This is collections of APT and cybercriminals campaign. Please fire issue to me if any lost APT/Malware events/campaigns.
π€·The password of malware samples could be 'virus' or 'infected'
πΉ kbandla
πΉ APTnotes
πΉ Florian Roth - APT Groups
πΉ Attack Wiki
πΉ threat-INTel
πΉ targetedthreats
πΉ Raw Threat Intelligence
πΉ APT search
πΉ APT Sample by 0xffff0800 (https://iec56w4ibovnb4wc.onion.si/)
πΉ APT Map
πΉ sapphirex00 - Threat-Hunting
πΉ APTSimulator
πΉ MITRE Att&CK: Group
πΉ APT_REPORT collected by @blackorbird
πΉ Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups
πΉ APT_Digital_Weapon
πΉ vx-underground
- Dec 07 - [Google] Internet Explorer 0-day exploited by North Korean actor APT37 | π
- Dec 06 - [BlackBerry] Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets | π
- Dec 05 - [Recorded Future] Exposing TAG-53βs Credential Harvesting Infrastructure Used for Russia-Aligned Espionage Operations | π
- Dec 02 - [Palo Alto Networks] Blowing Cobalt Strike Out of the Water With Memory Analysis | π
- Nov 02 - [BlackBerry] RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom | π
- Oct 06 - [BlackBerry] Mustang Panda Abuses Legitimate Apps to Target Myanmar Based Victims | π
- Oct 04 - [Trend Micro] The Rise of Earth Aughisky | π
- Sep 28 - [NSOGroup] Exploit-archaeology-a-forensic-history-of-in-the-wild | π
- Sep 28 - [Recorded Future] The Chinese Communist Partyβs Strategy for Targeted Propaganda | π
- Sep 08 - [Secureworks] BRONZE PRESIDENT Targets Government Officials | π
- Aug 12 - [SEKOIA.IO] LuckyMouse uses a backdoored Electron app to target MacOS | π
- Aug 12 - [Trend Micro] Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users | π
- Jul 26 - [PWC] Old cat, new tricks, bad habits An analysis of Charming Kittenβs new tools and OPSEC errors | π
- Jul 25 - [Kaspersky] CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit | π
- Jun 27 - [Kaspersky] Attacks on industrial control systems using ShadowPad | π
- Jun 21 - [Kaspersky] APT ToddyCat | π
- Jun 02 - [Kaspersky] WinDealer malware shows extremely sophisticated network abilities | π
- May 19 - [CheckPoint] Twisted Panda: Chinese APT espionage operation against Russianβs state-owned defense institutes | π
- May 12 - [BlackBerry] Threat Thursday: Malware Rebooted - How Industroyer2 Takes Aim at Ukraine Infrastructure | π
- May 11 - [CISCO] Bitter APT adds Bangladesh to their targets | π
- May 05 - [CISCO] Mustang Panda deploys a new wave of malware targeting Europe | π
- May 02 - [Mandiant] UNC3524: Eye Spy on Your Email | π
- Apr 06 - [Recorded Future] Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group | π
- Mar 30 - [Fortinet] New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits | π
- Mar 23 - [Dr.Web] Study of an APT attack on a telecommunications company in Kazakhstan | π
- Mar 23 - [ESET] Mustang Pandaβs Hodur: Old tricks, new Korplug variant | π
- Mar 17 - [Trend Micro] Cyclops Blink Sets Sights on Asus Routers | π
- Mar 08 - [Trend Micro] New RURansom Wiper Targets Russia | π
- Mar 07 - [proofpoint] The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates | π
- Mar 01 - [proofpoint] Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement | π
- Feb 23 - [Pangulab] Bvp47:Top-tier Backdoor of US NSA Equation Group | π
- Feb 23 - [Mandiant] (Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware | π
- Feb 15 - [Dell] ShadowPad Malware Analysis | π
- Feb 03 - [Symantec] Antlion: Chinese APT Uses Custom Backdoor to Target Financial Institutions in Taiwan | π
- Feb 01 - [Cybereason] PowerLess Trojan: Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage | π
- Jan 31 - [CISCO] Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables | π
- Jan 31 - [Symantec] Shuckworm Continues Cyber-Espionage Attacks Against Ukraine | π
- Jan 27 - [MalwareBytes] North Koreaβs Lazarus APT leverages Windows Update client, GitHub in latest campaign | π
- Jan 27 - [CrowdStrike] Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign | π
- Jan 25 - [Trellix] Prime Ministerβs Office Compromised: Details of Recent Espionage Campaign | π
- Jan 20 - [Kaspersky] MoonBounce: the dark side of UEFI firmware | π
- Jan 17 - [Trend Micro] Earth Lusca Employs Sophisticated Infrastructure, Varied Tools and Techniques | π
- Jan 07 - [MalwareBytes] Patchwork APT caught in its own web | π
- Jan 05 - [Sygnia] ELEPHANT BEETLE: UNCOVERING AN ORGANIZED FINANCIAL-THEFT OPERATION | π
- Jan 03 - [Cluster25] North Korean Group βKONNIβ Targets The Russian Diplomatic Sector With New Versions Of Malware Implants | π
- Dec 29 - [NTT] Report on APT Attacks by BlackTech | π
- Dec 16 - [Zscaler] New DarkHotel APT attack chain identified | π
- Dec 11 - [ESET] Jumping the air gap: 15 years of nation-state effort | π
- Dec 07 - [Mandiant] FIN13: A Cybercriminal Threat Actor Focused on Mexico | π
- Dec 03 - [Pwc] Conti cyber attack on the HSE | π
- Nov 29 - [Trend Micro] Campaign Abusing Legitimate Remote Administrator Tools Uses Fake Cryptocurrency Websites | π
- Nov 16 - [Mandiant] UNC1151 Assessed with High Confidence to have Links to Belarus, Ghostwriter Campaign Aligned with Belarusian Government Interests | π
- Nov 16 - [ESET] Strategic web compromises in the Middle East with a pinch of Candiru | π
- Nov 11 - [Google] Analyzing a watering hole campaign using macOS exploits | π
- Nov 10 - [Trend Micro] Void Balaur: Tracking a Cybermercenaryβs Activities | π
- Nov 08 - [NCCGroup] TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access | π
- Nov 04 - [SSU] Gamaredon Armageddon Group | π
- Oct 19 - [CrowdStrike] LightBasin: A Roaming Threat to Telecommunications Companies | π
- Oct 26 - [JPCERT] Malware WinDealer used by LuoYu Attack Group | π
- Oct 19 - [Proofpoint] Whatta TA: TA505 Ramps Up Activity, Delivers New FlawedGrace Variant | π
- Oct 19 - [Trend Micro] PurpleFox Adds New Backdoor That Uses WebSockets | π
- Oct 18 - [Symantec] Harvester: Nation-state-backed group uses new toolset to target victims in South Asia | π
- Oct 14 - [Trend Micro] Analyzing Email Services Abused for Business Email Compromise | π
- Oct 12 - [Kaspersky] MysterySnail attacks with Windows zero-day | π
- Oct 06 - [Cybereason] Operation GhostShell: Novel RAT Targets Global Aerospace and Telecoms Firms | π
- Oct 05 - [ESET] UEFI threats moving to the ESP: Introducing ESPecter bootkit | π
- Oct 04 - [JP-CERT] Malware Gh0stTimes Used by BlackTech | π
- Sep 30 - [Kaspersky] GhostEmperor: From ProxyLogon to kernel mode | π
- Sep 27 - [Microsoft] FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor | π
- Sep 23 - [ESET] FamousSparrow: A suspicious hotel guest | π
- Sep 14 - [McAfee] Operation βHarvestβ: A Deep Dive into a Long-term Campaign | π
- Sep 13 - [Trend Micro] APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs | π
- Sep 09 - [Recorded Future] Dark Covenant: Connections Between the Russian State and Criminal Actors | π
- Sep 08 - [Fireeye] Pro-PRC Influence Campaign Expands to Dozens of Social Media Platforms, Websites, and Forums in at Least Seven Languages, Attempted to Physically Mobilize Protesters in the U.S. | π
- Aug 25 - [Bitdefender] FIN8 Threat Actor Spotted Once Again with New "Sardonic" Backdoor | π
- Aug 24 - [Trend Micro] Earth Baku Returns | π
- Aug 19 - [Sentinel] ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage | π
- Aug 17 - [Trend Micro] Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military | π
- Aug 17 - [ClearSky] New Iranian Espionaje Campaign by "SiameseKitten" - Lyceum | π
- Aug 17 - [Volexity] North Korean APT InkySquid Infects Victims Using Browser Exploits | π
- Aug 14 - [Checkpoint] Indra β Hackers Behind Recent Attacks on Iran | π
- Aug 12 - [imp0rtp3] Uncovering Tetris β a Full Surveillance Kit Running in your Browser | π
- Aug 10 - [Fireeye] UNC215: Spotlight on a Chinese Espionage Campaign in Israel | π
- Aug 09 - [Trend Micro] Cinobi Banking Trojan Targets Cryptocurrency Exchange Users via Malvertising | π
- Aug 03 - [CyberGeeks] A STEP-BY-STEP ANALYSIS OF THE NEW MALWARE USED BY APT28/SOFACY CALLED SKINNYBOY | π
- Aug 03 - [GROUP-IB] The Art of Cyberwarfare Chinese APTs attack Russia | π
- Aug 03 - [Cybereason] DeadRinger: Exposing Chinese Threat Actors Targeting Major Telcos | π
- Aug 03 - [Positive] APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere | π
- Aug 02 - [Sygnia] TG1021: βPraying Mantisβ DISSECTING AN ADVANCED MEMORY-RESIDENT ATTACK | π
- Jul 28 - [Proofpoint] I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona | π
- Jul 27 - [Palo Alto Networks] THOR: Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group | π
- Jul 20 - [Trend Micro] Tracking the Activities of TeamTNT: A Closer Look at a Cloud-Focused Malicious Actor Group | π
- Jul 19 - [US-CERT] Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with Chinaβs MSS Hainan State Security Department | π
- Jul 14 - [Google] How we protect users from 0-day attacks | π
- Jul 12 - [Trend Micro] #NoFilter: Exposing the Tactics of Instagram Account Hackers | π
- Jul 09 - [Trend Micro] BIOPASS RAT: New Malware Sniffs Victims via Live Streaming | π
- Jul 06 - [AT&T] Lazarus campaign TTPs and evolution | π
- Jul 05 - [Trend Micro] Tracking Cobalt Strike: A Trend Micro Vision One Investigation | π
- Jul 01 - [CheckPoint] IndigoZebra APT continues to attack Central Asia with evolving tools | π
- Jun 24 - [Securifera] Operation Eagle Eye | π
- Jun 16 - [Recorded Future] Threat Activity Group RedFoxtrot Linked to Chinaβs PLA Unit 69010; Targets Bordering Asian Countries | π
- Jun 16 - [Kaspersky] Ferocious Kitten: 6 years of covert surveillance in Iran | π
- Jun 10 - [Group-IB] Big airline heist | π
- Jun 08 - [Kaspersky] PuzzleMaker attacks with Chrome zero-day exploit chain | π
- Jun 03 - [CheckPoint] SharpPanda: Chinese APT Group Targets Southeast Asian Government With Previously Unknown Backdoor | π
- May 28 - [Microsoft] Breaking down NOBELIUMβs latest early-stage toolset | π
- May 27 - [Microsoft] New sophisticated email-based attack from NOBELIUM | π
- May 25 - [SentinelOne] FROM WIPER TO RANSOMWARE: THE EVOLUTION OF AGRIUS | π
- May 13 - [CISCO] Transparent Tribe APT expands its Windows malware arsenal | π
- May 07 - [NCSC] Further TTPs associated with SVR cyber actors | π
- May 07 - [Marco Ramilli] MuddyWater: Binder Project (Part 2) | π
- May 06 - [Kaspersky] Operation TunnelSnake | π
- May 01 - [ClearSky] Attributing Attacks Against Crypto Exchanges to LAZARUS β North Korea | π
- May 01 - [Marco Ramilli] MuddyWater: Binder Project (Part 1) | π
- Apr 28 - [Trend Micro] Water Pamola Attacked Online Shops Via Malicious Orders | π
- Apr 28 - [Fireeye] Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity | π
- Apr 27 - [Positive] Lazarus Group Recruitment: Threat Hunters vs Head Hunters | π
- Apr 23 - [Bitdefender] NAIKON β Traces from a Military Cyber-Espionage Operation | π
- Apr 23 - [Darktrace] APT35 βCharming Kitten' discovered in a pre-infected environment | π
- Apr 20 - [FireEye] Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day | π
- Apr 19 - [SentinelOne] A Deep Dive into Zebrocyβs Dropper Docs | π
- Apr 19 - [MalwareBytes] Lazarus APT conceals malicious code within BMP image to drop its RAT | π
- Apr 13 - [Sentire] Hackers Flood the Web with 100,000 Malicious Pages, Promising Professionals Free Business Forms, But Delivering Malware, Reports eSentire | π
- Apr 13 - [Kaspersky] Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild | π
- Apr 09 - [TrendMicro] Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware | π
- Apr 08 - [CheckPoint] Iranβs APT34 Returns with an Updated Arsenal | π
- Apr 08 - [ESET] (Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor | π
- Apr 07 - [CISCO] Sowing Discord: Reaping the benefits of collaboration app abuse | π
- Apr 06 - [Cado Security] Threat Group Uses Voice Changing Software in Espionage Attempt| π
- Mar XX - [CSET] Academics, AI, and APTs | π
- Mar 30 - [Kaspersky] APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign | π
- Mar 30 - [proofpoint] BadBlood: TA453 Targets US and Israeli Medical Research Personnel in Credential Phishing Campaigns | π
- Mar 23 - [Trend Micro] Websites Hosting Cracks Spread Malware, Adware | π
- Mar 18 - [Prodaft] SilverFish Group Threat Actor Report | π
- Mar 10 - [Bitdefender] FIN8 Returns with Improved BADHATCH Toolkit | π
- Mar 10 - [Intezer] New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor | π
- Mar 02 - [Volexity] Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities | π
- Mar 02 - [Microsoft] HAFNIUM targeting Exchange Servers with 0-day exploits | π
- Feb 28 - [Recorded Future] China-linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions | π
- Feb 25 - [Proofpoint] TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations | π
- Feb 25 - [Kaspersky] Lazarus targets defense industry with ThreatNeedle | π
- Feb 25 - [TeamT5] APT10: Tracking down the stealth activity of the A41APT campaign | π
- Feb 24 - [MalwareBytes] LazyScripter: From Empire to double RAT | π
- Feb 24 - [Amnesty] Click and Bait: Vietnamese Human Rights Defenders Targeted with Spyware Attacks | π
- Feb 22 - [CheckPoint] The Story of Jian β How APT31 Stole and Used an Unknown Equation Group 0-Day | π
- Feb 17 - [Cybleinc] Confucius APT Android Spyware Targets Pakistani and Other South Asian Regions | π
- Feb 10 - [Lookout] Lookout Discovers Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict | π
- Feb 09 - [Palo Alto Networks] BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech | π
- Feb 08 - [CheckPoint] Domestic Kitten β An Inside Look at the Iranian Surveillance Operations | π
- Feb 03 - [Palo Alto Networks] Hildegard: New TeamTNT Malware Targeting Kubernetes | π
- Feb 02 - [ESET] Kobalos β A complex Linux threat to high performance computing infrastructure | π
- Feb 01 - [VinCSS] ElephantRAT (Kunming version): our latest discovered RAT of Panda and the similarities with recently Smanager RAT| π
- Feb 01 - [ESET] Operation NightScout: Supplyβchain attack targets online gaming in Asia | π
- Jan 31 - [JPCERT] A41APT case ~ Analysis of the Stealth APT Campaign Threatening Japan | π
- Jan 28 - [ClearSky] βLebanese Cedarβ APT: Global Lebanese Espionage Campaign Leveraging Web Servers | π
- Jan 25 - [cybergeeks] A DETAILED ANALYSIS OF ELMER BACKDOOR USED BY APT16 | π
- Jan 20 - [JPCERT] Commonly Known Tools Used by Lazarus | π
- Jan 20 - [Cybie] A Deep Dive Into Patchwork APT Group | π
- Jan 14 - [Positive] Higaisa or Winnti? APT41 backdoors, old and new | π
- Jab 12 - [ESET] Operation Spalax: Targeted malware attacks in Colombia | π
- Jan 12 - [Yoroi] Opening βSTEELCORGIβ: A Sophisticated APT Swiss Army Knife | π
- Jan 12 - [NCCgroup] Abusing cloud services to fly under the radar | π
- Jan 11 - [Palo Alto Networks] xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement | π
- Jan 11 - [CrowdStrike] SUNSPOT: An Implant in the Build Process | π
- Jan 11 - [Kaspersky] Sunburst backdoor β code overlaps with Kazuar | π
- Jan 08 - [Certfa] Charming Kittenβs Christmas Gift | π
- Jan 07 - [Prodaft] Brunhilda DaaS Malware Analysis Report | π
- Jan 06 - [CISCO] A Deep Dive into Lokibot Infection Chain | π
- Jan 06 - [Malwarebytes] Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat | π
- Jan 05 - [QuoIntelligence] ReconHellcat Uses NIST Theme as Lure To Deliver New BlackSoul Malware | π
- Jan 05 - [Trend Micro] Earth Wendigo Injects JavaScript Backdoor to Service Worker for Mailbox Exfiltration | π
- Jan 04 - [CheckPoint] Stopping Serial Killer: Catching the Next Strike: Dridex | π
- Jan 04 - [Medium] APT27 Turns to Ransomware | π
- Jan 04 - [Nao-Sec] Royal Road! Re:Dive | π
- Dec 30 - [Recorded Future] SolarWinds Attribution: Are We Getting Ahead of Ourselves? | π
- Dec 29 - [Uptycs] Revenge RAT targeting users in South America | π
- Dec 23 - [Kaspersky] Lazarus covets COVID-19-related intelligence | π
- Dec 22 - [Truesec] Collaboration between FIN7 and the RYUK group, a Truesec Investigation | π
- Dec 19 - [VinCSS] Analyzing new malware of China Panda hacker group used to attack supply chain against Vietnam Government Certification Authority | π
- Dec 17 - [ClearSky] Pay2Kitten | π
- Dec 17 - [ESET] Operation SignSight: Supplyβchain attack against a certification authority in Southeast Asia | π
- Dec 16 - [Team Cymru] Mapping out AridViper Infrastructure Using Auguryβs Malware Module | π
- Dec 15 - [WeiXin] APT-C-47 ClickOnce Operation | π
- Dec 15 - [hvs consulting] Greetings from Lazarus Anatomy of a cyber espionage campaign | π
- Dec 13 - [Fireeye] Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor | π
- Dec 09 - [Intezer] A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy | π
- Dec 09 - [Trend Micro] SideWinder Uses South Asian Issues for Spear Phishing, Mobile Attacks | π
- Dec 07 - [Group-IB] The footprints of Raccoon: a story about operators of JS-sniffer FakeSecurity distributing Raccoon stealer | π
- Dec 02 - [ESET] Turla Crutch: Keeping the βback doorβ open | π
- Dec 03 - [Telsy] Adversary Tracking Report | π
- Dec 01 - [CISA] Advanced Persistent Threat Actors Targeting U.S. Think Tanks | π
- Dec 01 - [Prevasio] OPERATION RED KANGAROO: INDUSTRY'S FIRST DYNAMIC ANALYSIS OF 4M PUBLIC DOCKER CONTAINER IMAGES | π
- Nov 30 - [Yoroi] Shadows From the Past Threaten Italian Enterprises | π
- Nov 30 - [Microsoft] Threat actor leverages coin miner techniques to stay under the radar β hereβs how to spot them | π
- Nov 27 - [PTSecurity] Investigation with a twist: an accidental APT attack and averted data destruction | π
- Nov 26 - [CheckPoint] Bandook: Signed & Delivered | π
- Nov 23 - [S2W Lab] Analysis of Clop Ransomware suspiciously related to the Recent Incident | π
- Nov 19 - [Cybereason] Cybereason vs. MedusaLocker Ransomware | π
- Nov 18 - [KR-CERT] Analysis of the Bookcodes RAT C2 framework starting with spear phishing | π
- Nov 17 - [Cybereason] CHAES: Novel Malware Targeting Latin American E-Commerce | π
- Nov 17 - [Symantec] Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign | π
- Nov 16 - [FoxIT] TA505: A Brief History Of Their Time | π
- Nov 16 - [Bitdefender] A Detailed Timeline of a Chinese APT Espionage Attack Targeting South Eastern Asian Government Institutions | π
- Nov 12 - [CISCO] CRAT wants to plunder your endpoints | π
- Nov 12 - [BlackBerry] The CostaRicto Campaign: Cyber-Espionage Outsourced | π
- Nov 12 - [ESET] Hungry for data, ModPipe backdoor hits POS software used in hospitality sector | π
- Nov 12 - [Morphisec] JUPYTER INFOSTEALER | π
- Nov 10 - [Record Future] New APT32 Malware Campaign Targets Cambodian Government | π
- Nov 06 - [Volexity] OceanLotus: Extending Cyber Espionage Operations Through Fake Websites | π
- Nov 04 - [Sophos] A new APT uses DLL side-loads to βKilllSomeOneβ | π
- Nov 02 - [FireEye] Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945 | π
- Nov 01 - [Cyberstanc] A look into APT36's (Transparent Tribe) tradecraft | π
- Oct 27 - [US-CERT] North Korean Advanced Persistent Threat Focus: Kimsuky | π
- Oct 26 - [DrWeb] Study of the ShadowPad APT backdoor and its relation to PlugX | π
- Oct 23 - [360] APT-C-44 NAFox | π
- Oct 22 - [WeiXin] Bitter CHM | π
- Oct 19 - [Trend Micro] Operation Earth Kitsune: Tracking SLUBβs Current Operations | π
- Oct 15 - [ClearSky] Operation Quicksand β MuddyWaterβs Offensive Attack Against Israeli Organizations | π
- Oct 14 - [MalwareByte] Silent Librarian APT right on schedule for 20/21 academic year | π
- Oct 13 - [WeiXin] Operation Rubia cordifolia | π
- Oct 07 - [BlackBerry] BlackBerry Uncovers Massive Hack-For-Hire Group Targeting Governments, Businesses, Human Rights Groups and Influential Individuals | π
- Oct 06 - [Malwarebytes] Release the Kraken: Fileless APT attack abuses Windows Error Reporting service | π
- Oct 05 - [Kaspersky] MosaicRegressor: Lurking in the Shadows of UEFI | π
- Sep 30 - [ESET] APTβCβ23 group evolves its Android spyware | π
- Sep 29 - [Symantec] Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors | π
- Sep 29 - [PTSecurity] ShadowPad: new activity from the Winnti group | π
- Sep 25 - [Amnesty] German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed | π
- Sep 25 - [360] APT-C-43 steals Venezuelan military secrets to provide intelligence support for the reactionaries β HpReact campaign | π
- Sep 24 - [Microsoft] detecting empires in the cloud | π
- Sep 23 - [Seqrite] Operation SideCopy | π
- Sep 22 - [Quointelligence] APT28 Delivers Zebrocy Malware Campaign using NATO Theme as Lure | π
- Sep 21 - [CISCO] The art and science of detecting Cobalt Strike | π
- Sep 17 - [Qianxin] Operation Tibbar | π
- Sep 16 - [Intel471] Partners in crime: North Koreans and elite Russian-speaking cybercriminals | π
- Sep 08 - [Microsoft] TeamTNT activity targets Weave Scope deployments | π
- Sep 03 - [Cybereason] NO REST FOR THE WICKED: EVILNUM UNLEASHES PYVIL RAT | π
- Sep 01 - [proofpoint] Chinese APT TA413 Resumes Targeting of Tibet Following COVID-19 Themed Economic Espionage Campaign Delivering Sepulcher Malware Targeting Europe | π
- Aug 27 - [ClearSky] The Kittens Are Back in Town 3 | π
- Aug 28 - [Kaspersky] Transparent Tribe: Evolution analysis, part 2 | π
- Aug 24 - [Kaspersky] Lifting the veil on DeathStalker, a mercenary triumvirate | π
- Aug 20 - [CertFR] DEVELOPMENT OF THE ACTIVITY OF THE TA505 CYBERCRIMINAL GROUP | π
- Aug 20 - [Bitdefender] More Evidence of APT Hackers-for-Hire Used for Industrial Espionage | π
- Aug 18 - [F-Secure] LAZARUS GROUP CAMPAIGN TARGETING THE CRYPTOCURRENCY VERTICAL | π
- Aug 13 - [Kaspersky] CactusPete APT groupβs updated Bisonal backdoor | π
- Aug 13 - [ClearSky] Operation βDream Jobβ Widespread North Korean Espionage Campaign | π
- Aug 13 - [CISA] Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware | π
- Aug 12 - [Kaspersky] Internet Explorer and Windows zero-day exploits used in Operation PowerFall | π
- Aug 10 - [Seqrite] Gorgon APT targeting MSME sector in India | π
- Aug 03 - [CISA] MAR-10292089-1.v2 β Chinese Remote Access Trojan: TAIDOOR | π
- Jul 29 - [McAfee] Operation North Star: A Job Offer Thatβs Too Good to be True? | π
- Jul 28 - [Group-IB] JOLLY ROGERβS PATRONS | π
- Jul 28 - [Recorded Future] Chinese State-Sponsored Group βRedDeltaβ Targets the Vatican and Catholic Organizations | π
- Jul 22 - [Palo Alto Network] OilRig Targets Middle Eastern Telecommunications Organization and Adds Novel C2 Channel with Steganography to Its Inventory | π
- Jul 22 - [Kaspersky] MATA: Multi-platform targeted malware framework | π
- Jul 20 - [Dr.Web] Study of the APT attacks on state institutions in Kazakhstan and Kyrgyzstan | π
- Jul 17 - [CERT-FR] THE MALWARE DRIDEX: ORIGINS AND USES | π
- Jul 16 - [NCSC] Advisory: APT29 targets COVID-19 vaccine development | π
- Jul 15 - [F-Secure] THE FAKE CISCO: Hunting for backdoors in Counterfeit Cisco devices | π
- Jul 14 - [Tesly] TURLA / VENOMOUS BEAR UPDATES ITS ARSENAL: βNEWPASSβ APPEARS ON THE APT THREAT SCENE | π
- Jul 14 - [ESET] Welcome Chat as a secure messaging app? Nothing could be further from the truth | π
- Jul 12 - [WeiXin] SideWinder 2020 H1 | π
- Jul 09 - [AGARI] Cosmic Lynx: The Rise of Russian BEC | π
- Jul 09 - [ESET] More evil: A deep look at Evilnum and its toolset | π
- Jul 08 - [Sedbraven] Copy cat of APT Sidewinder ? | π
- Jul 08 - [proofpoint] TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware | π
- Jul 08 - [Seqrite] Operation βHoney Trapβ: APT36 Targets Defense Organizations in India | π
- Jul 06 - [Sansec] North Korean hackers are skimming US and European shoppers | π
- Jul 01 - [Lookout] Mobile APT Surveillance Campaigns Targeting Uyghurs | π
- Jun 30 - [Bitdefender] StrongPity APT β Revealing Trojanized Tools, Working Hours and Infrastructure | π
- Jun 29 - [CISCO] PROMETHIUM extends global reach with StrongPity3 APT | π
- Jun 26 - [Symantec] WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations | π
- Jun 25 - [Elastic] A close look at the advanced techniques used in a Malaysian-focused APT campaign | π
- Jun 24 - [Dell] BRONZE VINEWOOD Targets Supply Chains | π
- Jun 23 - [NCCGroup] WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group | π
- Jun 19 - [Zscaler] Targeted Attack Leverages India-China Border Dispute to Lure Victims | π
- Jun 18 - [ESET] Digging up InvisiMoleβs hidden arsenal | π
- Jun 17 - [ESET] Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | π
- Jun 17 - [Palo Alto] AcidBox: Rare Malware Repurposing Turla Group Exploit Targeted Russian Organizations | π
- Jun 17 - [Malwarebytes] Multi-stage APT attack drops Cobalt Strike using Malleable C2 feature | π
- Jun 16 - [PTSecurity] Cobalt: tactics and tools update | π
- Jun 15 - [Amnesty] India: Human Rights Defenders Targeted by a Coordinated Spyware Operation | π
- Jun 11 - [Trend Micro] New Android Spyware ActionSpy Revealed via Phishing Attacks from Earth Empusa | π
- Jul 11 - [ESET] Gamaredon group grows its game | π
- Jun 08 - [proofpoint] TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware | π
- Jun 08 - [CheckPoint] GuLoader? No, CloudEyE | π
- Jun 03 - [Malwarebyte] New LNK attack tied to Higaisa APT discovered | π
- Jun 03 - [Kaspersky] Cycldek: Bridging the (air) gap | π
- Jun 01 - [Lifars] Cryptocurrency Miners β XMRig Based CoinMiner by Blue Mockingbird Group | π
- May 29 - [IronNet] Russian Cyber Attack Campaigns and Actors | π
- May 28 - [Kaspersky] The zero-day exploits of Operation WizardOpium | π
- May 26 - [ESET] From Agent.BTZ to ComRAT v4: A tenβyear journey | π
- May 21 - [Intezer] The Evolution of APT15βs Codebase 2020 | π
- May 21 - [Bitdefender] Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia | π
- May 21 - [ESET] No βGame overβ for the Winnti Group | π
- May 19 - [Symantec] Sophisticated Espionage Group Turns Attention to Telecom Providers in South Asia | π
- May 18 - [360] APT-C-23 middle East | π
- May 14 - [Telekom] LOLSnif β Tracking Another Ursnif-Based Targeted Campaign | π
- May 14 - [Sophos] RATicate: an attackerβs waves of information-stealing malware | π
- May 14 - [360] Vendetta-new threat actor from Europe | π
- May 14 - [ESET] Mikroceen: Spying backdoor leveraged in highβprofile networks in Central Asia | π
- May 14 - [Avast] APT Group Planted Backdoors Targeting High Profile Networks in Central Asia | π
- May 14 - [Kaspersky] COMpfun authors spoof visa application with HTTP status-based Trojan | π
- May 13 - [ESET] Ramsay: A cyberβespionage toolkit tailored for airβgapped networks | π
- May 12 - [Trend Micro] Tropic Trooperβs Back: USBferry Attack Targets Air-gapped Environments | π
- May 11 - [Zscaler] Targeted Attacks on Indian Government and Financial Institutions Using the JsOutProx RAT | π
- May 11 - [Palo Alto] Updated BackConfig Malware Targeting Government and Military Organizations in South Asia | π
- May 07 - [RedCanary] Introducing Blue Mockingbird | π
- May 07 - [CheckPoint] Naikon APT: Cyber Espionage Reloaded | π
- May 06 - [Prevailion] Phantom in the Command Shell | π
- May 06 - [CyberStruggle] Leery Turtle Threat Report | π
- May 05 - [CheckPoint] Nazar: Spirits of the Past | π
- Apr 29 - [Recorded Future] Chinese Influence Operations Evolve in Campaigns Targeting Taiwanese Elections, Hong Kong Protests | π
- Apr 28 - [Yoroi] Outlaw is Back, a New Crypto-Botnet Targets European Organizations | π
- Apr 28 - [ESET] Grandoreiro: How engorged can an EXE get? | π
- Apr 24 - [LAC JP] PoshC2 | π
- Apr 21 - [Volexity] Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant | π
- Apr 20 - [QuoIntelligence] WINNTI GROUP: Insights From the Past | π
- Apr 17 - [Trend Micro] Gamaredon APT Group Use Covid-19 Lure in Campaigns | π
- Apr 16 - [Trend Micro] Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems | π
- Apr 16 - [White Ops] Giving Fraudsters the Cold Shoulder: Inside the Largest Connected TV Bot Attack | π
- Apr 15 - [Lookout] Nation-state Mobile Malware Targets Syrians with COVID-19 Lures | π
- Apr 15 - [Cycraft] Craft for Resilience: APT Group Chimera | π
- Apr 07 - [MalwareBytes] APTs and COVID-19: How advanced persistent threats use the coronavirus as a lure | π
- Apr 07 - [Zscaler] New Ursnif Campaign: A Shift from PowerShell to Mshta | π
- Apr 07 - [BlackBerry] Decade of the RATs: Novel APT Attacks Targeting Linux, Windows and Android | π
- Mar 30 - [Alyac] The 'Spy Cloud' Operation: Geumseong121 group carries out the APT attack disguising the evidence of North Korean defection | π
- Mar 26 - [Kaspersky] iOS exploit chain deploys LightSpy feature-rich malware | π
- Mar 25 - [FireEye] This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits | π
- Mar 24 - [Kaspersky] WildPressure targets industrial-related entities in the Middle East | π
- Mar 24 - [Trend Micro] Operation Poisoned News: Hong Kong Users Targeted With Mobile Malware via Local News Links | π
- Mar 19 - [Trend Micro] Probing Pawn Storm : Cyberespionage Campaign Through Scanning, Credential Phishing and More | π
- Mar 15 - [MalwareBytes] APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT | π
- Mar 12 - [Checkpoint] Vicious Panda: The COVID Campaign | π
- Mar 12 - [SecPulse] Two-tailed scorpion APT-C-23 | π
- Mar 12 - [ESET] Tracking Turla: New backdoor delivered via Armenian watering holes | π
- Mar 11 - [Trend Micro] Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan | π
- Mar 10 - [Cybereason] WHO'S HACKING THE HACKERS: NO HONOR AMONG THIEVES | π
- Mar 05 - [Trend Micro] Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks | π
- Mar 05 - [ESET] Guildma: The Devil drives electric | π
- Mar 03 - [F5] New Perl Botnet (Tuyul) Found with Possible Indonesian Attribution | π
- Mar 03 - [Yoroi] The North Korean Kimsuky APT keeps threatening South Korea evolving its TTPs | π
- Mar 02 - [Telsy] APT34 (AKA OILRIG, AKA HELIX KITTEN) ATTACKS LEBANON GOVERNMENT ENTITIES WITH MAILDROPPER IMPLANTS | π
- Feb 28 - [Qianxin] Nortrom_Lion_APT | π
- Feb 25 - [Sophos] βCloud Snooperβ Attack Bypasses Firewall Security Measures | π
- Feb 22 - [Objective-See] Weaponizing a Lazarus Group Implant | π
- Feb 21 - [AhnLab] MyKings Botnet | π
- Feb 19 - [lexfo] The Lazarus Constellation | π
- Feb 18 - [Trend Micro] Operation DRBControl | π
- Feb 17 - [Yoroi] Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign | π
- Feb 17 - [Talent-Jump] CLAMBLING - A New Backdoor Base On Dropbox (EN) | π
- Feb 17 - [ClearSky] Fox Kitten Campaign | π
- Feb 13 - [Cybereason] NEW CYBER ESPIONAGE CAMPAIGNS TARGETING PALESTINIANS - PART 2: THE DISCOVERY OF THE NEW, MYSTERIOUS PIEROGI BACKDOOR | π
- Feb 10 - [Trend Micro] Outlaw Updates Kit to Kill Older Miner Versions, Targets More Systems | π
- Feb 03 - [PaloAlto Networks] Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations | π
- Jan XX - [IBM] New Destructive Wiper βZeroCleareβ Targets Energy Sector in the Middle East | π
- Jan 31 - [ESET] Winnti Group targeting universities in Hong Kong | π
- Jan 16 - [CISCO] JhoneRAT: Cloud based python RAT targeting Middle Eastern countries | π
- Jan 13 - [ShellsSystems] Reviving MuddyC3 Used by MuddyWater (IRAN) APT | π
- Jan 13 - [Lab52] APT27 ZxShell RootKit module updates | π
- Jan 09 - [Dragos] The State of Threats to Electric Entities in North America | π
- Jan 08 - [Kaspersky] Operation AppleJeus Sequel | π
- Jan 07 - [Recorded Future] Iranian Cyber Response to Death of IRGC Head Would Likely Use Reported TTPs and Previous Access | π
- Jan 07 - [NCA] Destructive Attack: DUSTMAN | π
- Jan 06 - [Trend Micro] First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group | π
- Jan 01 - [WeiXin] Pakistan Sidewinder APT Attack | π
- Dec 29 - [Dell] BRONZE PRESIDENT Targets NGOs | π
- Dec 26 - [Pedro Tavares] Targeting Portugal: A new trojan βLampionβ has spread using template emails from the Portuguese Government Finance & Tax | π
- Dec 19 - [FoxIT] Operation Wocao | π
- Dec 17 - [PaloAlto] Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia | π
- Dec 17 - [360] Dacls, the Dual platform RAT | π
- Dec 16 - [Sophos] MyKings: The Slow But Steady Growth of a Relentless Botnet | π
- Dec 12 - [Trend Micro] Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry | π
- Dec 12 - [Microsoft] GALLIUM: Targeting global telecom | π
- Dec 12 - [Recorded Future] Operation Gamework: Infrastructure Overlaps Found Between BlueAlpha and Iranian APTs | π
- Dec 11 - [Trend Micro] Waterbear is Back, Uses API Hooking to Evade Security Product Detection | π
- Dec 11 - [Cyberason] DROPPING ANCHOR: FROM A TRICKBOT INFECTION TO THE DISCOVERY OF THE ANCHOR MALWARE | π
- Dec 10 - [Sentinel] Anchor Project: The Deadly Planeswalker: How The TrickBot Group United High-Tech Crimeware & APT | π
- Dec 06 - [SCILabs] Cosmic Banker campaign is still active revealing link with Banload malware | π
- Dec 04 - [IBM] New Destructive Wiper βZeroCleareβ Targets Energy Sector in the Middle East | π
- Dec 04 - [Trend Micro] Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in βKurdishCoderβ Campaign | π
- Dec 03 - [NSHC] Threat Actor Targeting Hong Kong Pro-Democracy Figures | π
- Nov 29 - [Trend Micro] Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK | π
- Nov 28 - [Kaspersky] RevengeHotels: cybercrime targeting hotel front desks worldwide | π
- Nov 26 - [Microsoft] Insights from one year of tracking a polymorphic threat: Dexphot | π
- Nov 25 - [Positive] Studying Donot Team | π
- Nov 21 - [ESET] Registers as βDefault Print Monitorβ, but is a malicious downloader. Meet DePriMon | π
- Nov 20 - [360] Golden Eagle (APT-C-34) | π
- Nov 20 - [Trend Micro] Mac Backdoor Linked to Lazarus Targets Korean Users | π
- Nov 13 - [Trend Micro] More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting | π
- Nov 12 - [Marco Ramilli] TA-505 Cybercrime on System Integrator Companies | π
- Nov 08 - [Group-IB] Massive malicious campaign by FakeSecurity JS-sniffer | π
- Nov 08 - [Kapsersky] Titanium: the Platinum group strikes again | π
- Nov 05 - [Telsy] THE LAZARUSβ GAZE TO THE WORLD: WHAT IS BEHIND THE FIRST STONE ? | π
- Nov 04 - [Tencent] Higaisa APT | π
- Nov 04 - [Marcoramilli] Is Lazarus/APT38 Targeting Critical Infrastructures | π
- Nov 01 - [Kaspersky] Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium | π
- Oct 31 - [PTsecurity] Calypso APT: new group attacking state institutions | π
- Oct 31 - [Fireeye] MESSAGETAP: Whoβs Reading Your Text Messages? | π
- Oct 28 - [Marco Ramilli] SWEED Targeting Precision Engineering Companies in Italy | π
- Oct 21 - [ESET] Winnti Groupβs skipβ2.0: A Microsoft SQL Server backdoor | π
- Oct 21 - [VB] Geost botnet. The story of the discovery of a new Android banking trojan from an OpSec error | π
- Oct 17 - [ESET] Operation Ghost: The Dukes arenβt back β they never left | π
- Oct 15 - [Fireeye] LOWKEY: Hunting for the Missing Volume Serial ID | π
- Oct 14 - [Marco Ramilli] Is Emotet gang targeting companies with external SOC? | π
- Oct 14 - [Exatrack] From tweet to rootkit | π
- Oct 14 - [Crowdstrike] HUGE FAN OF YOUR WORK: TURBINE PANDA | π
- Oct 10 - [Fireeye] Mahalo FIN7: Responding to the Criminal Operatorsβ New Tools and Techniques | π
- Oct 10 - [ESET] CONNECTING THE DOTS Exposing the arsenal and methods of the Winnti Group | π
- Oct 10 - [ESET] Attor, a spy platform with curious GSM fingerprinting | π
- Oct 09 - [Trend Micro] FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops | π
- Oct 07 - [CERT-FR] Supply chain attacks: threats targeting service providers and design offices | π
- Oct 07 - [Clearsky] The Kittens Are Back in Town 2 β Charming Kitten Campaign Keeps Going on, Using New Impersonation Methods | π
- Oct 07 - [Anomali] China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations | π
- Oct 04 - [Avest] GEOST BOTNET. THE STORY OF THE DISCOVERY OF A NEW ANDROID BANKING TROJAN FROM AN OPSEC ERROR | π
- Oct 03 - [Palo Alto Networks] PKPLUG: Chinese Cyber Espionage Group Attacking Asia | π
- Oct 01 - [Netskope] New Adwind Campaign targets US Petroleum Industry | π
- Oct 01 - [Trend Micro] New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign | π
- Sep 30 - [Lastline] HELO Winnti: Attack or Scan? | π
- Sep 26 - [GBHackers] Chinese APT Hackers Attack Windows Users via FakeNarrator Malware to Implant PcShare Backdoor | π
- Sep 24 - [Telsy] DeadlyKiss APT | π
- Sep 24 - [CISCO] How Tortoiseshell created a fake veteran hiring website to host malware | π
- Sep 24 - [CheckPoint] Mapping the connections inside Russiaβs APT Ecosystem | π
- Sep 18 - [Symantec] Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks | π
- Sep 18 - [Trend Micro] Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites | π
- Sep 15 - [Clearsky] The Kittens Are Back in Town Charming Kitten Campaign Against Academic Researchers | π
- Sep 11 - [MeltX0R Security] RANCOR APT: Suspected targeted attacks against South East Asia | π
- Sep 09 - [Symantec] Thrip: Ambitious Attacks Against High Level Targets Continue | π
- Sep 06 - [MeltX0R Security] BITTER APT: Not So Sweet | π
- Sep 05 - [CheckPoint] UPSynergy: Chinese-American Spy vs. Spy Story | π
- Sep 04 - [Trend Micro] Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions | π
- Aug 31 - [StrangerealIntel] Malware analysis on Bitter APT campaign | π
- Aug 29 - [AhnLab] Tick Tock - Activities of the Tick Cyber Espionage Group in East Asia Over the Last 10 Years | π
- Aug 29 - [Trend Micro] βHeatstrokeβ Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information | π
- Aug 29 - [IBM] More_eggs, Anyone? Threat Actor ITG08 Strikes Again | π
- Aug 29 - [NSHC] SectorJ04 Groupβs Increased Activity in 2019 | π
- Aug 27 - [StrangerealIntel] Malware analysis about sample of APT Patchwork | π
- Aug 27 - [Dell] LYCEUM Takes Center Stage in Middle East Campaign | π
- Aug 27 - [CISCO] China Chopper still active 9 years later | π
- Aug 27 - [Trend Micro] TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy | π
- Aug 26 - [QianXin] APT-C-09 Reappeared as Conflict Intensified Between India and Pakistan | π
- Aug 22 - [PTsecurity] Operation TaskMasters: Cyberespionage in the digital economy age | π
- Aug 21 - [Fortinet] The Gamaredon Group: A TTP Profile Analysis | π
- Aug 21 - [Group-IB] Silence 2.0 | π
- Aug 20 - [StrangerealIntel] Malware analysis about unknown Chinese APT campaign | π
- Aug 14 - [ESET] In the Balkans, businesses are under fire from a doubleβbarreled weapon | π
- Aug 12 - [Kaspersky] Recent Cloud Atlas activity| π
- Aug 08 - [Anomali] Suspected BITTER APT Continues Targeting Government of China and Chinese Organizations | π
- Aug 07 - [FireEye] APT41: A Dual Espionage and Cyber Crime Operation | π
- Aug 05 - [Trend Micro] Latest Trickbot Campaign Delivered via Highly Obfuscated JS File | π
- Aug 05 - [ESET] Sharpening the Machete | π
- Aug 01 - [Anity] Analysis of the Attack of Mobile Devices by OceanLotus | π
- Jul 24 - [Dell] Resurgent Iron Liberty Targeting Energy Sector | π
- Jul 24 - [] Attacking the Heart of the German Industry | π
- Jul 24 - [Proofpoint] Chinese APT βOperation LagTime ITβ Targets Government Information Technology Agencies in Eastern Asia | π
- Jul 18 - [FireEye] Hard Pass: Declining APT34βs Invite to Join Their Professional Network | π
- Jul 18 - [Trend Micro] Spam Campaign Targets Colombian Entities with Custom-made βProyecto RAT,β Uses Email Service YOPmail for C&C | π
- Jul 18 - [ESET] OKRUM AND KETRICAN: AN OVERVIEW OF RECENT KE3CHANG GROUP ACTIVITY | π
- Jul 17 - [AT&T] Newly identified StrongPity operations | π
- Jul 17 - [Intezer] EvilGnome: Rare Malware Spying on Linux Desktop Users | π
- Jul 16 - [Trend Micro] SLUB Gets Rid of GitHub, Intensifies Slack Use | π
- Jul 15 - [CISCO] SWEED: Exposing years of Agent Tesla campaigns | π
- Jul 11 - [ESET] Buhtrap group uses zeroβday in latest espionage campaigns | π
- Jul 09 - [CISCO] Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques | π
- Jul 04 - [Kaspersky] Twas the night before | π
- Jul 04 - [Trend Micro] Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi | π
- Jul 03 - [Anomali] Multiple Chinese Threat Groups Exploiting CVE-2018-0798 Equation Editor Vulnerability Since Late 2018 | π
- Jul 01 - [Check Point] Operation Tripoli | π
- Jul 01 - [Cylance] Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus | π
- Jun 27 - [Trend Micro] ShadowGate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit | π
- Jun 26 - [Recorded Future] Iranian Threat Actor Amasses Large Cyber Operations Infrastructure Network to Target Saudi Organizations | π
- Jun 25 - [QianXin] Analysis of MuddyC3, a New Weapon Used by MuddyWater | π
- Jun 25 - [Cybereason] OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS | π
- Jun 21 - [Symantec] Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments | π
- Jun 20 - [QianXin] New Approaches Utilized by OceanLotus to Target An Environmental Group in Vietnam | π
- Jun 12 - [ThaiCERT] Threat Group Cards: A Threat Actor Encyclopedia | π
- Jun 11 - [Recorded Future] The Discovery of Fishwrap: A New Social Media Information Operation Methodology | π
- Jun 10 - [BlackBerry] Threat Spotlight: MenuPass/QuasarRAT Backdoor | π
- Jun 10 - [Trend Micro] MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools | π
- Jun 05 - [Agari] Scattered Canary The Evolution and Inner Workings of a West African Cybercriminal Startup Turned BEC Enterprise | π
- Jun 04 - [Bitdefender] An APT Blueprint: Gaining New Visibility into Financial Threats | π
- Jun 03 - [Kaspersky] Zebrocyβs Multilanguage Malware Salad | π
- May 30 - [CISCO] 10 years of virtual dynamite: A high-level retrospective of ATM malware | π
- May 29 - [ESET] A dive into Turla PowerShell usage | π
- May 29 - [Yoroi] TA505 is Expanding its Operations | π
- May 28 - [Palo Alto Networks] Emissary Panda Attacks Middle East Government Sharepoint Servers | π
- May 27 - [360] APT-C-38 | π
- May 24 - [ENSILO] UNCOVERING NEW ACTIVITY BY APT10 | π
- May 22 - [ESET] A journey to Zebrocy land | π
- May 19 - [Intezer] HiddenWasp Malware Stings Targeted Linux Systems | π
- May 18 - [ADLab] Operation_BlackLion | π
- May 15 - [Chronicle] Winnti: More than just Windows and Gates | π
- May 13 - [Kaspersky] ScarCruft continues to evolve, introduces Bluetooth harvester | π
- May 11 - [Sebdraven] Chinese Actor APT target Ministry of Justice Vietnamese | π
- May 09 - [Clearsky] Iranian Nation-State APT Groups β βBlack Boxβ Leak | π
- May 08 - [Kaspersky] FIN7.5: the infamous cybercrime rig βFIN7β continues its activities | π
- May 08 - [QianXin] OceanLotusβ Attacks to Indochinese Peninsula: Evolution of Targets, Techniques and Procedure | π
- May 07 - [Yoroi] ATMitch: New Evidence Spotted In The Wild | π
- May 07 - [ESET] Turla LightNeuron: An email too far | π
- May 07 - [Symantec] Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak | π
- May 03 - [Kaspersky] Whoβs who in the Zoo Cyberespionage operation targets Android users in the Middle East | π
- Apr 30 - [ThreatRecon] SectorB06 using Mongolian language in lure document | π
- Apr 24 - [CyberInt] legit remote admin tools turn into threat actors' tools | π
- Apr 23 - [Kaspersky] Operation ShadowHammer: a high-profile supply chain attack | π
- Apr 22 - [CheckPoint] FINTEAM: Trojanized TeamViewer Against Government Targets | π
- Apr 19 - [MalwareBytes] βFunky malware formatβ found in Ocean Lotus sample | π
- Apr 17 - [Palo Alto Networks] Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign | π
- Apr 17 - [CISCO] DNS Hijacking Abuses Trust In Core Internet Service | π
- Apr 10 - [CheckPoint] The Muddy Waters of APT Attacks | π
- Apr 10 - [Kaspersky] Project TajMahal β a sophisticated new APT framework | π
- Apr 10 - [Kaspersky] Gaza Cybergang Group1, operation SneakyPastes | π
- Apr 02 - [Cylance] OceanLotus Steganography | π
- Mar 28 - [Trend Micro] Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole | π
- Mar 28 - [C4ADS] Above Us Only Stars: Exposing GPS Spoofing in Russia and Syria | π
- Mar 28 - [ThreatRecon] Threat Actor Group using UAC Bypass Module to run BAT File | π
- Mar 27 - [Symantec] Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. | π
- Mar 25 - [Kaspersky] Operation ShadowHammer | π
- Mar 22 - [Netscout] LUCKY ELEPHANT CAMPAIGN MASQUERADING | π
- Mar 13 - [CISCO] GlitchPOS: New PoS malware for sale | π
- Mar 13 - [FlashPoint] βDMSniffβ POS Malware Actively Leveraged to Target Small-, Medium-Sized Businesses | π
- Mar 13 - [CheckPoint] Operation Sheep: Pilfer-Analytics SDK in Action | π
- Mar 12 - [Pala Alto Network] Operation Comando: How to Run a Cheap and Effective Credit Card Business | π
- Mar 11 - [ESET] Gaming industry still in the scope of attackers in Asia | π
- Mar 08 - [Resecurity] Supply Chain β The Major Target of Cyberespionage Groups | π
- Mar 07 - [Trend Micro] New SLUB Backdoor Uses GitHub, Communicates via Slack | π
- Mar 06 - [Cybaze-Yoroi Z-LAB] Operation Pistacchietto | π
- Mar 06 - [NTT] Targeted attack using Taidoor Analysis report | π
- Mar 06 - [Symantec] Whitefly: Espionage Group has Singapore in Its Sights | π
- Mar 04 - [FireEye] APT40: Examining a China-Nexus Espionage Actor | π
- Feb 28 - [Marco Ramilli] Ransomware, Trojan and Miner together against βPIK-Groupβ | π
- Feb 27 - [Dell] A Peek into BRONZE UNIONβs Toolbox | π
- Feb 26 - [Cybaze-Yoroi Z-LAB] The Arsenal Behind the Australian Parliament Hack | π
- Feb 25 - [CarbonBlack] Defeating Compiler Level Obfuscations Used in APT10 Malware | π
- Feb 20 - [SecureSoft] IT IS IDENTIFIED ATTACKS OF THE CIBERCRIMINAL LAZARUS GROUP DIRECTED TO ORGANIZATIONS IN RUSSIA | π
- Feb 18 - [360] APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations | π
- Feb 14 - [360] Suspected Molerats' New Attack in the Middle East | π
- Feb 06 - [Recorded Future] APT10 Targeted Norwegian MSP and US Companies in Sustained Campaign | π
- Feb 05 - [Anomali] Analyzing Digital Quartermasters in Asia β Do Chinese and Indian APTs Have a Shared Supply Chain? | π
- Feb 01 - [Palo Alto Networks] Tracking OceanLotusβ new Downloader, KerrDown | π
- Jan 30 - [Kaspersky] Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities | π
- Jan 30 - [NSHC] The Double Life of SectorA05 Nesting in Agora (Operation Kitty Phishing | π
- Jan 30 - [Morphisec] NEW CAMPAIGN DELIVERS ORCUS RAT | π
- Jan 25 - [LAB52] WIRTE Group attacking the Middle East | π
- Jan 24 - [Carbon Black] GandCrab and Ursnif Campaign | π
- Jan 18 - [Palo Alto Networks] DarkHydrus delivers new Trojan that can use Google Drive for C2 communications | π
- Jan 17 - [Palo Alto Networks] Malware Used by βRockeβ Group Evolves to Evade Detection by Cloud Security Products | π
- Jan 16 - [360] Latest Target Attack of DarkHydruns Group Against Middle East | π
- Dec 28 - [Medium] Goblin Panda changes the dropper and reuses the old infrastructure | π
- Dec 27 - [Cybaze-Yoroi Z-LAB] The Enigmatic βRoma225β Campaign | π
- Dec 20 - [Objective-See] Middle East Cyber-Espionage: analyzing WindShift's implant: OSX.WindTail| π
- Dec 18 - [Trend Micro] URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader | π
- Dec 13 - [Certfa] The Return of The Charming Kitten | π
- Dec 13 - [Trend Micro] Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokersβ Leak | π
- Dec 13 - [Palo Alto Networks] Shamoon 3 Targets Oil and Gas Organization | π
- Dec 12 - [McAfee] βOperation Sharpshooterβ Targets Global Defense, Critical Infrastructure | π
- Dec 12 - [360] Donot (APT-C-35) Group Is Targeting Pakistani Businessman Working In China | π
- Dec 11 - [Cylance] Poking the Bear: Three-Year Campaign Targets Russian Critical Infrastructure | π
- Nov ?? - [Google] The Hunt for 3ve | π
- Nov 30 - [Trend Micro] New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools | π
- Nov 29 - [360] Analysis Of Targeted Attack Against Pakistan By Exploiting InPage Vulnerability And Related APT Groups | π
- Nov 28 - [Microsoft] Windows Defender ATP device risk score exposes new cyberattack, drives Conditional access to protect networks | π
- Nov 28 - [Clearsky] MuddyWater Operations in Lebanon and Oman | π
- Nov 27 - [CISCO] DNSpionage Campaign Targets Middle East | π
- Nov 20 - [Trend Micro] Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America | π
- Nov 19 - [FireEye] Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign | π
- Nov 13 - [Recorded Future] Chinese Threat Actor TEMP.Periscope Targets UK-Based Engineering Company Using Russian APT Techniques | π
- Nov 08 - [Symantec] FASTCash: How the Lazarus Group is Emptying Millions from ATMs | π
- Nov 05 - [Palo Alto Networks] Inception Attackers Target Europe with Year-old Office Vulnerability | π
- Nov 01 - [Trend Micro] Outlaw group: Perl-Based Shellbot Looks to Target Organizations via C&C | π
- Oct 19 - [Kaspersky] DarkPulsar | π
- Oct 18 - [Medium] APT Sidewinder changes theirs TTPs to install their backdoor | π
- Oct 18 - [CISCO] Tracking Tick Through Recent Campaigns Targeting East Asia | π
- Oct 18 - [McAfee] Operation Oceansalt Attacks South Korea, U.S. and Canada with Source Code from Chinese Hacker Group | π
- Oct 17 - [Marco Ramilli] MartyMcFly Malware: Targeting Naval Industry | π
- Oct 17 - [Cylance] The SpyRATs of OceanLotus: Malware Analysis White Paper | π
- Oct 17 - [ESET] GreyEnergy: Updated arsenal of one of the most dangerous threat actors | π
- Oct 17 - [Yoroi] Cyber-Espionage Campaign Targeting the Naval Industry (βMartyMcFlyβ) | π
- Oct 15 - [Kaspersky] Octopus-infested seas of Central Asia | π
- Oct 11 - [Symantec] Gallmaker: New Attack Group Eschews Malware to Live off the Land | π
- Oct 10 - [Kaspersky] MuddyWater expands operations | π
- Oct 03 - [FireEye] APT38: Details on New North Korean Regime-Backed Threat Group | π
- Sep 27 - [ESET] LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group | π
- Sep 20 - [360] (Non-English) (CN) PoisonVine | π
- Sep 19 - [Antiy] (Non-English) (CN) Green Spot APT | π
- Sep 13 - [FireEye] APT10 Targeting Japanese Corporations Using Updated TTPs | π
- Sep 10 - [Kaspersky] LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company | π
- Sep 07 - [Volon] Targeted Attack on Indian Ministry of External Affairs using Crimson RAT | π
- Sep 07 - [CheckPoint] Domestic Kitten: An Iranian Surveillance Operation | π
- Sep 07 - [Medium] Goblin Panda targets Cambodia sharing capacities with another Chinese group hackers Temp Periscope | π
- Sep 04 - [Palo Alto Networks] OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE | π
- Sep 04 - [Group-IB] Silence: Moving into the darkside | π
- Aug 30 - [MalwareBytes] Reversing malware in a custom format: Hidden Bee elements | π
- Aug 30 - [CrowdStrike] Two Birds, One STONE PANDA | π
- Aug 30 - [Arbor] Double the Infection, Double the Fun | π
- Aug 30 - [Dark Matter] COMMSEC: The Trails of WINDSHIFT APT | π
- Aug 29 - [Trend Micro] The Urpage Connection to Bahamut, Confucius and Patchwork | π
- Aug 28 - [CheckPoint] CeidPageLock: A Chinese RootKit | π
- Aug 23 - [Kaspersky] Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware | π
- Aug 21 - [ESET] TURLA OUTLOOK BACKDOOR | π
- Aug 21 - [Trend Micro] Supply Chain Attack Operation Red Signature Targets South Korean Organizations | π
- Aug 16 - [Recorded Future] Chinese Cyberespionage Originating From Tsinghua University Infrastructure | π
- Aug 09 - [McAfee] Examining Code Reuse Reveals Undiscovered Links Among North Koreaβs Malware Families | π
- Aug 02 - [Accenture] Goldfin Security Alert | π
- Aug 02 - [Palo Alto Networks] The Gorgon Group: Slithering Between Nation State and Cybercrime | π
- Aug 02 - [Medium] Goblin Panda against the Bears | π
- Aug 01 - [Medium] Malicious document targets Vietnamese officials | π
- Jul 31 - [Palo Alto Networks] Bisonal Malware Used in Attacks Against Russia and South Korea | π
- Jul 31 - [Medium] Malicious document targets Vietnamese officials | π
- Jul 27 - [Palo Alto Networks] New Threat Actor Group DarkHydrus Targets Middle East Government | π
- Jul 23 - [CSE] APT27: A long-term espionage campaign in Syria | π
- Jul 16 - [Trend Micro] New Andariel Reconnaissance Tactics Hint At Next Targets | π
- Jul 13 - [CSE] Operation Roman Holiday β Hunting the Russian APT28 group | π
- Jul 12 - [CISCO] Advanced Mobile Malware Campaign in India uses Malicious MDM | π
- Jul 09 - [ESET] Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign | π
- Jul 08 - [CheckPoint] APT Attack In the Middle East: The Big Bang | π
- Jul 08 - [Fortinet] Hussarini β Targeted Cyber Attack in the Philippines | π
- Jun XX - [Ahnlab] Operation Red Gambler | π
- Jun 26 - [Palo Alto Networks] RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families | π
- Jun 23 - [Ahnlab] Full Discloser of Andariel,A Subgroup of Lazarus Threat Group | π
- Jun 22 - [Palo Alto networks] Tick Group Weaponized Secure USB Drives to Target Air-Gapped Critical Systems | π
- Jun 20 - [Symantec] Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies | π
- Jun 19 - [Kaspersky] Olympic Destroyer is still alive | π
- Jun 15 - [CrowdStrike] Meet CrowdStrikeβs Adversary of the Month for June: MUSTANG PANDA | π
- Jun 14 - [Trend Micro] Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor | π
- Jun 14 - [intezer] MirageFox: APT15 Resurfaces With New Tools Based On Old Ones | π
- Jun 13 - [Kaspersky] LuckyMouse hits national data center to organize country-level waterholing campaign | π
- Jun 07 - [Volexity] Patchwork APT Group Targets US Think Tanks | π
- Jun 07 - [ICEBRG] ADOBE FLASH ZERO-DAY LEVERAGED FOR TARGETED ATTACK IN MIDDLE EAST | π
- Jun 07 - [FireEye] A Totally Tubular Treatise on TRITON and TriStation | π
- Jun 06 - [CISCO] VPNFilter Update - VPNFilter exploits endpoints, targets new devices | π
- Jun 06 - [GuardiCore] OPERATION PROWLI: MONETIZING 40,000 VICTIM MACHINES | π
- Jun 06 - [Palo Alto Networks] Sofacy Groupβs Parallel Attacks | π
- May 31 - [CISCO] NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea | π
- May 29 - [intezer] Iron Cybercrime Group Under The Scope | π
- May 23 - [CISCO] New VPNFilter malware targets at least 500K networking devices worldwide | π
- May 23 - [Ahnlab] Andariel Group Trend Report | π
- May 23 - [Trend Micro] Confucius Update: New Tools and Techniques, Further Connections with Patchwork | π
- May 22 - [Intrusiontruth] The destruction of APT3 | π
- May 22 - [ESET] Turla Mosquito: A shift towards more generic tools | π
- May 09 - [Recorded Future] Iranβs Hacker Hierarchy Exposed | π
- May 09 - [360] Analysis of CVE-2018-8174 VBScript 0day and APT actor related to Office targeted attack | π
- May 03 - [ProtectWise] Burning Umbrella | π
- May 03 - [Kaspersky] Whoβs who in the Zoo: Cyberespionage operation targets Android users in the Middle East | π
- May 03 - [Ahnlab] Detailed Analysis of Red Eyes Hacking Group | π
- Apr 27 - [Tencent] OceanLotus new malware analysis | π
- Apr 26 - [CISCO] GravityRAT - The Two-Year Evolution Of An APT Targeting India | π
- Apr 24 - [FireEye] Metamorfo Campaigns Targeting Brazilian Users | π
- Apr 24 - [McAfee] Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide | π
- Apr 24 - [ESET] Sednit update: Analysis of Zebrocy | π
- Apr 23 - [Accenture] HOGFISH REDLEAVES CAMPAIGN | π
- Apr 23 - [Symantec] New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia | π
- Apr 23 - [Kaspersky] Energetic Bear/Crouching Yeti: attacks on servers | π
- Apr 17 - [NCCGroup] Decoding network data from a Gh0st RAT variant | π
- Apr 12 - [Kaspersky] Operation Parliament, who is doing what? | π
- Apr 04 - [Trend Micro] New MacOS Backdoor Linked to OceanLotus Found | π
- Mar 29 - [Trend Micro] ChessMaster Adds Updated Tools to Its Arsenal | π
- Mar 27 - [Arbor] Panda Banker Zeros in on Japanese Targets | π
- Mar 23 - [Ahnlab] Targeted Attacks on South Korean Organizations | π
- Mar 15 - [US-CERT] Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors | π
- Mar 14 - [Symantec] Inception Framework: Alive and Well, and Hiding Behind Proxies | π
- Mar 14 - [Trend Micro] Tropic Trooperβs New Strategy | π
- Mar 13 - [FireEye] Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign | π
- Mar 13 - [Kaspersky] Time of death? A therapeutic postmortem of connected medicine | π
- Mar 13 - [Proofpoint] Drive-by as a service: BlackTDS | π
- Mar 13 - [ESET] OceanLotus: Old techniques, new backdoor | π
- Mar 12 - [Trend Micro] Campaign Possibly Connected to βMuddyWaterβ Surfaces in the Middle East and Central Asia | π
- Mar 09 - [CitizenLab] BAD TRAFFIC Sandvineβs PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads? | π
- Mar 09 - [Kaspersky] Masha and these Bears 2018 Sofacy Activity | π
- Mar 09 - [NCC] APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS | π
- Mar 09 - [ESET] New traces of Hacking Team in the wild | π
- Mar 08 - [McAfee] Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant | π
- Mar 08 - [Kaspersky] OlympicDestroyer is here to trick the industry | π
- Mar 08 - [Arbor] Donot Team Leverages New Modular Malware Framework in South Asia | π
- Mar 08 - [Crysys] Territorial Dispute β NSAβs perspective on APT landscape | π
- Mar 07 - [Palo Alto Networks] Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent | π
- Mar 06 - [Kaspersky] The Slingshot APT | π
- Mar 05 - [Palo Alto Networks] Sure, Iβll take that! New ComboJack Malware Alters Clipboards to Steal Cryptocurrency | π
- Mar 02 - [McAfee] McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups | π
- Mar 01 - [Security 0wnage] A Quick Dip into MuddyWater's Recent Activity | π
- Feb 28 - [Palo Alto Networks] Sofacy Attacks Multiple Government Entities | π
- Feb 28 - [Symantec] Chafer: Latest Attacks Reveal Heightened Ambitions | π
- Feb 21 - [Avast] Avast tracks down Tempting Cedar Spyware | π
- Feb 20 - [Arbor] Musical Chairs Playing Tetris | π
- Feb 20 - [Kaspersky] A Slice of 2017 Sofacy Activity | π
- Feb 20 - [FireEye] APT37 (Reaper): The Overlooked North Korean Actor | π
- Feb 13 - [Trend Micro] Deciphering Confuciusβ Cyberespionage Operations | π
- Feb 13 - [RSA] Lotus Blossom Continues ASEAN Targeting | π
- Feb 07 - [CISCO] Targeted Attacks In The Middle East | π
- Feb 02 - [McAfee] Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victimsβ Systems | π
- Jan 30 - [Palo Alto Networks] Comnie Continues to Target Organizations in East Asia | π
- Jan 30 - [RSA] APT32 Continues ASEAN Targeting | π
- Jan 29 - [Trend Micro] Hacking Group Spies on Android Users in India Using PoriewSpy | π
- Jan 29 - [Palo Alto Networks] VERMIN: Quasar RAT and Custom Malware Used In Ukraine | π
- Jan 27 - [Accenture] DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERSβ MEETING AND ASSOCIATES | π
- Jan 26 - [Palo Alto Networks] The TopHat Campaign: Attacks Within The Middle East Region Using Popular Third-Party Services | π
- Jan 25 - [Palo Alto Networks] OilRig uses RGDoor IIS Backdoor on Targets in the Middle East | π
- Jan 24 - [Trend Micro] Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More | π
- Jan 18 - [NCSC] Turla group update Neuron malware | π
- Jan 17 - [Lookout] Dark Caracal | π
- Jan 16 - [Kaspersky] Skygofree: Following in the footsteps of HackingTeam | π
- Jan 16 - [Recorded Future] North Korea Targeted South Korean Cryptocurrency Users and Exchange in Late 2017 Campaign | π
- Jan 16 - [CISCO] Korea In The Crosshairs | π
- Jan 15 - [Trend Micro] New KillDisk Variant Hits Financial Organizations in Latin America | π
- Jan 12 - [Trend Micro] Update on Pawn Storm: New Targets and Politically Motivated Campaigns | π
- Jan 11 - [McAfee] North Korean Defectors and Journalists Targeted Using Social Networks and KakaoTalk | π
- Jan 09 - [ESET] Diplomats in Eastern Europe bitten by a Turla mosquito | π
- Jan 06 - [McAfee] Malicious Document Targets Pyeongchang Olympics | π
- Jan 04 - [Carnegie] Iranβs Cyber Threat: Espionage, Sabotage, and Revenge | π
- Dec 19 - [Proofpoint] North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group | π
- Dec 17 - [McAfee] Operation Dragonfly Analysis Suggests Links to Earlier Attacks | π
- Dec 14 - [FireEye] Attackers Deploy New ICS Attack Framework βTRITONβ and Cause Operational Disruption to Critical Infrastructure | π
- Dec 11 - [Group-IB] MoneyTaker, revealed after 1.5 years of silent operations. | π
- Dec 11 - [Trend Micro] Untangling the Patchwork Cyberespionage Group | π
- Dec 07 - [FireEye] New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit | π
- Dec 05 - [ClearSky] Charming Kitten: Iranian Cyber Espionage Against Human Rights Activists, Academic Researchers and Media Outlets β And the HBO Hacker Connection | π
- Dec 04 - [RSA] The Shadows of Ghosts: Inside the Response of a Unique Carbanak Intrusion | π
- Nov 22 - [REAQTA] A dive into MuddyWater APT targeting Middle-East | π
- Nov 14 - [Palo Alto Networks] Muddying the Water: Targeted Attacks in the Middle East | π
- Nov 10 - [Palo Alto Networks] New Malware with Ties to SunOrcal Discovered | π
- Nov 07 - [McAfee] Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack | π
- Nov 07 - [Symantec] Sowbug: Cyber espionage group targets South American and Southeast Asian governments | π
- Nov 06 - [Trend Micro] ChessMasterβs New Strategy: Evolving Tools and Tactics | π
- Nov 06 - [Volexity] OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society | π
- Nov 02 - [Palo Alto Networks] Recent InPage Exploits Lead to Multiple Malware Families | π
- Nov 02 - [PwC] The KeyBoys are back in town | π
- Nov 02 - [Clearsky] LeetMX β a Yearlong Cyber-Attack Campaign Against Targets in Latin America | π
- Nov 02 - [RISKIQ] New Insights into Energetic Bearβs Watering Hole Attacks on Turkish Critical Infrastructure | π
- Oct 31 - [Cybereason] Night of the Devil: Ransomware or wiper? A look into targeted attacks in Japan using MBR-ONI | π
- Oct 30 - [Kaspersky] Gaza Cybergang β updated activity in 2017 | π
- Oct 27 - [Bellingcat] Bahamut Revisited, More Cyber Espionage in the Middle East and South Asia | π
- Oct 24 - [ClearSky] Iranian Threat Agent Greenbug Impersonates Israeli High-Tech and Cyber Security Companies | π
- Oct 19 - [Bitdefender] Operation PZCHAO | π
- Oct 16 - [BAE Systems] Taiwan Heist: Lazarus Tools And Ransomware | π
- Oct 16 - [Kaspersky] BlackOasis APT and new targeted attacks leveraging zero-day exploit | π
- OCt 16 - [Proofpoint] Leviathan: Espionage actor spearphishes maritime and defense targets | π
- Oct 12 - [Dell] BRONZE BUTLER Targets Japanese Enterprises | π
- Oct 10 - [Trustwave] Post Soviet Bank Heists | π
- Oct 02 - [intezer] Evidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers | π
- Sep XX - [MITRE] APT3 Adversary Emulation Plan | π
- Sep 28 - [Palo Alto Networks] Threat Actors Target Government of Belarus Using CMSTAR Trojan | π
- Sep 20 - [intezer] Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner | π
- Sep 20 - [FireEye] Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware | π
- Sep 20 - [CISCO] CCleaner Command and Control Causes Concern | π
- Sep 18 - [CISCO] CCleanup: A Vast Number of Machines at Risk | π
- Sep 18 - [Kaspersky] An (un)documented Word feature abused by attackers| π
- Sep 12 - [FireEye] FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY | π
- Sep 06 - [Symantec] Dragonfly: Western energy sector targeted by sophisticated attack group | π
- Sep 06 - [Treadstone 71] Intelligence Games in the Power Grid | π
- Aug 30 - [ESET] Gazing at Gazer: Turlaβs new second stage backdoor | π
- Aug 30 - [Kaspersky] Introducing WhiteBear | π
- Aug 25 - [Proofpoint] Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures | π
- Aug 18 - [RSA] Russian Bank Offices Hit with Broad Phishing Wave | π
- Aug 17 - [Proofpoint] Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack | π
- Aug 15 - [Palo Alto Networks] The Curious Case of Notepad and Chthonic: Exposing a Malicious Infrastructure | π
- Aug 11 - [FireEye] APT28 Targets Hospitality Sector, Presents Threat to Travelers | π
- Aug 08 - [Kaspersky] APT Trends report Q2 2017 | π
- Aug 01 - [Positive Research] Cobalt strikes back: an evolving multinational threat to finance | π
- Jul 27 - [Trend Micro] ChessMaster Makes its Move: A Look into the Campaignβs Cyberespionage Arsenal | π
- Jul 27 - [Palo Alto Networks] OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group | π
- Jul 27 - [Clearsky, Trend Micro] Operation Wilted Tulip | π
- Jul 24 - [Palo Alto Networks] βTickβ Group Continues Attacks | π
- Jul 18 - [Clearsky] Recent Winnti Infrastructure and Samples | π
- Jul 18 - [Bitdefender] Inexsmar: An unusual DarkHotel campaign | π
- Jul 11 - [ProtectWise] Winnti Evolution - Going Open Source | π
- Jul 10 - [Trend Micro] OSX Malware Linked to Operation Emmental Hijacks User Network Traffic | π
- Jul 06 - [Malware Party] Operation Desert Eagle | π
- Jul 05 - [Citizen Lab] Insider Information: An intrusion campaign targeting Chinese language news sites | π
- Jun 30 - [ESET] TeleBots are back: supply-chain attacks against Ukraine | π
- Jun 30 - [Kaspersky] From BlackEnergy to ExPetr | π
- Jun 26 - [Dell] Threat Group-4127 Targets Google Accounts | π
- Jun 22 - [Palo Alto Networks] The New and Improved macOS Backdoor from OceanLotus | π
- Jun 22 - [Trend Micro] Following the Trail of BlackTechβs Cyber Espionage Campaigns | π
- Jun 19 - [root9B] SHELLTEA + POSLURP MALWARE: memory resident point-of-sale malware attacks industry | π
- Jun 18 - [Palo Alto Networks] APT3 Uncovered: The code evolution of Pirpi | π
- Jun 15 - [Recorded Future] North Korea Is Not Crazy | π
- Jun 14 - [ThreatConnect] KASPERAGENT Malware Campaign resurfaces in the run up to May Palestinian Authority Elections | π
- Jun 13 - [US-CERT] HIDDEN COBRA β North Koreaβs DDoS Botnet Infrastructure | π
- Jun 12 - [Dragos] CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations | π
- Jun 12 - [ESET] WIN32/INDUSTROYER A new threat for industrial control systems | π
- May 30 - [Group-IB] Lazarus Arisen: Architecture, Techniques and Attribution | π
- May 24 - [Cybereason] OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP | π
- May 14 - [FireEye] Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations | π
- May 03 - [Palo Alto Networks] Kazuar: Multiplatform Espionage Backdoor with API Access | π
- May 03 - [CISCO] KONNI: A Malware Under The Radar For Years | π
- Apr 27 - [Morphisec] Iranian Fileless Attack Infiltrates Israeli Organizations | π
- Apr 13 - [F-SECURE] Callisto Group | π
- Apr 11 - [Kaspersky] Unraveling the Lamberts Toolkit | π
- Apr 10 - [Symantec] Longhorn: Tools used by cyberespionage group linked to Vault 7 | π
- Apr 06 - [PwC] Operation Cloud Hopper | π
- Apr 05 - [Palo Alto Networks, Clearsky] Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA | π
- Mar 15 - [JPCERT] FHAPPI Campaign | π
- Mar 14 - [Clearsky] Operation Electric Powder β Who is targeting Israel Electric Company? | π
- Mar 08 - [Netskope] Targeted Attack Campaigns with Multi-Variate Malware Observed in the Cloud | π
- Mar 06 - [Kaspersky] From Shamoon to StoneDrill | π
- Feb 28 - [IBM] Dridexβs Cold War: Enter AtomBombing | π
- Feb 27 - [Palo Alto Networks] The Gamaredon Group Toolset Evolution | π
- Feb 23 - [Bitdefender] Dissecting the APT28 Mac OS X Payload | π
- Feb 22 - [FireEye] Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government | π
- Feb 21 - [Arbor] Additional Insights on Shamoon2 | π
- Feb 20 - [BAE Systems] azarus' False Flag Malware | π
- Feb 17 - [JPCERT] ChChes - Malware that Communicates with C&C Servers Using Cookie Headers | π
- Feb 16 - [BadCyber] Technical analysis of recent attacks against Polish banks | π
- Feb 15 - [Morphick] Deep Dive On The DragonOK Rambo Backdoor | π
- Feb 15 - [IBM] The Full Shamoon: How the Devastating Malware Was Inserted Into Networks | π
- Feb 15 - [Dell] Iranian PupyRAT Bites Middle Eastern Organizations | π
- Feb 15 - [Palo Alto Networks] Magic Hound Campaign Attacks Saudi Targets | π
- Feb 14 - [Medium] Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal | π
- Feb 12 - [BAE Systems] Lazarus & Watering-Hole Attacks | π
- Feb 10 - [Cysinfo] Cyber Attack Targeting Indian Navy's Submarine And Warship Manufacturer | π
- Feb 10 - [DHS] Enhanced Analysis of GRIZZLY STEPPE Activity | π
- Feb 03 - [RSA] KingSlayer A Supply chain attack | π
- Feb 03 - [BadCyber] Several Polish banks hacked, information stolen by unknown attackers | π
- Feb 02 - [Proofpoint] Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX | π
- Jan 30 - [Palo Alto Networks] Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments | π
- Jan 25 - [Microsoft] Detecting threat actors in recent German industrial attacks with Windows Defender ATP | π
- Jan 19 - [Cysinfo] URI Terror Attack & Kashmir Protest Themed Spear Phishing Emails Targeting Indian Embassies And Indian Ministry Of External Affairs | π
- Jan 18 - [Trustwave] Operation Grand Mars: Defending Against Carbanak Cyber Attacks | π
- Jan 15 - [tr1adx] Bear Spotting Vol. 1: Russian Nation State Targeting of Government and Military Interests | π
- Jan 12 - [Kaspersky] The βEyePyramidβ attacks | π
- Jan 11 - [FireEye] APT28: AT THE CENTER OF THE STORM | π
- Jan 09 - [Palo Alto Networks] Second Wave of Shamoon 2 Attacks Identified | π
- Jan 05 - [Clearsky] Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford | π
- Dec 15 - [Microsoft] PROMETHIUM and NEODYMIUM APT groups on Turkish citizens living in Turkey and various other European countries. | π
- Dec 13 - [ESET] The rise of TeleBots: Analyzing disruptive KillDisk attacks | π
- Nov 30 - [Cysinfo] MALWARE ACTORS USING NIC CYBER SECURITY THEMED SPEAR PHISHING TO TARGET INDIAN GOVERNMENT ORGANIZATIONS | π
- Nov 22 - [Palo Alto Networks] Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy | π
- Nov 09 - [Fidelis] Down the H-W0rm Hole with Houdini's RAT | π
- Nov 03 - [Booz Allen] When The Lights Went Out: Ukraine Cybersecurity Threat Briefing | π
- Oct 31 - [Palo Alto Networks] Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve? | π
- Oct 27 - [ESET] En Route with Sednit Part 3: A Mysterious Downloader | π
- Oct 27 - [Trend Micro] BLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List | π
- Oct 26 - [Vectra Networks] Moonlight β Targeted attacks in the Middle East | π
- Oct 25 - [Palo Alto Networks] Houdiniβs Magic Reappearance | π
- Oct 25 - [ESET] En Route with Sednit Part 2: Lifting the lid on Sednit: A closer look at the software it uses | π
- Oct 20 - [ESET] En Route with Sednit Part 1: Approaching the Target | π
- Oct 17 - [ThreatConnect] ThreatConnect identifies Chinese targeting of two companies. Economic espionage or military intelligence? | π
- Oct 05 - [Kaspersky] Wave your false flags | π
- Oct 03 - [Kaspersky] On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users | π
- Sep 29 - [NATO CCD COE] China and Cyber: Attitudes, Strategies, Organisation | π
- Sep 28 - [Palo Alto Networks] Confucius Saysβ¦Malware Families Get Further By Abusing Legitimate Websites | π
- Sep 28 - [ThreatConnect] Belling the BEAR: russia-hacks-bellingcat-mh17-investigation | π
- Sep 26 - [Palo Alto Networks] Sofacyβs βKomplexβ OS X Trojan | π
- Sep 18 - [Cyberkov] Hunting Libyan Scorpions | π
- Sep 14 - [Palo Alto Networks] MILE TEA: Cyber Espionage Campaign Targets Asia Pacific Businesses and Government Agencies | π
- Sep 06 - [Symantec] Buckeye cyberespionage group shifts gaze from US to Hong Kong | π
- Sep 01 - [IRAN THREATS] MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS, FOREIGN POLICY INSTITUTIONS AND MIDDLE EASTERN COUNTRIES | π
- Aug 25 - [Lookout] Technical Analysis of Pegasus Spyware | π
- Aug 24 - [Citizen Lab] The Million Dollar Dissident: NSO Groupβs iPhone Zero-Days used against a UAE Human Rights Defender | π
- Aug 19 - [ThreatConnect] Russian Cyber Operations on Steroids | π
- Aug 17 - [Kaspersky] Operation Ghoul: targeted attacks on industrial and engineering organizations | π
- Aug 16 - [Palo Alto Networks] Aveo Malware Family Targets Japanese Speaking Users | π
- Aug 11 - [IRAN THREATS] Iran and the Soft War for Internet Dominance | π
- Aug 08 - [Forcepoint] MONSOON | π
- Aug 08 - [Kaspersky] ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms | π
- Aug 07 - [Symantec] Strider: Cyberespionage group turns eye of Sauron on targets | π
- Aug 06 - [360] APT-C-09 | π
- Aug 04 - [Recorded Future] Running for Office: Russian APT Toolkits Revealed | π
- Aug 03 - [EFF] Operation Manul: I Got a Letter From the Government the Other Day...Unveiling a Campaign of Intimidation, Kidnapping, and Malware in Kazakhstan | π
- Aug 02 - [Citizen Lab] Group5: Syria and the Iranian Connection | π
- Jul 28 - [ICIT] Chinaβs Espionage Dynasty | π
- Jul 26 - [Palo Alto Networks] Attack Delivers β9002β Trojan Through Google Drive | π
- Jul 21 - [360] Sphinx (APT-C-15) Targeted cyber-attack in the Middle East | π
- Jul 21 - [RSA] Hide and Seek: How Threat Actors Respond in the Face of Public Exposure | π
- Jul 13 - [SentinelOne] State-Sponsored SCADA Malware targeting European Energy Companies | π
- Jul 12 - [F-SECURE] NanHaiShu: RATing the South China Sea | π
- Jul 08 - [Kaspersky] The Dropping Elephant β aggressive cyber-espionage in the Asian region | π
- Jul 07 - [Proofpoint] NetTraveler APT Targets Russian, European Interests | π
- Jul 07 - [Cymmetria] UNVEILING PATCHWORK: THE COPY-PASTE APT | π
- Jul 03 - [Check Point] From HummingBad to Worse | π
- Jul 01 - [Bitdefender] Pacifier APT | π
- Jul 01 - [ESET] Espionage toolkit targeting Central and Eastern Europe uncovered | π
- Jun 30 - [JPCERT] Asruex: Malware Infecting through Shortcut Files | π
- Jun 28 - [Palo Alto Networks] Prince of Persia β Game Over | π
- Jun 28 - [JPCERT] (Japan)Attack Tool Investigation | π
- Jun 26 - [Trend Micro] The State of the ESILE/Lotus Blossom Campaign | π
- Jun 26 - [Cylance] Nigerian Cybercriminals Target High-Impact Industries in India via Pony | π
- Jun 23 - [Palo Alto Networks] Tracking Elirks Variants in Japan: Similarities to Previous Attacks | π
- Jun 21 - [Fortinet] The Curious Case of an Unknown Trojan Targeting German-Speaking Users | π
- Jun 21 - [FireEye] Redline Drawn: China Recalculates Its Use of Cyber Espionage | π
- Jun 21 - [ESET] Visiting The Bear Den | π
- Jun 17 - [Kaspersky] Operation Daybreak | π
- Jun 16 - [Dell] Threat Group-4127 Targets Hillary Clinton Presidential Campaign | π
- Jun 15 - [CrowdStrike] Bears in the Midst: Intrusion into the Democratic National Committee | π
- Jun 09 - [Clearsky] Operation DustySky Part 2 | π
- Jun 02 - [Trend Micro] FastPOS: Quick and Easy Credit Card Theft | π
- May 27 - [Trend Micro] IXESHE Derivative IHEATE Targets Users in America | π
- May 26 - [Palo Alto Networks] The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor | π
- May 25 - [Kaspersky] CVE-2015-2545: overview of current threats | π
- May 24 - [Palo Alto Networks] New Wekby Attacks Use DNS Requests As Command and Control Mechanism | π
- May 23 - [MELANI:GovCERT] APT Case RUAG Technical Report | π
- May 22 - [FireEye] TARGETED ATTACKS AGAINST BANKS IN THE MIDDLE EAST | π
- May 22 - [Palo Alto Networks] Operation Ke3chang Resurfaces With New TidePool Malware | π
- May 18 - [ESET] Operation Groundbait: Analysis of a surveillance toolkit | π
- May 17 - [FOX-IT] Mofang: A politically motivated information stealing adversary | π
- May 17 - [Symantec] Indian organizations targeted in Suckfly attacks | π
- May 10 - [Trend Micro] Backdoor as a Software Suite: How TinyLoader Distributes and Upgrades PoS Threats | paper | π
- May 09 - [CMU SEI] Using Honeynets and the Diamond Model for ICS Threat Analysis | π
- May 06 - [PwC] Exploring CVE-2015-2545 and its users | π
- May 05 - [Forcepoint] Jaku: an on-going botnet campaign | π
- May 02 - [Team Cymru] GOZNYM MALWARE target US, AT, DE | π
- May 02 - [Palo Alto Networks] Prince of Persia: Infy Malware Active In Decade of Targeted Attacks | π
- Apr 27 - [Kaspersky] Repackaging Open Source BeEF for Tracking and More | π
- Apr 26 - [Financial Times] Cyber warfare: Iran opens a new front | π
- Apr 26 - [Arbor] New Poison Ivy Activity Targeting Myanmar, Asian Countries | π
- Apr 22 - [Cylance] The Ghost Dragon | π
- Apr 21 - [SentinelOne] Teaching an old RAT new tricks | π
- Apr 21 - [Palo Alto Networks] New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists | π
- Apr 18 - [Citizen Lab] Between Hong Kong and Burma: Tracking UP007 and SLServer Espionage Campaigns | π
- Apr 15 - [SANS] Detecting and Responding Pandas and Bears | π
- Apr 12 - [Microsoft] PLATINUM: Targeted attacks in South and Southeast Asia | π
- Mar 25 - [Palo Alto Networks] ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe | π
- Mar 23 - [Trend Micro] Operation C-Major: Information Theft Campaign Targets Military Personnel in India | π
- Mar 18 - [SANS] Analysis of the Cyber Attack on the Ukrainian Power Grid: Defense Use Case | π
- Mar 17 - [PwC] Taiwan Presidential Election: A Case Study on Thematic Targeting | π
- Mar 15 - [Symantec] Suckfly: Revealing the secret life of your code signing certificates | π
- Mar 14 - [Proofpoint] Bank robbery in progress: New attacks from Carbanak group target banks in Middle East and US | π
- Mar 10 - [Citizen Lab] Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans | π
- Mar 09 - [FireEye] LESSONS FROM OPERATION RUSSIANDOLL | π
- Mar 08 - [360] Operation OnionDog: A 3 Year Old APT Focused On the Energy and Transportation Industries in Korean-language Countries | π
- Mar 03 - [Recorded Future] Shedding Light on BlackEnergy With Open Source Intelligence | π
- Mar 01 - [Proofpoint] Operation Transparent Tribe - APT Targeting Indian Diplomatic and Military Interests | π
- Feb 29 - [Fidelis] The Turbo Campaign, Featuring Derusbi for 64-bit Linux | π
- Feb 24 - [NOVETTA] Operation Blockbuster | π
- Feb 23 - [Cylance] OPERATION DUST STORM | π
- Feb 12 - [Palo Alto Networks] A Look Into Fysbis: Sofacyβs Linux Backdoor | π
- Feb 11 - [Recorded Future] Hacktivism: India vs. Pakistan | π
- Feb 09 - [Kaspersky] Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage | π
- Feb 08 - [ICIT] Know Your Enemies 2.0: A Primer on Advanced Persistent Threat Groups | π
- Feb 04 - [Palo Alto Networks] T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques | π
- Feb 03 - [Palo Alto Networks] Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve? | π
- Feb 01 - [Sucuri] Massive Admedia/Adverting iFrame Infection | π
- Feb 01 - [IBM] Organized Cybercrime Big in Japan: URLZone Now on the Scene | π
- Jan 29 - [F5] Tinbapore: Millions of Dollars at Risk | π
- Jan 29 - [Zscaler] Malicious Office files dropping Kasidet and Dridex | π
- Jan 28 - [Kaspersky] BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents | π
- Jan 27 - [Fidelis] Dissecting the Malware Involved in the INOCNATION Campaign | π
- Jan 26 - [SentinelOne] Analyzing a New Variant of BlackEnergy 3 | π
- Jan 24 - [Palo Alto Networks] Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists | π
- Jan 21 - [Palo Alto Networks] NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan | π
- Jan 19 - [360] 2015 APT Annual Report | π
- Jan 14 - [CISCO] RESEARCH SPOTLIGHT: NEEDLES IN A HAYSTACK | π
- Jan 14 - [Symantec] The Waterbug attack group | π
- Jan 07 - [Clearsky] Operation DustySky | π
- Jan 07 - [CISCO] RIGGING COMPROMISE - RIG EXPLOIT KIT | π
- Jan 03 - [ESET] BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry | π
- Dec 23 - [PwC] ELISE: Security Through Obesity | π
- Dec 22 - [Palo Alto Networks] BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger | π
- Dec 20 - [FireEye] The EPS Awakens - Part 2 | π
- Dec 18 - [Palo Alto Networks] Attack on French Diplomat Linked to Operation Lotus Blossom | π
- Dec 16 - [Bitdefender] APT28 Under the Scope - A Journey into Exfiltrating Intelligence and Government Information | π
- Dec 16 - [Trend Micro] Operation Black Atlas, Part 2: Tools and Malware Used and How to Detect Them | π
- Dec 16 - [Fidelis] Dissecting the Malware Involved in the INOCNATION Campaign | π
- Dec 15 - [AirBus] Newcomers in the Derusbi family | π
- Dec 08 - [Citizen Lab] Packrat: Seven Years of a South American Threat Actor | π
- Dec 07 - [FireEye] Financial Threat Group Targets Volume Boot Record | π
- Dec 07 - [Symantec] Iran-based attackers use back door threats to spy on Middle Eastern targets | π
- Dec 04 - [Kaspersky] Sofacy APT hits high profile targets with updated toolset | π
- Dec 01 - [FireEye] China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets | π
- Nov 30 - [FOX-IT] Ponmocup A giant hiding in the shadows | π
- Nov 24 - [Palo Alto Networks] Attack Campaign on the Government of Thailand Delivers Bookworm Trojan | π
- Nov 23 - [Minerva Labs, ClearSky] CopyKittens Attack Group | π
- Nov 23 - [RSA] PEERING INTO GLASSRAT | π
- Nov 23 - [Trend Micro] Prototype Nation: The Chinese Cybercriminal Underground in 2015 | π
- Nov 19 - [Kaspersky] Russian financial cybercrime: how it works | π
- Nov 19 - [JPCERT] Decrypting Strings in Emdivi | π
- Nov 18 - [Palo Alto Networks] TDrop2 Attacks Suggest Dark Seoul Attackers Return | π
- Nov 18 - [CrowdStrike] Sakula Reloaded | π
- Nov 18 - [Damballa] Damballa discovers new toolset linked to Destover Attackerβs arsenal helps them to broaden attack surface | π
- Nov 16 - [FireEye] WitchCoven: Exploiting Web Analytics to Ensnare Victims | π
- Nov 10 - [Palo Alto Networks] Bookworm Trojan: A Model of Modular Architecture | π
- Nov 09 - [Check Point] Rocket Kitten: A Campaign With 9 Lives | π
- Nov 04 - [RSA] Evolving Threats:dissection of a CyberEspionage attack | π
- Oct 16 - [Citizen Lab] Targeted Malware Attacks against NGO Linked to Attacks on Burmese Government Websites(https://otx.alienvault.com/pulse/5621208f4637f21ecf2aac36/) | π
- Oct 15 - [Citizen Lab] Pay No Attention to the Server Behind the Proxy: Mapping FinFisherβs Continuing Proliferation | π
- Oct 05 - [Recorded Future] Proactive Threat Identification Neutralizes Remote Access Trojan Efficacy | π
- Oct 03 - [Cybereason] Webmail Server APT: A New Persistent Attack Methodology Targeting Microsoft Outlook Web Application (OWA) | π
- Sep 23 - [ThreatConnect] PROJECT CAMERASHY: CLOSING THE APERTURE ON CHINAβS UNIT 78020 | PDF | π
- Sep 17 - [F-SECURE] The Dukes 7 Years of Russian Cyber Espionage - PDF | π
- Sep 16 - [Proofpoint] The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK | π
- Sep 16 - [Trend Micro] Operation Iron Tiger: How China-Based Actors Shifted Attacks from APAC to US Targets | IOC | π
- Sep 15 - [Proofpoint] In Pursuit of Optical Fibers and Troop Intel: Targeted Attack Distributes PlugX in Russia | π
- Sep 09 - [Trend Micro] Shadow Force Uses DLL Hijacking, Targets South Korean Company | π
- Sep 09 - [Kaspersky] Satellite Turla: APT Command and Control in the Sky | π
- Sep 08 - [Palo Alto Networks] Musical Chairs: Multi-Year Campaign Involving New Variant of Gh0st Malware | π
- Sep 01 - [Trend Micro, Clearsky] The Spy Kittens Are Back: Rocket Kitten 2 | PDF | π
- Aug 20 - [Arbor] PlugX Threat Activity in Myanmar | π
- Aug 20 - [Kaspersky] New activity of the Blue Termite APT | π
- Aug 19 - [Symantec] New Internet Explorer zero-day exploited in Hong Kong attacks | π
- Aug 10 - [ShadowServer] The Italian Connection: An analysis of exploit supply chains and digital quartermasters | π
- Aug 08 - [Cyint] Threat Analysis: Poison Ivy and Links to an Extended PlugX Campaign | π
- Aug 05 - [Dell] Threat Group-3390 Targets Organizations for Cyberespionage | π
- Aug 04 - [RSA] Terracotta VPN: Enabler of Advanced Threat Anonymity | π
- Jul 30 - [ESET] Operation Potao Express | IOC | π
- Jul 28 - [Symantec] Black Vine: Formidable cyberespionage group targeted aerospace, healthcare since 2012 | π
- Jul 27 - [FireEye] HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group | π
- Jul 22 - [F-SECURE] Duke APT group's latest tools: cloud services and Linux support | π
- Jul 20 - [ThreatConnect] China Hacks the Peace Palace: All Your EEZβs Are Belong to Us | π
- Jul 20 - [Palo Alto Networks] Watering Hole Attack on Aerospace Firm Exploits CVE-2015-5122 to Install IsSpace Backdoor | π
- Jul 14 - [Palo Alto Networks] Tracking MiniDionis: CozyCarβs New Ride Is Related to Seaduke | π
- Jul 14 - [Trend Micro] An In-Depth Look at How Pawn Stormβs Java Zero-Day Was Used | π
- Jul 13 - [Symantec] "Forkmeiamfamous": Seaduke, latest weapon in the Duke armory | π
- Jul 13 - [FireEye] Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability CVE-2015-5119 Following Hacking Team Leak | π
- Jul 10 - [Palo Alto Networks] APT Group UPS Targets US Government with Hacking Team Flash Exploit | π
- Jul 09 - [Symantec] Butterfly: Corporate spies out for financial gain | π
- Jul 08 - [Kaspersky] Wild Neutron β Economic espionage threat actor returns with new tricks | π
- Jul 08 - [Volexity] APT Group Wekby Leveraging Adobe Flash Exploit (CVE-2015-5119) | π
- Jun 30 - [ESET] Dino β the latest spying malware from an allegedly French espionage group analyzed | π
- Jun 28 - [Dragon Threat Labs] APT on Taiwan - insight into advances of adversary TTPs | π
- Jun 26 - [FireEye] Operation Clandestine Wolf β Adobe Flash Zero-Day in APT3 Phishing Campaign | π
- Jun 24 - [PwC] UnFIN4ished Business (FIN4) | π
- Jun 22 - [Kaspersky] Winnti targeting pharmaceutical companies | π
- Jun 16 - [Palo Alto Networks] Operation Lotus Bloom | π
- Jun 15 - [Citizen Lab] Targeted Attacks against Tibetan and Hong Kong Groups Exploiting CVE-2014-4114 | π
- Jun 12 - [Volexity] Afghan Government Compromise: Browser Beware | π
- Jun 10 - [Kaspersky] The_Mystery_of_Duqu_2_0 IOC Yara | π
- Jun 10 - [Crysys] Duqu 2.0 | π
- Jun 09 - [Microsoft] Duqu 2.0 Win32k Exploit Analysis | π
- Jun 04 - [JP Internet Watch] Blue Thermite targeting Japan (CloudyOmega) | π
- Jun 03 - [ClearSky] Thamar Reservoir | π
- May 29 - [360] OceanLotusReport | π
- May 28 - [Kaspersky] Grabit and the RATs | π
- May 27 - [Antiy Labs] Analysis On Apt-To-Be Attack That Focusing On China's Government Agency' | π
- May 27 - [CyberX] BlackEnergy 3 β Exfiltration of Data in ICS Networks | π
- May 26 - [ESET] Dissecting-Linux/Moose | π
- May 21 - [Kaspersky] The Naikon APT and the MsnMM Campaigns | π
- May 19 - [Panda] Operation 'Oil Tanker' | π
- May 18 - [Palo Alto Networks] Cmstar Downloader: Lurid and Enfalβs New Cousin | π
- May 14 - [Trend Micro] Operation Tropic Trooper | π
- May 14 - [Kaspersky] The Naikon APT | π
- May 13 - [Cylance] SPEAR: A Threat Actor Resurfaces | π
- May 12 - [PR Newswire] root9B Uncovers Planned Sofacy Cyber Attack Targeting Several International and Domestic Financial Institutions | π
- May 07 - [G DATA] Dissecting the Kraken | π
- May 05 - [Ahnlab] Targeted attack on Franceβs TV5Monde | π
- Apr 27 - [PWC] Attacks against Israeli & Palestinian interests | π
- Apr 22 - [F-SECURE] CozyDuke | π
- Apr 21 - [Kaspersky] The CozyDuke APT | π
- Apr 20 - [PWC] Sofacy II β Same Sofacy, Different Day | π
- Apr 18 - [FireEye] Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russiaβs APT28 in Highly-Targeted Attack | π
- Apr 16 - [Trend Micro] Operation Pawn Storm Ramps Up its Activities; Targets NATO, White House | π
- Apr 15 - [Kaspersky] The Chronicles of the Hellsing APT: the Empire Strikes Back | π
- Apr 12 - [FireEye] APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation | π
- Mar 31 - [CheckPoint] Volatile Cedar β Analysis of a Global Cyber Espionage Campaign | π
- Mar 30 - [CrowdStrike] Chopping packets: Decoding China Chopper Web shell traffic over SSL | π
- Mar 19 - [Trend Micro] Rocket Kitten Showing Its Claws: Operation Woolen-GoldFish and the GHOLE campaign | π
- Mar 11 - [Kaspersky] Inside the EquationDrug Espionage Platform | π
- Mar 10 - [Citizen Lab] Tibetan Uprising Day Malware Attacks | π
- Mar 06 - [F-SECURE] Is Babar a Bunny? | π
- Mar 06 - [Kaspersky] Animals in the APT Farm | π
- Mar 05 - [ESET] Casper Malware: After Babar and Bunny, Another Espionage Cartoon | π
- Feb 24 - [PWC] A deeper look into Scanbox | π
- Feb 27 - [ThreatConnect] The Anthem Hack: All Roads Lead to China | π
- Feb 25 - [FireEye] Southeast Asia: An Evolving Cyber Threat Landscape | π
- Feb 25 - [Sophos] PlugX goes to the registry (and India) | π
- Feb 18 - [G DATA] Babar: espionage software finally found and put under the microscope | π
- Feb 18 - [CIRCL Luxembourg] Shooting Elephants | π
- Feb 17 - [Kaspersky] Desert Falcons APT | π
- Feb 17 - [Kaspersky] A Fanny Equation: "I am your father, Stuxnet" | π
- Feb 16 - [Trend Micro] Operation Arid Viper | π
- Feb 16 - [Kaspersky] The Carbanak APT | π
- Feb 16 - [Kaspersky] Equation: The Death Star of Malware Galaxy | π
- Feb 10 - [CrowdStrike] CrowdStrike Global Threat Intel Report for 2014 | π
- Feb 04 - [Trend Micro] Pawn Storm Update: iOS Espionage App Found | π
- Feb 02 - [FireEye] Behind the Syrian Conflictβs Digital Frontlines | π
- Jan 29 - [JPCERT] Analysis of PlugX Variant - P2P PlugX | π
- Jan 29 - [Symantec] Backdoor.Winnti attackers and Trojan.Skelky | π
- Jan 27 - [Kaspersky] Comparing the Regin module 50251 and the "Qwerty" keylogger | π
- Jan 22 - [Kaspersky] Regin's Hopscotch and Legspin | π
- Jan 22 - [Symantec] Scarab attackers Russian targets | IOCs | π
- Jan 22 - [Symantec] The Waterbug attack group | π
- Jan 20 - [BlueCoat] Reversing the Inception APT malware | π
- Jan 20 - [G DATA] Analysis of Project Cobra | π
- Jan 15 - [G DATA] Evolution of Agent.BTZ to ComRAT | π
- Jan 12 - [Dell] Skeleton Key Malware Analysis | π
- Jan 11 - [Dragon Threat Labs] Hong Kong SWC attack | π
- Dec 22 - [Group-IB] Anunak: APT against financial institutions | π
- Dec 21 - [ThreatConnect] Operation Poisoned Helmand | π
- Dec 19 - [US-CERT] TA14-353A: Targeted Destructive Malware (wiper) | π
- Dec 18 - [Citizen Lab] Malware Attack Targeting Syrian ISIS Critics | π
- Dec 17 - [CISCO] Wiper Malware β A Detection Deep Dive | π
- Dec 12 - [Fidelis] Bots, Machines, and the Matrix | π
- Dec 12 - [AirBus] Vinself now with steganography | π
- Dec 10 - [Ahnlab] South Korea MBR Wiper | π
- Dec 10 - [F-Secure] W64/Regin, Stage #1 | π
- Dec 10 - [F-Secure] W32/Regin, Stage #1 | π
- Dec 10 - [Kaspersky] Cloud Atlas: RedOctober APT | π
- Dec 09 - [BlueCoat] The Inception Framework | π
- Dec 08 - [Kaspersky] The 'Penquin' Turla | π
- Dec 05 - [Cylance] Operation Cleaver: The Notepad Files | π
- Dec 02 - [Cylance] Operation Cleaver | IOCs | π
- Nov 30 - [FireEye] FIN4: Stealing Insider Information for an Advantage in Stock Trading? | π
- Nov 24 - [CrowdStrike] Deep Panda Uses Sakula Malware | π
- Nov 24 - [TheIntercept] Regin: SECRET MALWARE IN EUROPEAN UNION ATTACK LINKED TO U.S. AND BRITISH INTELLIGENCE | π
- Nov 24 - [Kaspersky] Kaspersky's report on The Regin Platform | π
- Nov 24 - [Symantec] Regin: Top-tier espionage tool enables stealthy surveillance | π
- Nov 21 - [FireEye] Operation Double Tap | IOCs | π
- Nov 20 - [0x1338] EvilBunny: Suspect #4 | π
- Nov 14 - [ESET] Roaming Tiger (Slides) | π
- Nov 14 - [F-Secure] OnionDuke: APT Attacks Via the Tor Network | π
- Nov 13 - [Symantec] Operation CloudyOmega: Ichitaro 0-day targeting Japan | π
- Nov 12 - [ESET] Korplug military targeted attacks: Afghanistan & Tajikistan | π
- Nov 11 - [GDATA] The Uroburos case- Agent.BTZβs successor, ComRAT | π
- Nov 10 - [Kaspersky] The Darkhotel APT - A Story of Unusual Hospitality | π
- Nov 03 - [FireEye] Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kongβs Pro-Democracy Movement | π
- Nov 03 - [Kaspersky] New observations on BlackEnergy2 APT activity | π
- Oct 31 - [GData] Operation TooHash | π
- Oct 30 - [Sophos] The Rotten Tomato Campaign | π
- Oct 28 - [CISCO] Group 72, Opening the ZxShell | π
- Oct 28 - [FireEye] APT28 - A Window Into Russia's Cyber Espionage Operations | π
- Oct 27 - [Invincea] Micro-Targeted Malvertising via Real-time Ad Bidding | π
- Oct 27 - [PWC] ScanBox framework β whoβs affected, and whoβs using it? | π
- Oct 27 - [Netresec] Full Disclosure of Havex Trojans - ICS Havex backdoors | π
- Oct 24 - [AirBus] LeoUncia and OrcaRat | π
- Oct 23 - [LEVIATHAN] THE CASE OF THE MODIFIED BINARIES | π
- Oct 22 - [PWC] Sofacy Phishing by PWC | π
- Oct 22 - [Trend Micro] Operation Pawn Storm: The Red in SEDNIT | π
- Oct 20 - [PWC] OrcaRAT - A whale of a tale | π
- Oct 14 - [iSightPartners] Sandworm - CVE-2104-4114 | π
- Oct 14 - [CISCO] Group 72 | π
- Oct 14 - [Novetta] Derusbi Preliminary Analysis | π
- Oct 14 - [Novetta] Hikit Preliminary Analysis | π
- Oct 14 - [Novetta] ZoxPNG Preliminary Analysis | π
- Oct 09 - [Volexity] Democracy in Hong Kong Under Attack | π
- Oct 03 - [Palo Alto Networks] New indicators for APT group Nitro | π
- Sep 26 - [F-Secure] BlackEnergy & Quedagh | π
- Sep 26 - [FireEye] Aided Frame, Aided Direction (Sunshop Digital Quartermaster) | π
- Sep 23 - [Kaspersky] Ukraine and Poland Targeted by BlackEnergy (video)
- Sep 19 - [Palo Alto Networks] Watering Hole Attacks using Poison Ivy by "th3bug" group | π
- Sep 18 - [F-Secure] COSMICDUKE: Cosmu with a twist of MiniDuke | π
- Sep 17 - [U.S. Senate Committee] Chinese intrusions into key defense contractors | π
- Sep 10 - [FireEye] Operation Quantum Entanglement | π
- Sep 08 - [Usenix] When Governments Hack Opponents: A Look at Actors and Technology video | π
- Sep 08 - [Usenix] Targeted Threat Index: Characterizingand Quantifying Politically-MotivatedTargeted Malware video | π
- Sep 04 - [ClearSky] Gholee β a βProtective Edgeβ themed spear phishing campaign | π
- Sep 04 - [FireEye] Forced to Adapt: XSLCmd Backdoor Now on OS X | π
- Sep 04 - [Netresec] Analysis of Chinese MITM on Google | π
- Sep 03 - [FireEye] Darwinβs Favorite APT Group (APT12) | π
- Aug 29 - [FireEye] Syrian Malware Team Uses BlackWorm for Attacks | π
- Aug 28 - [AlienVault] Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks | π
- Aug 27 - [Kaspersky] NetTraveler APT Gets a Makeover for 10th Birthday | π
- Aug 25 - [Malware Must Die] Vietnam APT Campaign | π
- Aug 20 - [Kaspersky] El Machete | π
- Aug 18 - [Kaspersky] The Syrian Malware House of Cards | π
- Aug 16 - [HP] Profiling an enigma: The mystery of North Koreaβs cyber threat landscape | π
- Aug 13 - [USENIX] A Look at Targeted Attacks Through the Lense of an NGO | π
- Aug 12 - [FireEye] New York Times Attackers Evolve Quickly (Aumlib/Ixeshe/APT12) | π
- Aug 07 - [Kaspersky] The Epic Turla Operation Appendix | π
- Aug 06 - [FireEye] Operation Poisoned Hurricane | π
- Aug 05 - [ThreatConnect] Operation Arachnophobia | π
- Aug 04 - [FireEye] SIDEWINDER TARGETED ATTACK AGAINST ANDROID IN THE GOLDEN AGE OF AD LIBRARIES | π
- Jul 31 - [Kaspersky] Energetic Bear/Crouching Yeti | π
- Jul 29 - [Dell] Threat Group-3279 Targets the Video Game Industry | π
- Jul 20 - [Vinsula] Sayad (Flying Kitten) Analysis & IOCs | π
- Jul 11 - [AirBus] Pitty Tiger | π
- Jul 10 - [CIRCL] TR-25 Analysis - Turla / Pfinet / Snake/ Uroburos | π
- Jul 07 - [CrowdStrike] Deep Pandas, Deep in Thought: Chinese Targeting of National Security Think Tanks | π
- Jul 10 - [TrapX] Anatomy of the Attack: Zombie Zero | π
- Jun 30 - [Symantec] Dragonfly: Cyberespionage Attacks Against Energy Suppliers | π
- Jun 20 - [Blitzanalysis] Embassy of Greece Beijing | π
- Jun 09 - [CrowdStrike] Putter Panda | π
- Jun 06 - [Arbor] Illuminating The Etumbot APT Backdoor (APT12) | π
- May 28 - [iSightPartners] NewsCaster_An_Iranian_Threat_Within_Social_Networks | π
- May 21 - [Fidelis] RAT in jar: A phishing campaign using Unrecom | π
- May 20 - [ESET] Miniduke Twitter C&C | π
- May 13 - [CrowdStrike] Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN | π
- May 13 - [FireEye] Operation Saffron Rose (aka Flying Kitten) | π
- Apr 26 - [FireEye] CVE-2014-1776: Operation Clandestine Fox | π
- Mar 12 - [FireEye] A Detailed Examination of the Siesta Campaign | π
- Mar 08 - [Reuters] Russian spyware Turla | π
- Mar 07 - [BAE] Snake Campaign & Cyber Espionage Toolkit | π
- Mar 06 - [Trend Micro] The Siesta Campaign | π
- Feb 28 - [GData] Uroburos: Highly complex espionage software with Russian roots | π
- Feb 25 - [CrowdStrike] The French Connection: French Aerospace-Focused CVE-2014-0322 Attack Shares Similarities with 2012 Capstone Turbine Activity | π
- Feb 23 - [Fidelis] Gathering in the Middle East, Operation STTEAM | π
- Feb 20 - [CrowdStrike] Mo' Shells Mo' Problems - Deep Panda Web Shells | π
- Feb 20 - [FireEye] Operation GreedyWonk: Multiple Economic and Foreign Policy Sites Compromised, Serving Up Flash Zero-Day Exploit | π
- Feb 19 - [FireEye] XtremeRAT: Nuisance or Threat? | π
- Feb 19 - [Context Information Security] The Monju Incident | π
- Feb 13 - [FireEye] Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website | π
- Feb 11 - [Kaspersky] Unveiling "Careto" - The Masked APT | π
- Jan 31 - [Fidelis] Intruder File Report- Sneakernet Trojan | π
- Jan 21 - [RSA] Shell_Crew (Deep Panda) | π
- Jan 15 - [Fidelis] New CDTO: A Sneakernet Trojan Solution | π
- Jan 14 - [Kaspersky] The Icefog APT Hits US Targets With Java Backdoor | π
- Jan 13 - [Symantec] Targeted attacks against the Energy Sector | π
- Jan 06 - [AirBus] PlugX: some uncovered points | π
- XXX XX - [CERT-ISAC] Inside Report β APT Attacks on Indian Cyber Space | π
- XXX XX - [KPMG] Energy at Risk: A Study of IT Security in the Energy and Natural Resources Industry | π
- XXX XX - [FireEye] THE LITTLE MALWARE THAT COULD: Detecting and Defeating the China Chopper Web Shell | π
- XXX XX - [CrowdStrike] Deep Panda | π
- XXX XX - [CISAK] Dark Seoul Cyber Attack: Could it be worse? | π
- XXX XX - [Fireeye] OPERATION SAFFRON ROSE | π
- Dec 20 - [Ahnlab] ETSO APT Attacks Analysis | π
- Dec 12 - [FireEye] Operation Ke3chang: Targeted Attacks Against Ministries of Foreign Affairs | π
- Dec 02 - [Fidelis] njRAT, The Saga Continues | π
- Nov 10 - [FireEye] Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method | π
- Oct 25 - [FireEye] Evasive Tactics: Terminator RAT | π
- Oct 24 - [Trend Micro] FakeM RAT | π
- Sep 25 - [Kaspersky] The 'ICEFROG' APT: A Tale of cloak and three daggers | π
- Sep 21 - [FireEye] Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets | π
- Sep 19 - [Trend Micro] 2Q 2013 Report on Targeted Attack Campaigns: A Look Into EvilGrab | π
- Sep 17 - [Symantec] Hidden Lynx - Professional Hackers for Hire | π
- Sep 11 - [Kaspersky] The "Kimsuky" Operation | π
- Sep 06 - [FireEye] Evasive Tactics: Taidoor | π
- Aug 23 - [FireEye] Operation Molerats: Middle East Cyber Attacks Using Poison Ivy | π
- Aug 21 - [FireEye] POISON IVY: Assessing Damage and Extracting Intelligence | π
- Aug 19 - [Rapid7] ByeBye Shell and the targeting of Pakistan | π
- Aug 02 - [CitizenLab] Surtr: Malware Family Targeting the Tibetan Community | π
- Aug 02 - [ThreatConnect] Where There is Smoke, There is Fire: South Asian Cyber Espionage Heats Up | π
- Jul 31 - [BlackHat] Hunting the Shadows: In Depth Analysis of Escalated APT Attacks | π
- Jul 31 - [Dell] Secrets of the Comfoo Masters | π
- Jul 15 - [Sophos] The PlugX malware revisited: introducing "Smoaler" | π
- Jul 01 - [McAfee] Targeted Campaign Steals Credentials in Gulf States and Caribbean | π
- Jun 28 - [ThreatGeek] njRAT Uncovered | π
- Jun 21 - [Citizen Lab] A Call to Harm: New Malware Attacks Target the Syrian Opposition | π
- Jun 18 - [FireEye] Trojan.APT.Seinup Hitting ASEAN | π
- Jun 07 - [Rapid7] KeyBoy, Targeted Attacks against Vietnam and India | π
- Jun 04 - [Kaspersky] The NetTraveller (aka 'Travnet') | π
- Jun 01 - [Purdue] Crude Faux: An analysis of cyber conflict within the oil & gas industries | π
- Jun XX - [BlueCoat] The Chinese Malware Complexes: The Maudi Surveillance Operation | π
- May 30 - [CIRCL] TR-14 - Analysis of a stage 3 Miniduke malware sample | π
- May 20 - [Norman] OPERATION HANGOVER: Unveiling an Indian Cyberattack Infrastructure | π
- May 16 - [ESET] Targeted information stealing attacks in South Asia use email, signed binaries | π
- Apr 21 - [Bitdefender] MiniDuke - The Final Cut | π
- Apr 13 - [Kaspersky] "Winnti" More than just a game | π
- Apr 07 - [FireEye] WORLD WAR C | π
- Apr 01 - [FireEye] Trojan.APT.BaneChant | π
- Mar 28 - [Circl] TR-12 - Analysis of a PlugX malware variant used for targeted attacks | π
- Mar 27 - [malware.lu] APT1: technical backstage (Terminator/Fakem RAT) | π
- Mar 21 - [Fidelis] Darkseoul/Jokra Analysis And Recovery | π
- Mar 20 - [Kaspersky] The TeamSpy Crew Attacks | π
- Mar 20 - [McAfee] Dissecting Operation Troy | π
- Mar 17 - [Trend Micro] Safe: A Targeted Threat | π
- Mar 13 - [Citizen lab] You Only Click Twice: FinFisherβs Global Proliferation | π
- Feb 27 - [Crysys] Miniduke: Indicators v1 | π
- Feb 27 - [Kaspersky] The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor | π
- Feb 26 - [Symantec] Stuxnet 0.5: The Missing Link | π
- Feb 22 - [Symantec] Comment Crew: Indicators of Compromise | π
- Feb 18 - [FireEye] Mandiant APT1 Report | π
- Feb 12 - [AIT] Targeted cyber attacks: examples and challenges ahead | π
- Jan 18 - [McAfee] Operation Red October | π
- Jan 14 - [Kaspersky] The Red October Campaign | π
- Jan 02 - [FireEye] SUPPLY CHAIN ANALYSIS: From Quartermaster to SunshopFireEye | π
- Nov 13 - [FireEye] Poison Ivy Malware Analysis | π
- Nov 03 - [CyberPeace] Systematic cyber attacks against Israeli and Palestinian targets going on for a year | π
- Nov 01 - [Fidelis] RECOVERING FROM SHAMOON | π
- Oct 31 - [DEA] CYBER ESPIONAGE Against Georgian Government (Georbot Botnet) | π
- Oct 27 - [Symantec] Trojan.Taidoor: Targeting Think Tanks | π
- Oct 08 - [Matasano] pest control: taming the rats | π
- Sep 18 - [Dell] The Mirage Campaign | π
- Sep 12 - [RSA] The VOHO Campaign: An in depth analysis | π
- Sep 07 - [Citizen lab] IEXPLORE RAT | π
- Sep 06 - [Symantec] The Elderwood Project | π
- Aug 19 - [Rapid7] ByeBye Shell and the targeting of Pakistan | π
- Aug 18 - [Trend Micro] The Taidoor Campaign AN IN-DEPTH ANALYSIS | π
- Aug 09 - [Kaspersky] Gauss: Abnormal Distribution | π
- Jul 27 - [Kaspersky] The Madi Campaign | π
- Jul 25 - [Citizen lab] From Bahrain With Love: FinFisherβs Spy Kit Exposed? | π
- Jul 11 - [Wired] Wired article on DarkComet creator | π
- Jul 10 - [Citizenlab] Advanced Social Engineering for the Distribution of LURK Malware | π
- May 31 - [Crysys] sKyWIper (Flame/Flamer) | π
- May 22 - [Trend Micro] IXESHE An APT Campaign | π
- May 18 - [Symantec] Analysis of Flamer C&C Server | π
- Apr 16 - [Kaspersky] OSX.SabPub & Confirmed Mac APT attacks | π
- Apr 10 - [McAfee] Anatomy of a Gh0st RAT | π
- Mar 26 - [Trend Micro] Luckycat Redux | π
- Mar 13 - [Arbor] Reversing DarkComet RAT's crypto | π
- Mar 12 - [contextis] Crouching Tiger, Hidden Dragon, Stolen Data | π
- Feb 29 - [Dell] The Sin Digoo Affair | π
- Feb 03 - [CommandFive] Command and Control in the Fifth Domain | π
- Jan 03 - [Trend Micro] The HeartBeat APT | π
- Dec 08 - [Norman] Palebot trojan harvests Palestinian online credentials | π
- Nov 15 - [Norman] The many faces of Gh0st Rat | π
- Oct 31 - [Symantec] The Nitro Attacks: Stealing Secrets from the Chemical Industry | π
- Oct 26 - [Dell] Duqu Trojan Questions and Answers | π
- Oct 12 - [Zscaler] Alleged APT Intrusion Set: "1.php" Group | π
- Sep 22 - [Trend Micro] The "LURID" Downloader | π
- Sep 11 - [CommandFive] SK Hack by an Advanced Persistent Threat | π
- Sep 09 - [Fidelis] The RSA Hack | π
- Aug 04 - [McAfee] Operation Shady RAT | π
- Aug 03 - [Dell] HTran and the Advanced Persistent Threat | π
- Aug 02 - [vanityfair] Operation Shady rat : Vanity | π
- Jun ?? - [CommandFive] Advanced Persistent Threats:A Decade in Review | π
- Apr 20 - [ESET] Stuxnet Under the Microscope | π
- Feb 18 - [NERC] Night Dragon Specific Protection Measures for Consideration | π
- Feb 10 - [McAfee] Global Energy Cyberattacks: Night Dragon | π
- Dec 09 - [CRS] The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability | π
- Sep 30 - [Symantec] W32.Stuxnet Dossier | π
- Sep 03 - [Seculert] The "MSUpdater" Trojan And Ongoing Targeted Attacks | π
- Apr 06 - [ShadowServer] Shadows in the cloud: Investigating Cyber Espionage 2.0 | π
- Mar 14 - [CA] In-depth Analysis of Hydraq | π
- Feb 10 - [HB Gary] Threat Report: Operation Aurora | π
- Jan ?? - [Triumfant] Case Study: Operation Aurora | π
- Jan 27 - [Alberts] Operation Aurora Detect, Diagnose, Respond | π
- Jan 26 - [McAfee] How Can I Tell if I Was Infected By Aurora? (IOCs) | π
- Jan 20 - [McAfee] Combating Aurora| π
- Jan 13 - [Damballa] The Command Structure of the Aurora Botnet | π
- Jan 12 - [Google] Operation Aurora | π
- Oct 19 - [Northrop Grumman] Capability of the Peopleβs Republic of China to Conduct Cyber Warfare and Computer Network Exploitation | π
- Mar 29 - [TheSecDevGroup] Tracking GhostNet | π
- Jan 18 - [Baltic] Impact of Alleged Russian Cyber Attacks | π
- Nov XX - [Military Review] CHINA_CHINA_CYBER_WARFARE| π
- Nov 19 - [Wired] Agent.BTZ | π
- Nov 04 - [DTIC] China's Electronic Long-Range Reconnaissance | π
- Oct 02 - [Culture Mandala] How China will use cyber warfare to leapfrog in military competitiveness | π
- Aug 10 - [Georgia] Russian Invasion of Georgia Russian Cyberwar on Georgia | π
πΈ 2021 - [Red_Canary] 2021 Threat Detection Report | π
πΈ Jan 08 2021 - [NSA] 2020 Cybersecurity Year in Review report | π
πΈ Jan 01 2022 - [Objective-See] The Mac Malware of 2021 | π
πΈ Jan 04 2021 - [Objective-See] The Mac Malware of 2020 | π
πΈ Jun 2022 - [ESET] ESET Threat Report T1 2022 | π
πΈ Feb 09 2022 - [ESET] ESET Threat Report T3 2021 | π
πΈ Sep 30 2021 - [ESET] ESET Threat Report T2 2021 | π
πΈ Jun 03 2021 - [ESET] ESET Threat Report T1 2021 | π
πΈ Oct 18 2020 - [ESET] 2020 Q3 Threat Report | π
πΈ Jul 29 2020 - [ESET] 2020 Q2 Threat Report | π
πΈ Apr 2020 - [ESET] 2020 Q1 Threat Report | π
πΈ Apr 27 2022 - [Kaspersky] APT trends report Q2 2022 | π
πΈ Jul 29 2021 - [Kaspersky] APT trends report Q2 2021 | π
πΈ Apr 27 2021 - [Kaspersky] APT trends report Q1 2021 | π
πΈ Nov 04 2020 - [Kaspersky] APT trends report Q3 2020 | π
πΈ July 29 2020 - [Kaspersky] APT trends report Q2 2020 | π
πΈ Aug 01 2019 - [Kaspersky] APT trends report Q2 2019 | π
πΈ Apr 30 2019 - [Kaspersky] APT trends report Q1 2019 | π
πΈ Apr 15 2021 - [FireEye] M-Trends 2021 | π
πΈ Feb 20 2020 - [FireEye] M-Trends 2020 | π
πΈ Mar 04 2019 - [FireEye] M-Trends 2019 | π
πΈ Q2 2021 - [AhnLab] ASEC Report Q2 2021 | π
πΈ Q1 2021 - [AhnLab] ASEC Report Q1 2021 | π
πΈ Q4 2020 - [AhnLab] ASEC Report Q4 2020 | π
πΈ Q3 2020 - [AhnLab] ASEC Report Q3 2020 | π
πΈ Q2 2020 - [AhnLab] ASEC Report Q2 2020 | π
πΈ Q1 2020 - [AhnLab] ASEC Report Q1 2020 | π
πΈ Q4 2019 - [AhnLab] ASEC Report Q4 2019 | π
πΈ Q3 2019 - [AhnLab] ASEC Report Q3 2019 | π
πΈ Q2 2019 - [AhnLab] ASEC Report Q2 2019 | π
πΈ Q1 2019 - [AhnLab] ASEC Report Q1 2019 | π
πΈ Nov 24 2020 - [Group-IB] Hi-Tech Crime Trends 2020-2021 | π
πΈ Nov 29 2019 - [Group-IB] Hi-Tech Crime Trends 2019-2020 | π
πΈ Q1 2021 - [PTSecurity] Cybersecurity threatscape Q1 2021 | π
πΈ Q4 2020 - [PTSecurity] Cybersecurity threatscape Q4 2020 | π
πΈ Q3 2020 - [PTSecurity] Cybersecurity threatscape Q3 2020 | π
πΈ Q2 2020 - [PTSecurity] Cybersecurity threatscape Q2 2020 | π
πΈ Q1 2020 - [PTSecurity] Cybersecurity threatscape Q1 2020 | π
πΈ Q4 2019 - [PTSecurity] Cybersecurity threatscape Q4 2019 | π
πΈ Q3 2019 - [PTSecurity] Cybersecurity threatscape Q3 2019 | π
πΈ Q2 2019 - [PTSecurity] Cybersecurity threatscape Q2 2019 | π
πΈ Q1 2019 - [PTSecurity] Cybersecurity threatscape Q1 2019 | π
πΈ Oct 20 2020 - [ENISA] ENISA Threat Landscape 2020 - Main Incidents | π
πΈ Jan 28 2019 - [ENISA] ENISA Threat Landscape Report 2018 | π
πΈ Sep 14 2021 - [CrowdStrike] nowhere to hide: 2021 Threat Hunting Report | π
πΈ Feb 24 2021 - [CrowdStrike] 2021 GLOBAL THREAT REPORT | π
πΈ Mar 03 2020 - [CrowdStrike] 2020 GLOBAL THREAT REPORT | π
πΈ Feb 19 2019 - [CrowdStrike] 2019 GLOBAL THREAT REPORT | π
πΈ Jun 29 2020 - [QianXin] APT threat report 2020 1H CN version | π
πΈ Feb 02 2019 - [QianXin] APT threat report 2019 CN version | π
πΈ Mar 05 2020 - [Tencent] [CN] 2019 APT Summary Report | π
πΈ Jan 03 2019 - [Tencent] [CN] 2018 APT Summary Report | π
πΈ Nov 16 2020 - [Verizon] Cyber-Espionage Report 2020-2021 | π
πΈ Nov 18 2020 - [Sophos] SOPHOS 2021 THREAT REPORT | π
πΈ Dec 02 2019 - [Sophos] SOPHOS 2020 THREAT REPORT | π
πΈ Oct xx 2021 - [360] Global APT Research Report for the first half of 2021 | π
πΈ Oct xx 2021 - [Microsoft] Microsoft Digital Defense Report October 2021 | π
πΈ Nov 18 2020 - [KELA] Zooming into Darknet Threats Targeting Japanese Organizations | π
πΈ Nov 04 2020 - [WEF] Partnership against
Cybercrime | π
πΈ May 01 2020 - [Macnia Networks, TeamT5] 2019 H2 APT Report | π
πΈ Feb 02 2019 - [threatinte] Threat Intel Reads β January 2019 | π
πΈ Feb 2019 - [SWISSCOM] Targeted Attacks: Cyber Security Report 2019 | π
πΈ Jan 30 2019 - [Dragos] Webinar Summary: Uncovering ICS Threat Activity Groups | π
πΈ Jan 15 2019 - [Hackmageddon] 2018: A Year of Cyber Attacks | π
πΈ Jan 09 2019 - [360] [CN] 2018 APT Summary Report | π
πΈ Jan 07 2019 - [Medium] APT_chronicles_december_2018_edition | π
πΈ Sep 07 2020 - [SWIFT & BAE] Follow the Money | π