the REF2924 intrusion set and related campaigns (SIESTAGRAPH, DOORME)
2023.02.02/New APT34 Malware Targets The Middle East
2023.02.06/CERT-UA #5926: Cyber attack against the state bodies of Ukraine Remcos
2023.02.08/Graphiron: New Russian Information Stealing Malware Deployed Against Ukraine
2023.02.09/CISA: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities
2023.02.09/NewsPenguin, a Previously Unknown Threat Actor, Targets Pakistan with Advanced Espionage Tool
2023.02.10/Uncle Sow: Dark Caracal in Latin America
2023.02.13/Nice Try Tonto Team - How a nation-state APT attempted to attack Group-IB
2023.02.14/Hangeul (HWP) malware using steganography: RedEyes (ScarCruft)
2023.02.15/CERT-EU: Sustained activity by specific threat actors
2023.02.15/Distributed Malware Exploiting Vulnerable Innorix: Andariel
2023.02.16/Invitation to a Secret Event: Uncovering Earth Yako’s Campaigns
2023.02.16/Frebniis: New Malware Abuses Microsoft IIS Feature to Establish Backdoor
2023.02.17/Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack
2023.02.22/Hydrochasma: Previously Unknown Group Targets Medical and Shipping Organizations in Asia
2023.02.23/Anti-Forensic Techniques Used By Lazarus Group
2023.02.23/WinorDLL64: A backdoor from the vast Lazarus arsenal?
2023.02.24/Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool
2023.02.24/A year of wiper attacks in Ukraine
2023.02.27/Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia's Judiciary, Financial, Public, and Law Enforcement Entities
2023.02.28/Blackfly: Espionage Group Targets Materials Technology
2023.03.01/BlackLotus UEFI bootkit: Myth confirmed
2023.03.01/Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting
2023.03.02/MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT
2023.03.07/Pandas with a Soul: Chinese Espionage Attacks Against Southeast Asian Government Entities
2023.03.08/Suspected Chinese Campaign to Persist on SonicWall Devices, Highlights Importance of Monitoring Edge Devices
2023.03.09/Stealing the LIGHTSHOW — North Korea's UNC2970 (Part 1 and 2)
2023.03.09/A border-hopping PlugX USB worm takes its act on the road
2023.03.09/PlugX Malware Being Distributed via Vulnerability Exploitation
2023.03.10/Dark Pink APT Group Strikes Government Entities in South Asian Countries
2023.03.13/CHM Malware Disguised as North Korea-related Questionnaire (Kimsuky)
2023.03.14/NOBELIUM Uses Poland's Ambassador’s Visit to the U.S. to Target EU Governments Assisting Ukraine
2023.03.14/Talos uncovers YoroTropper espionage campaigns targeting CIS countries, embassies and EU health care agency
2023.03.16/Peeking at Reaper’s surveillance operations (APT37)
2023.03.20/KIMSUKY’s cyber campaigns against Google's browser and app store services targeting experts on the Korean Peninsula and North Korea issues
2023.03.21/The Unintentional Leak: A glimpse into the attack vectors of APT37
2023.03.21/SideCopy sets sights on India’s DRDO
2023.03.21/Bad magic: new APT found in the area of Russo-Ukrainian conflict
2023.03.23/Pack it Secretly: Earth Preta’s Updated Stealthy Strategies
2023.03.23/Operation Tainted Love | Chinese APTs Target Telcos in New Attacks
2023.03.23/UNC961 in the Multiverse of Mandiant: Three Encounters with a Financially Motivated Threat Actor
2023.03.24/Bitter: Phishing Campaign Targets Chinese Nuclear Energy Industry
2023.03.24/APT attacks on industrial organizations in H2 2022
2023.03.28/Mélofée: a new alien malware in the Panda's toolset targeting Linux hosts
2023.03.28/APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations
2023.03.29/CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers
2023.03.29/SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack
2023.03.29/Ironing out (the macOS details) of a Smooth Operator (Part 1 and 2)
2023.03.30/SEKOIA.IO analysis of the VulkanFiles leak
2023.03.30/The Vulkan Files: A Look Inside Putin's Secret Plans for Cyber-Warfare
2023.03.30/Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe
2023.03.30/Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan
2023.03.30/With KEYPLUG, China’s RedGolf Spies On, Steals From Wide Field of Targets
2023.03.30/3CX Supply Chain Compromise Leads to ICONIC Incident
2023.03.30/New TACTICAL#OCTOPUS Attack Campaign Targets US Entities with Malware Bundled in Tax-Themed Documents
2023.04.04/Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack
2023.04.05/Google TAG: Protecting users from government-backed attacks from North Korea
2023.04.07/MERCURY and DEV-1084: Destructive attack on hybrid environment
2023.04.11/Analysis of APT-C-28 (ScarCruft) organization's attack activities in South Korea
2023.04.12/Following the Lazarus group by tracking DeathNote campaign
2023.04.13/Espionage campaign linked to Russian intelligence services (APT29)
2023.04.13/Transparent Tribe (APT36) | Pakistan-Aligned Threat Actor Expands Interest in Indian Education Sector
2023.04.17/Cyber Espionage in India: Decoding APT-36's New Linux Malware Campaign
2023.04.17/Exposed Web Panel Reveals Gamaredon Group's Automated Spear Phishing Campaigns
2023.04.17/The Bitter Group Targets Chinese Agencies with CHM Malware via Email Attachments
2023.04.17/Additional Activities of the Tick Group That Attacks with a Modified Q-Dir and Their Ties with Operation Triple Tiang
2023.04.17/APT41's Use of Open Source GC2 Tool to Target Media and Job Sites
2023.04.18/APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers
2023.04.18/Nation-state threat actor Mint Sandstorm (APT35) refines tradecraft to attack high-value targets
2023.04.18/SimpleHarm: Tracking MuddyWater's infrastructure
2023.04.19/AllaKore(d) the SideCopy Train
2023.04.20/Xiaoqiying/Genesis Day Threat Actor Group Targets South Korea, Taiwan
2023.04.20/APT43: An investigation into the North Korean group's cybercrime operations
2023.04.20/Linux malware strengthens links between Lazarus and the 3CX supply-chain attack
2023.04.20/Daggerfly: APT Actor Targets Telecoms Company in Africa
2023.04.20/UCID902: Uncovering nation state watering hole credential harvesting campaigns targeting human rights activists by APT threat group UCID902
2023.04.20/Patchwork organization update technology makes a comeback, launching another attack on domestic education and scientific research units
2023.04.21/BlueNoroff APT group targets macOS with 'RustBucket' Malware
2023.04.21/X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe
2023.04.24/Tomiris called, they want their Turla malware back
2023.04.25/Educated Manticore - Iran Aligned Threat Actor Targeting Israel via Improved Arsenal of Tools
2023.04.26/Unpacking BellaCiao: A Closer Look at Iran's (APT35) Latest Malware
2023.04.26/Chinese Alloy Taurus Updates PingPull Malware
2023.04.26/Evasive Panda APT group delivers malware via updates for popular Chinese software
2023.04.26/Tonto Team Using Anti-Malware Related Files for DLL Side-Loading
2023.04.26/RokRAT Malware Distributed Through LNK Files: RedEyes (ScarCruft, APT37)
2023.04.27/Nomadic Octopus' Paperbug Campaign
2023.04.27/Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy
2023.05.01/Chain Reaction: APT37 ROKRAT's Missing Link
2023.05.02/Attack on Security Titans: Earth Longzhi (APT41) Returns With New Tricks
2023.05.03/A doubled "Dragon Breath" adds new air to DLL sideloading attacks
2023.05.04/Clean Rooms, Nuclear Missiles, and SideCopy, Oh My!
2023.05.08/SideWinder Uses Server-side Polymorphism to Attack Pakistan Government Officials - and Is Now Targeting Turkey
2023.05.10/Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020
2023.05.12/Attack Trends Related to DangerousPassword
2023.05.12/APT31: The Illustrious Graduates of Wuhan Kerui
2023.05.12/The Five Bears: Russia's Offensive Cyber Capabilities
2023.05.13/APT31: All roads lead back to Wuhan... Xiaoruizhi Science and Technology Company
2023.05.15/Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors
2023.05.16/APT31: Introducing Cheng Feng
2023.05.17/APT31: MiSSing links
2023.05.17/The distinctive rattle of APT SideWinder
2023.05.19/CloudWizard APT: the bad magic story goes on
2023.05.22/Bluenoroff's RustBucket campaign
2023.05.22/WINTAPIX: A New Kernel Driver Targeting Countries in The Middle East
2023.05.23/Kimsuky - Ongoing Campaign Using Tailored Reconnaissance Toolkit
2023.05.23/Meet the GoldenJackal APT group. Don't expect any howls
2023.05.25/COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises
2023.05.31/Dark Pink - Episode 2
2023.06.01/Operation Triangulation: iOS devices targeted with previously unknown malware
2023.06.01/SharpPanda APT Campaign Expands its Arsenal Targeting G20 Nations
2023.06.02/Chinese Threat Actor Used Modified Cobalt Strike Variant to Attack Taiwanese Critical Infrastructure

Other VXUG Links

Official vx-underground Twitter

Contact & Compliance Email

Donate to vx-underground

Support vx-underground monthly

Buy vx-underground Merchandise

Password to 7z files

infected

Contents

Malware Collections and Explorer
Year: 2010
Year: 2011
Year: 2012
Year: 2013
Year: 2014
Year: 2015
Year: 2016
Year: 2017
Year: 2018
Year: 2019
Year: 2020
Year: 2021
Year: 2022
Year: 2023

Sponsor

sponsor World's Best Penis Enhancement Pills

Sponsor

sponsor

Sponsor

sponsor Tutorial from zetalytics.com

Sponsor

sponsor Phantom Overlay, the best COD cheat available!

Want to sponsor vx-underground?

Your information could go here