|
Up
|
|
|
|
|
2021.01.04 - APT 27 Turns to Ransomware/
|
— |
|
|
|
2021.01.04 - Dridex - Catching the Next Strike/
|
— |
|
|
|
2021.01.04 - Royal Road Re-Dive/
|
— |
|
|
|
2021.01.05 - Earth Wendigo Injects JavaScript Backdoor for Mailbox Exfiltration/
|
— |
|
|
|
2021.01.05 - ReconHellcat Uses NIST Theme as Lure To Deliver New BlackSoul Malware/
|
— |
|
|
|
2021.01.06 - A Deep Dive into Lokibot Infection Chain/
|
— |
|
|
|
2021.01.06 - Retrohunting APT37 - North Korean APT used VBA self decode technique to inject RokRat/
|
— |
|
|
|
2021.01.07 - Brunhilda DaaS Malware Analysis Report/
|
— |
|
|
|
2021.01.08 - Charming Kitten’s Christmas Gift/
|
— |
|
|
|
2021.01.11 - CrowdStrike Technical Analysis/
|
— |
|
|
|
2021.01.11 - Sunburst backdoor – code overlaps with Kazuar/
|
— |
|
|
|
2021.01.11 - xHunt Campaign New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement/
|
— |
|
|
|
2021.01.12 - Chimera - Abusing cloud services to fly under the radar/
|
— |
|
|
|
2021.01.12 - Operation Spalax - Targeted malware attacks in Colombia/
|
— |
|
|
|
2021.01.12 - STEEL CORGI - A Sophisticated APT Swiss Army Knife/
|
— |
|
|
|
2021.01.14 - Higaisa or Winnti - APT41 backdoors, old and new/
|
— |
|
|
|
2021.01.20 - A Deep Dive Into Patchwork APT Group/
|
— |
|
|
|
2021.01.20 - Commonly Known Tools Used by Lazarus/
|
— |
|
|
|
2021.01.28 - Lebanese Cedar APT/
|
— |
|
|
|
2021.01.31 - A41APT case/
|
— |
|
|
|
2021.02.01 - Operation NightScout - Supply‑chain attack targets online gaming in Asia/
|
— |
|
|
|
2021.02.02 - Kobalos goes after HPCs/
|
— |
|
|
|
2021.02.03 - Hildegard - New TeamTNT Malware Targe/
|
— |
|
|
|
2021.02.08 - Domestic Kitten - An Inside Look at the Iranian Surveillance Operations/
|
— |
|
|
|
2021.02.09 - BendyBear - Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech/
|
— |
|
|
|
2021.02.10 - Lookout Discovers Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict/
|
— |
|
|
|
2021.02.17 - Confucius APT Android Spyware Targets Pakistani and Other South Asian Regions/
|
— |
|
|
|
2021.02.22 - The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day/
|
— |
|
|
|
2021.02.24 - Click and Bait - Vietnamese Human Rights Defenders Targeted with Spyware Attacks/
|
— |
|
|
|
2021.02.24 - LazyScripter - From Empire to double RAT/
|
— |
|
|
|
2021.02.25 - APT10 - Tracking down the stealth activity of the A41APT campaign/
|
— |
|
|
|
2021.02.25 - Lazarus Threat Needle/
|
— |
|
|
|
2021.02.25 - TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations/
|
— |
|
|
|
2021.02.28 - RedEcho APT - China-Linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions/
|
— |
|
|
|
2021.03.02 - HAFNIUM APT targeting Exchange Servers with 0-day exploits/
|
— |
|
|
|
2021.03.02 - Operation Exchange Marauder/
|
— |
|
|
|
2021.03.10 - FIN8 Returns with Improved BADHATCH Toolkit/
|
— |
|
|
|
2021.03.10 - New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor/
|
— |
|
|
|
2021.03.11 - Academics AI and APTs/
|
— |
|
|
|
2021.03.18 - SilverFish Group Threat Actor Report/
|
— |
|
|
|
2021.03.30 - APT10 - sophisticated multi-layered loader Ecipekac discovered in A41APT campaign/
|
— |
|
|
|
2021.03.30 - BadBlood - TA453/
|
— |
|
|
|
2021.04.07 - Sowing Discord/
|
— |
|
|
|
2021.04.08 - Iran’s APT34 Returns with an Updated Arsenal/
|
— |
|
|
|
2021.04.08 - Vyveva - Lazarus's backdoor/
|
— |
|
|
|
2021.04.09 - Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware/
|
— |
|
|
|
2021.04.13 - Hackers Flood the Web with 100,000 Malicious Pages/
|
— |
|
|
|
2021.04.13 - Zero-day vulnerability in Desktop Window Manager (CVE-2021-28310) used in the wild/
|
— |
|
|
|
2021.04.19 - Lazarus APT conceals malicious code within BMP image to drop its RAT/
|
— |
|
|
|
2021.04.19 - Zebrocys Dropper/
|
— |
|
|
|
2021.04.20 - Pulse Secure Zero Day/
|
— |
|
|
|
2021.04.23 - Charming Kitten discovered in a pre-infected environment/
|
— |
|
|
|
2021.04.23 - NAIKON - Traces from a Military Cyber-Espionage Operation/
|
— |
|
|
|
2021.04.27 - Lazarus Group Recruitment - Threat Hunters vs Head Hunters/
|
— |
|
|
|
2021.04.28 - UNC1151 Likely Conducts Ghostwriter Influence Activity/
|
— |
|
|
|
2021.05.01 - Attributing Attacks Against Crypto Exchanges to LAZARUS/
|
— |
|
|
|
2021.05.06 - Operation TunnelSnake/
|
— |
|
|
|
2021.05.07 - Further TTPs associated with SVR cyber actors/
|
— |
|
|
|
2021.05.07 - Revealing the Snip3 Crypter a Highly Evasive RAT Loader/
|
— |
|
|
|
2021.05.13 - Transparent Tribe APT expands its Windows malware arsenal/
|
— |
|
|
|
2021.05.25 - Agrius - From Wiper to Ransomware/
|
— |
|
|
|
2021.05.27 - New sophisticated email-based attack from NOBELIUM/
|
— |
|
|
|
2021.05.28 - Breaking down NOBELIUM’s latest early-stage toolset/
|
— |
|
|
|
2021.06.02 - NOBELIUM Campaigns and Malware/
|
— |
|
|
|
2021.06.03 - SharpPanda - Chinese APT Group Targets Southeast Asian Government With Previously Unknown Backdoor/
|
— |
|
|
|
2021.06.08 - PuzzleMaker attacks with Chrome zero-day exploit chain/
|
— |
|
|
|
2021.06.10 - Big airline heist - APT41 likely behind massive supply chain attack/
|
— |
|
|
|
2021.06.16 - Ferocious Kitten - 6 years of covert surveillance in Iran/
|
— |
|
|
|
2021.06.16 - Threat Activity Group RedFoxtrot Linked to China’s PLA Unit 69010/
|
— |
|
|
|
2021.06.24 - Operation Eagle Eye/
|
— |
|
|
|
2021.07.01 - IndigoZebra APT continues to attack Central Asia with evolving tools/
|
— |
|
|
|
2021.07.05 - Tracking Cobalt Strike/
|
— |
|
|
|
2021.07.06 - Lazarus campaign TTPs and evolution/
|
— |
|
|
|
2021.07.07 - InSideCopy - How this APT continues to evolve its arsenal/
|
— |
|
|
|
2021.07.19 - CSA TTPs of Indicted APT40 Actors Associated with China/
|
— |
|
|
|
2021.07.20 - Tracking the Activities of TeamTNT/
|
— |
|
|
|
2021.07.27 - bDeep dive into a FIN8 attack A forensic investigation/
|
— |
|
|
|
2021.07.27 - THOR - Previously Unseen PlugX Variant Deployed During Microsoft Exchange Server Attacks by PKPLUG Group/
|
— |
|
|
|
2021.07.28 - I Knew You Were Trouble - TA456 Targets Defense Contractor with Alluring Social Media Persona/
|
— |
|
|
|
2021.08.02 - TG1021 - Praying Mantis Threat Actor/
|
— |
|
|
|
2021.08.03 - APT31 new dropper. Target destinations_ Mongolia, Russia, the U.S., and elsewhere/
|
— |
|
|
|
2021.08.03 - DeadRinger - Exposing Chinese Threat Actors Targeting Major Telcos/
|
— |
|
|
|
2021.08.03 - The Art of Cyberwarfare/
|
— |
|
|
|
2021.08.10 - UNC215 - Spotlight on a Chinese Espionage Campaign in Israel/
|
— |
|
|
|
2021.08.12 - Uncovering Tetris - a Full Surveillance Kit Running in your Browser/
|
— |
|
|
|
2021.08.14 - Indra - Hackers Behind Recent Attacks on Iran/
|
— |
|
|
|
2021.08.17 - New Iranian Espionage Campaign/
|
— |
|
|
|
2021.08.17 - North Korean APT InkySquid Infects Victims Using Browser Exploits/
|
— |
|
|
|
2021.08.19 - Shadowpad/
|
— |
|
|
|
2021.08.25 - FIN8 Threat Actor Goes Agile with New Sardonic Backdoor/
|
— |
|
|
|
2021.09.08 - Pro-PRC Influence Campaign/
|
— |
|
|
|
2021.09.09 - Dark Covenant - Connections Between the Russian State and Criminal Actors/
|
— |
|
|
|
2021.09.13 - APT-C-36 Updates Its Long-term Spam Campaign Against South American Entities With Commodity RATs/
|
— |
|
|
|
2021.09.14 - Operation Harvest/
|
— |
|
|
|
2021.09.16 - Operation Layover How we tracked an attack on the aviation industry to five years of compromise/
|
— |
|
|
|
2021.09.23 - FamousSparrow - A suspicious hotel guest/
|
— |
|
|
|
2021.09.27 - FoggyWeb Targeted NOBELIUM malware leads to persistent backdoor/
|
— |
|
|
|
2021.09.28 - FinSpy unseen findings/
|
— |
|
|
|
2021.09.28 - Learning to ChaCha with APT41/
|
— |
|
|
|
2021.09.30 - GhostEmperor technical details/
|
— |
|
|
|
2021.10.04 - Malware Gh0stTimes Used by BlackTech/
|
— |
|
|
|
2021.10.05 - UEFI threats moving to the ESP Introducing ESPecter bootkit/
|
— |
|
|
|
2021.10.06 - Operation GhostShell - Novel RAT Targets Global Aerospace and Telecoms Firms/
|
— |
|
|
|
2021.10.11 - ESET FontOnLake/
|
— |
|
|
|
2021.10.12 - MysterySnail attacks with Windows zero-day/
|
— |
|
|
|
2021.10.14 - Explosive New MirrorBlast Campaign Targets Financial Companies/
|
— |
|
|
|
2021.10.18 - Harvester - Nation-state-backed group uses new toolset to target victims in South Asia/
|
— |
|
|
|
2021.10.19 - A Roaming Threat to Telecommunications Companies/
|
— |
|
|
|
2021.10.19 - PurpleFox Adds New Backdoor That Uses WebSockets/
|
— |
|
|
|
2021.10.19 - Whatta TA - TA505 Ramps Up Activity, Delivers New FlawedGrace Variant/
|
— |
|
|
|
2021.10.20 - Digitally-Signed Rootkits are Back – A Look at FiveSys and Companions/
|
— |
|
|
|
2021.10.20 - VNC Malware TinyNuke TightVNC Used by Kimsuky Group/
|
— |
|
|
|
2021.10.26 - SQUIRRELWAFFLE Leverages malspam to deliver Qakbot Cobalt Strike/
|
— |
|
|
|
2021.10.26 -Malware WinDealer used by LuoYu Attack Group/
|
— |
|
|
|
2021.10.27 - New Threat Actor Spoofs Philippine Government COVID-19 Health Data in Widespread RAT Campaigns/
|
— |
|
|
|
2021.10.27 - Wslink - Unique and undocumented malicious loader that runs as a server/
|
— |
|
|
|
2021.10.28 - Rooting Malware Makes a Comeback Lookout Discovers Global Campaign/
|
— |
|
|
|
2021.10.28 - Tactics, Techniques, and Indicators of Compromise Associated with Hello KittyFiveHands Ransomware/
|
— |
|
|
|
2021.11.02 - Lamwac/
|
— |
|
|
|
2021.11.03 - Dissecting new AppleSeed backdoor of Kimsuky threat actor/
|
— |
|
|
|
2021.11.04 - Technical report Armagedon/
|
— |
|
|
|
2021.11.05 - Hunter Becomes Hunted Zebra2104 Hides a Herd of Malware/
|
— |
|
|
|
2021.11.07 - Godzilla Webshell/
|
— |
|
|
|
2021.11.07 - IronTiger APT campaign New HyperBro and SysUpdate samples/
|
— |
|
|
|
2021.11.08 - Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus/
|
— |
|
|
|
2021.11.10 - Lazaus - NukeSped/
|
— |
|
|
|
2021.11.10 - Void Balaur/
|
— |
|
|
|
2021.11.15 - KIMSUKY- OP Light-Shell/
|
— |
|
|
|
2021.11.17 - Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities/
|
— |
|
|
|
2021.11.18 - Triple Threat North Korea-Aligned TA406 Steals, Scams and Spies/
|
— |
|
|
|
2021.11.22 - Tardigrade - APT Attack on the Bioeconomy/
|
— |
|
|
|
2021.11.23 - Android APT spyware, targeting Middle East victims, enhances evasiveness/
|
— |
|
|
|
2021.11.24 - Anatomy of COBRA/
|
— |
|
|
|
2021.11.25 - A Deep Dive Into SoWaT - APT31’s Multifunctional Router Implant/
|
— |
|
|
|
2021.11.29 - ScarCruft surveilling North Korean defectors and human rights activists/
|
— |
|
|
|
2021.11.29 - WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019/
|
— |
|
|
|
2021.11.30 - EwDoor Botnet Is Attacking AT&T Customers/
|
— |
|
|
|
2021.12.01 - Injection is the New Black/
|
— |
|
|
|
2021.12.01 - JUMPING THE AIR GAP - 15 years of nation-state effort/
|
— |
|
|
|
2021.12.01 - Tracking a P2P network related to TA505/
|
— |
|
|
|
2021.12.02 - SideCopy APT Connecting lures to victims, payloads to infrastructure/
|
— |
|
|
|
2021.12.03 - TigerRAT Families/
|
— |
|
|
|
2021.12.04 - APT-C-23 in Palestine/
|
— |
|
|
|
2021.12.06 - APT37 Using a New Android Spyware, Chinotto/
|
— |
|
|
|
2021.12.06 - PHISHING CAMPAIGNS BY THE NOBELIUM INTRUSION SET/
|
— |
|
|
|
2021.12.07 - FIN13 A Cybercriminal Threat Actor Focused on Mexico/
|
— |
|
|
|
2021.12.07 - Threat news TeamTNT stealing credentials using EC2 Instance Metadata/
|
— |
|
|
|
2021.12.08 - Chasing Shadows - A deep dive into the latest obfuscation methods being used by ShadowPad/
|
— |
|
|
|
2021.12.09 - A new StrongPity variant hides behind Notepad++ installation/
|
— |
|
|
|
2021.12.14 - DarkWatchman A new evolution in fileless techniques/
|
— |
|
|
|
2021.12.14 - Espionage Campaign Targets Telecoms Organizations across Middle East and Asia/
|
— |
|
|
|
2021.12.14 - Tropic Trooper Targets Transportation and Government Organizations/
|
— |
|
|
|
2021.12.15 - APT31 INTRUSION SET CAMPAIGN/
|
— |
|
|
|
2021.12.15 - Backdoored Client from Mongolian CA MonPass/
|
— |
|
|
|
2021.12.16 - Avast Finds Backdoor on US Government Commission Network/
|
— |
|
|
|
2021.12.16 - New DarkHotel APT attack chain identified/
|
— |
|
|
|
2021.12.16 - PseudoManuscrypt - a mass-scale spyware attack campaign/
|
— |
|
|
|
2021.12.17 - APT Actors Exploiting Newly-Identified Zero Day in ManageEngine Desktop Central/
|
— |
|
|
|
2021.12.17 - DSIRFWe unveil the “Subzero” state trojan from Austria/
|
— |
|
|
|
2021.12.17 - Serverless InfoStealer delivered in Est European Countries/
|
— |
|
|
|
2021.12.27 - A Deep Dive into DoubleFeature/
|
— |
|
|
|
2021.12.28 - Flagpro - The new malware used by BlackTech/
|
— |
|
|
|
2021.12.29 - AQUATIC PANDA in Possession of Log4Shell Exploit Tools/
|
— |
|
|
|
2021.12.29 - Take the lights-out Implant.ARM.iLOBleed.a/
|
— |
|
|
|
2021.12.30 - Ahnlab - Kimsuky/
|
— |
|
|
|
2021.12.31 - APT28 SKINNYBOY - Cheat Sheet/
|
— |
|
|