/vx/APTs/2022/

410 directories 0 files
List Grid
Name
Size Modified
Up
2022.01.03 - BlackLotusLabs - KONNI/
2022.01.05 - 2022 Q1 Threat Intel Final/
2022.01.05 - Elephant Beetle - FINANCIAL THEFT OPERATION/
2022.01.06 - NOBELIUM’s EnvyScout infection chain goes in the registry, targeting embassies/
2022.01.07 - Patchwork APT caught in its own web/
2022.01.11 - APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit/
2022.01.11 - Understanding and Mitigating Russian Threats/
2022.01.12 - MuddyWater - Recent Activity of an Iranian State-Sponsored Threat Actor/
2022.01.12 - OceanLotus hackers turn to web archive files to deploy backdoors/
2022.01.13 - FIN7 Uses Flash Drives to Spread Remote Access Trojan/
2022.01.13 - North Korean Hackers Have Prolific Year/
2022.01.13 - The BlueNoroff cryptocurrency hunt is still on/
2022.01.15 - Operation Bleeding Bear/
2022.01.17 - An Analysis of Earth Lusca’s Operations/
2022.01.17 - Cyber espionage campaign targets renewable energy companies/
2022.01.18 - Annual APT Group Threat Research Report-knownsec/
2022.01.18 - DoNot Go! Do not respawn!/
2022.01.20 - Indicators of Compromise Associated with Diavol Ransomware/
2022.01.20 - New espionage attack by Molerats APT targeting users in the Middle East/
2022.01.20 - Technical details of MoonBounce’s implementation/
2022.01.24 - Investigating APT36 or Earth Karkaddans Attack Chain and Malware Arsenal/
2022.01.24 - TrickBot Bolsters Layered Defenses to Prevent Injection Research/
2022.01.25 - Prime Ministers Office Compromised Details of Recent Espionage Campaign/
2022.01.25 - Watering hole deploys new macOS malware DazzleSpy in Asia/
2022.01.26 - BfV Cyber-Brief/
2022.01.26 - KONNI evolves into stealthier RAT/
2022.01.26 - Log4U Shell4Me/
2022.01.27 - Crazy Journey - Evolution of Smoky Camouflage/
2022.01.27 - Cylera Labs Kwampirs Shamoon Technical Report/
2022.01.27 - JSAC2022 - Ambiguously Black - The Current State of Earth Hundun's Arsenal/
2022.01.27 - JSAC2022 - What We Can Do against the Chaotic A41APT Campaign/
2022.01.27 - LuoYu - Continuous Espionage Activities Targeting Japan with the new version of WinDealer in 2021/
2022.01.27 - North Koreas Lazarus APT leverages Windows Update client GitHub in latest campaign/
2022.01.27 - StellarParticle Campaign Novel Tactics and Techniques/
2022.01.27 - Threat actor of in-Tur-est/
2022.01.28 - Indian Army Personnel Face Remote Access Trojan Attacks/
2022.01.31 - Conversation with a top Ukrainian cyber official - What we know, what we don't, what it means/
2022.01.31 - Iranian APT MuddyWater targets Turkish users via malicious PDFs executables/
2022.01.31 - Shuckworm Continues Cyber-Espionage Attacks Against Ukraine/
2022.02.01 - PowerLess Trojan Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage/
2022.02.01 - StrifeWater RAT Iranian APT Moses Staff Adds New Trojan to Ransomware Operations/
2022.02.02 - Arid Viper APT targets Palestine with new wave of politically themed phishing attacks malware/
2022.02.02 - White Rabbit Continued Sardonic and F5/
2022.02.03 - Analysis of Attack Against National Games of China Systems -/
2022.02.03 - Antlion - Chinese APT Uses Custom Backdoor to Target Financial Institutions in Taiwan/
2022.02.03 - Gamaredon (Primitive Bear) Russian APT Group Actively Targeting Ukraine/
2022.02.04 - ACTINIUM targets Ukrainian organizations/
2022.02.04 - Cyberattack on News Corp Believed Linked to China Targeted Emails of Journalists Others/
2022.02.04 - Ukraine Campaign Delivers Defacement and Wipers, in Continued Escalation/
2022.02.08 - Distribution of Kimsuky Groups xRAT Quasar RAT Confirmed - ASEC BLOG/
2022.02.08 - Ugg Boots 4 Sale A Tale of Palestinian-Aligned Espionage Proofpoint US/
2022.02.09 - Elephant APT Report/
2022.02.09 - ESET Threat Report/
2022.02.09 - HiddenArt - A Russian-linked SS7 Threat Actor/
2022.02.10 - InQuest - Join the Hunt/
2022.02.10 - What’s with the shared VBA code between Transparent Tribe and other threat actors/
2022.02.11 - Deep Dive Analysis capraRAT/
2022.02.14 - ThreatReport - EmissaryPanda/
2022.02.15 - Charting TA2541s Flight Proofpoint US/
2022.02.15 - Guard Your Drive from DriveGuard Moses Staff Campaigns Against Israeli Organizations Span Several Months/
2022.02.15 - ShadowPad Malware Analysis/
2022.02.16 - APT organization Lorec53 Lori Bear recently launched a large-scale cyber attack on Ukraine/
2022.02.17 - Log4j2 In The Wild Iranian-Aligned Threat Actor TunnelVision Actively Exploiting VMware Horizon/
2022.02.18 - EvilPlayout Attack Against Irans State Broadcaster - Check Point Research/
2022.02.18 - PseudoManuscrypt Being Distributed in the Same Method as Cryptbot - ASEC BLOG/
2022.02.20 - Technical Analysis of the DDoS Attacks against Ukrainian Websites/
2022.02.21 - CERT UA GOV/
2022.02.21 - CyCraft - APT10 - Operation Cache Panda/
2022.02.22 - APT Attack Attempts Disguised as North Korea Related Paper Requirements Kimsuky/
2022.02.23 - Cyclops-Blink-Malware-Analysis-Report/
2022.02.23 - Dridex bots deliver Entropy ransomware in recent attacks/
2022.02.23 - ExChange of Pace UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware/
2022.02.23 - HermeticWiper New Destructive Malware Used In Cyber Attacks on Ukraine/
2022.02.24 - Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks/
2022.02.24 - SockDetour – a Silent, Fileless, Socketless Backdoor – Targets U.S. Defense Contractors/
2022.02.25 - Spear Phishing Attacks Target Organizations in Ukraine Payloads Include the Document Stealer OutSteel/
2022.02.25 - Technical Analysis of PartyTicket Ransomware/
2022.02.25 - The Hunt for the Lost Soul Unraveling the Evolution of the SoulSearcher Malware/
2022.02.28 - Daxin Stealthy Backdoor Designed for Attacks Against Hardened Networks/
2022.03.01 - Asylum Ambuscade State Actor Uses Compromised Private Ukrainian Military Emails to Target European Gov/
2022.03.01 - IsaacWiper and HermeticWizard New wiper and worm targeting Ukraine/
2022.03.07 - An update on the threat landscape/
2022.03.07 - CERT-UA/
2022.03.07 - PHOREAL Malware Targets the Southeast Asian Financial Sector/
2022.03.07 - PROPHET SPIDER Exploits Citrix ShareFile Remote Code Execution Vulnerability/
2022.03.07 - The Good the Bad and the Web Bug TA416 Increases Operational Tempo Against European Governments/
2022.03.08 - Does This Look Infected A Summary of APT41 Targeting US State Governments/
2022.03.08 - New RURansom Wiper Targets Russia/
2022.03.09 - Sockbot in GoLand/
2022.03.10 - Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups/
2022.03.11 - Cyberattack on the state authorities of Ukraine using the malicious program Cobalt Strike Beacon/
2022.03.14 - Threat Advisory Opportunistic cyber criminals take advantage of Ukraine invasion/
2022.03.15 - Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability/
2022.03.15 - Threat Actor UAC-0056 Targeting Ukraine with Fake Translation Software/
2022.03.15 - What Wicked Webs We Un-weave/
2022.03.16 - DirtyMoe Worming Modules/
2022.03.16 - Have Your Cake and Eat it Too An Overview of UNC2891/
2022.03.17 - Cyber attack of the UAC-0020 group (Vermin) on state organizations of Ukraine using the malicious program SPECTR/
2022.03.17 - Cyclops Blink Sets Sights on ASUS Routers/
2022.03.17 - Exposing initial access broker with ties to Conti/
2022.03.17 - Suspected DarkHotel APT activity update/
2022.03.18 - Cyber attack of UAC-0035 group (InvisiMole) on state organizations of Ukraine/
2022.03.18 - Ghostwriter in the Shell Expanding on Mandiant’s Attribution of UNC1151 to Belarus/
2022.03.18 - Strengthening Cybersecurity of SATCOM Network Providers and Customers/
2022.03.21 - APT35 Automates Initial Access Using ProxyShell/
2022.03.21 - Serpent No Swiping New Backdoor Targets French Entities with Unique Attack Chain/
2022.03.21 - What is Arid Gopher An Analysis of a New Never-Before-Seen Malware Variant/
2022.03.22 - APT Attack Being Distributed as Windows Help File chm/
2022.03.22 - Cyberattack on Ukrainian enterprises using the DoubleZero destructor program/
2022.03.22 - Operation Dragon Castling APT group targeting betting companies/
2022.03.22 - Storm Cloud on the Horizon GIMMICK Malware Strikes at macOS/
2022.03.22 - UAC-0026 Cyber Attack Using HeaderTip Malware/
2022.03.23 - -Not So Lazarus Mapping DPRK Cyber Threat Groups to Government Organizations/
2022.03.23 - Cyberattack on state organizations of Ukraine using the malicious program Cobalt Strike Beacon/
2022.03.23 - Mustang Pandas Hodur Old tricks new Korplug variant/
2022.03.23 - New JSSLoader Trojan Delivered Through XLL Files/
2022.03.24 - Chinese Threat Actor Scarab Targeting Ukraine/
2022.03.24 - Countering threats from North Korea/
2022.03.28 - Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool/
2022.03.28 - Cyberattack on state bodies of Ukraine using PseudoSteel malware/
2022.03.28 - New UAC-0056 activity Theres a Go Elephant in the room/
2022.03.28 - Under the hood of Wslink’s multilayered virtual machine/
2022.03.29 - APT attack disguised as North Korean defector resume format VBS script/
2022.03.29 - PlugX A Talisman to Behold/
2022.03.29 - Transparent Tribe campaign uses new bespoke malware to target Indian government officials/
2022.03.30 - Cloud Atlas Maldoc/
2022.03.30 - Mass spread of MarsStealer malicious program among citizens of Ukraine and domestic organizations/
2022.03.30 - New Milestones for Deep Panda Log4Shell and Digitally Signed Fire Chili Rootkits/
2022.03.30 - Tracking cyber activity in Eastern Europe/
2022.03.30 - VajraEleph from South Asia - Cyber espionage against Pakistani military personnel revealed/
2022.03.31 - AcidRain A Modem Wiper Rains Down on Europe/
2022.03.31 - Lazarus Trojanized DeFi app for delivering malware/
2022.03.31 - Reversemode - viasat/
2022.04.04 - Cyber attack by UAC-0010 (Armageddon) on state institutions of the European Union/
2022.04.04 - Cyber attack of UAC-0010 group (Armageddon) on state organizations of Ukraine/
2022.04.04 - FIN7 Power Hour Adversary Archaeology and the Evolution of FIN7/
2022.04.05 - Cicada Chinese APT Group Widens Targeting in Recent Espionage Activity/
2022.04.06 - Continued Targeting of Indian Power Grid Assets by Chinese State-Sponsored Activity Group/
2022.04.06 - Operation Bearded Barbie APT-C-23 Campaign Targeting Israeli Officials/
2022.04.07 - Adversarial Threat Report/
2022.04.07 - Cyber attack of UAC-0010 group (Armageddon) on state organizations of Ukraine/
2022.04.07 - Parrot TDS takes over web servers and threatens millions/
2022.04.11 - DPRK-NEXUS ADVERSARY TARGETS SOUTH-KOREAN INDIVIDUALS IN A NEW CHAPTER OF KITTY PHISHING OPERATION/
2022.04.12 - Cyberattack by Sandworm Group (UAC-0082) on energy facilities of Ukraine using malicious programs INDUSTROYER2 and CADDYWIPER/
2022.04.12 - Recent attacks by Bahamut group revealed/
2022.04.12 - Tarrask malware uses scheduled tasks for defense evasion/
2022.04.13 - INCONTROLLER New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems/
2022.04.14 - Cyberattack on state organizations of Ukraine using the malicious program IcedID/
2022.04.14 - Cyberattack on Ukrainian government organizations using exploits for XSS vulnerabilities in Zimbra Collaboration Suite/
2022.04.14 - Lazarus Targets Chemical Sector/
2022.04.14 - Old Gremlins new methods/
2022.04.14 - Orion Threat Alert Flight of the BumbleBee/
2022.04.18 - Cyberattack on state organizations of Ukraine using the topic Azovstal and the malicious program Cobalt Strike Beacon/
2022.04.18 - Nobelium - Israeli Embassy Maldoc/
2022.04.18 - TraderTraitor North Korean State-Sponsored APT Targets Blockchain Companies/
2022.04.20 - Shuckworm Espionage Group Continues Intense Campaign Against Ukraine/
2022.04.21 - TeamTNT targeting AWS Alibaba/
2022.04.21 - The ink-stained trail of GOLDBACKDOOR/
2022.04.25 - New Core Impact Backdoor Delivered Via VMWare Vulnerability/
2022.04.26 - Lazarus Group APT targeting South Korean users/
2022.04.26 - UAC-0056 cyberattack using GraphSteel and GrimPlant malware and COVID-19/
2022.04.27 - A lookback under the TA410 umbrella Its cyberespionage TTPs and activity/
2022.04.27 - Assembling the Russian Nesting Doll UNC2452 Merged into APT29/
2022.04.27 - BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX/
2022.04.27 - Five hacker groups that attack Ukraine the most/
2022.04.27 - Industroyer2 - Nozomi Networks Labs Analyzes the IEC 104 Payload/
2022.04.27 - New APT Group Earth Berberoka Targets/
2022.04.27 - Special Report Ukraine/
2022.04.27 - Stonefly North Korea-linked Spying Operation Continues to Hit High-value Targets/
2022.04.27 - The origin story of APT32 macros - The StrikeSuit Gift that keeps giving/
2022.04.28 - Investigation of DDoS attacks as a result of website corruption using malicious JavaScript code BrownFlood/
2022.04.28 - Trello From the Other Side Tracking APT29 Phishing Campaigns/
2022.04.29 - THE LOTUS PANDA IS AWAKE AGAIN ANALYSIS OF ITS LAST STRIKE/
2022.05.02 - Moshen Dragons Triad-and-Error Approach Abusing Security Software to Sideload PlugX and ShadowPad/
2022.05.03 - SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse/
2022.05.03 - The strange link between a destructive malware and a ransomware-gang linked custom loader IsaacWiper/
2022.05.03 - Update on cyber activity in Eastern Europe/
2022.05.04 - A new secret stash for fileless malware/
2022.05.05 - FLINT 2022-016 - QNAP worm who benefits from crime/
2022.05.06 - CERT GOV UA-4622 APT28/
2022.05.07 - BPFDoor - an active Chinese global surveillance tool/
2022.05.07 - CERT GOV - UA-4625 - JesterStealer/
2022.05.09 - From The DPRK With Love - analyzing a recent north korean macOS backdoor/
2022.05.10 - APT34 targets Jordan Government using new Saitama backdoor/
2022.05.11 - Bitter APT adds Bangladesh to their targets/
2022.05.12 - COBALT MIRAGE Conducts Ransomware Operations in US/
2022.05.12 - ESET Mozilla Lazurus/
2022.05.12 - Network Footprints of Gamaredon Group/
2022.05.16 - Analysis of HUI Loader/
2022.05.16 - Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis/
2022.05.16 - Operation Dragon Breath (APT-Q-27) Dimensionality Reduction Strike for the Gaming Industry/
2022.05.16 - Wizard Spider In-Depth Analysis/
2022.05.17 - Space Pirates analyzing the tools and connections of a new hacker group/
2022.05.19 - ITG23 Crypters Highlight Cooperation Between Cybercriminal Groups/
2022.05.19 - Major Cyber Organizations of the Russian Intelligence Services/
2022.05.19 - Twisted Panda Chinese APT espionage operation against Russian’s state-owned defense institutes/
2022.05.20 - ESET Research - Arguepatch/
2022.05.20 - RE027 China-based APT Mustang Panda might have still continued their attack activities against organizations/
2022.05.24 - Unknown APT group has targeted Russia repeatedly since Ukraine invasion/
2022.05.31 - Operation DarkCasino In-depth analysis of recent attacks by APT group Evilnum/
2022.06.01 - deepinstinct.com-Iranian Threat Actor Continues to Develop Mass Exploitation Tools/
2022.06.01 - SideWinder.AntiBot.Script/
2022.06.02 - CVE-2021-40444 CERT GOV/
2022.06.02 - WinDealer dealing on the side/
2022.06.03 - Outbreak of Follina in Australia/
2022.06.09 - Aoqin Dragon Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Yea/
2022.06.09 - Symbiote A New Nearly-Impossible-to-Detect Linux Threat/
2022.06.10 - Lyceum .NET DNS Backdoor/
2022.06.13 - GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool/
2022.06.14 - Iranian Spear-Phishing Operation Targets Former Israeli and US High-Ranking Officials/
2022.06.15 - Sophos uncovers how APT groups carried out highly targeted attack/
2022.06.16 - Lookout Uncovers Android Spyware Deployed in Kazakhstan/
2022.06.17 - BRATA is evolving into an Advanced Persistent Threat/
2022.06.21 - APT ToddyCat/
2022.06.21 - MuddyWaters light first-stager targetting Middle East/
2022.06.21 - Russias APT28 uses fear of nuclear war to spread Follina docs in Ukraine/
2022.06.22 - Chinese actor takes aim, armed with Nim Language and Bizarro AES/
2022.06.27 - Attacks on industrial control systems using ShadowPad/
2022.06.27 - Return of the Evilnum APT with updated TTPs and newtargets/
2022.06.29 - Technical Analysis on FOXACID/
2022.06.30 - The SessionManager IIS backdoor/
2022.07.04 - Making Fun of Your APT Malware - Bitter APT Using ZxxZ Backdoor to Target Pakistan Public Accounts/
2022.07.05 - Whatever floats your Boat Bitter APT continues to target Bangladesh/
2022.07.05 - When Pentest Tools Go Brutal Red-Teaming Tool Being Abused by Malicious Actors/
2022.07.07 - Targets of Interest Russian Organizations Increasingly Under Attack By Chinese APTs/
2022.07.12 - An Analysis of Infrastructure linked to the Hagga Threat Actor/
2022.07.13 - A Hit is made Sidewinder APT successfully cyber attacks Pakistan military focused targets/
2022.07.13 - Cobalt Strikes again - UAC-0056 continues to target Ukraine in its latest campaign/
2022.07.13 - Confucius - The Angler Hidden Under CloudFlare/
2022.07.13 - Targeted Attack on Government Agencies/
2022.07.13 - Transparent Tribe begins targeting education sector in latest campaign/
2022.07.14 - Above the Fold and in Your Inbox Tracing State-Aligned Activity Targeting Journalists Media/
2022.07.14 - North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware/
2022.07.19 - I see what you did there Alook at the CloudMensis macOS spyware/
2022.07.19 - Russian APT29 Hackers Use Online Storage Services DropBox and Google Drive/
2022.07.20 - APT41 A CaseSudy/
2022.07.20 - Securonix Threat Labs Initial Coverage Advisory STIFFBIZON Detection Using Securonix New Attack Camp/
2022.07.21 - Attackers target Ukraine using GoMet backdoor/
2022.07.21 - Buy Sell Steal EvilNum Targets Cryptocurrency Forex Commodities/
2022.07.21 - The old school hackers behindAPT41/
2022.07.21 - The Return of Candiru Zero-days in the Middle East/
2022.07.22 - Chengdu 404/
2022.07.22 - Old cat new tricks bad habits/
2022.07.24 - Chinese APTs Interlinked networks and sidehustles/
2022.07.25 - CosmicStrand the discovery of a sophisticated UEFI firmware rootkit/
2022.07.26 - CERT GOV - UAC-0010 Armageddon/
2022.07.27 - Untangling KNOTWEED European private-sector offensive actor using 0-day exploits/
2022.07.28 - APT trends report Q2 2022/
2022.07.28 - SharpTongue Deploys Clever Mail-Stealing Browser Extension SHARPEXT/
2022.08.01 - FIN13 (Elephant Beetle) Viva la Threat!/
2022.08.02 - Manjusaka A Chinese sibling of Sliver and Cobalt Strike/
2022.08.03 - Woody RAT A new feature-rich malware spotted in the wild/
2022.08.04 - Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Gover/
2022.08.04 - Quarterly Adversarial Threat Report/
2022.08.08 - Targeted attack on industrial enterprises and public institutions/
2022.08.09 - Andariel deploys DTrack and Maui ransomware/
2022.08.10 - VileRAT DeathStalkers continuous strike at foreign and cryptocurrency exchanges/
2022.08.11 - APT-C-35 Gets a New Upgrade/
2022.08.12 - LuckyMouse uses a backdoored Electron app to target MacOS/
2022.08.15 - Disrupting SEABORGIUMs ongoing phishing operations/
2022.08.15 - Shuckworm Russia-Linked Group Maintains Ukraine Focus/
2022.08.16 - ESET - Lazarus/
2022.08.16 - RedAlpha Conducts Multi-Year Credential Theft Campaign Targeting Global Humanitarian, Think Tank, and Government Organizations/
2022.08.17 - Suspected Iranian Actor Targeting Israeli Shipping Healthcare Government and Energy Sectors/
2022.08.18 - APT41 World Tour 2021 on a tight schedule/
2022.08.18 - New APT group MurenShark investigative report Torpedoes hit Turkish Navy/
2022.08.18 - Reservations Requested TA558 Targets Hospitality and Travel/
2022.08.18 - You Cant Audit Me APT29 Continues Targeting Microsoft 365/
2022.08.23 - New Iranian APT data extraction tool/
2022.08.24 - MagicWeb NOBELIUMs post-compromise trick to authenticate as anyone/
2022.08.25 - Kimsukys GoldDragon cluster and its C2 operations/
2022.08.25 - MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations/
2022.08.29 - Securonix Threat Labs Security AdvisoryNew Golang Attack Campaign GOWEBBFUSCATOR Leverages Office Mac/
2022.08.30 - Rising Tide Chasing the Currents of Espionage in the South China Sea/
2022.09.01 - PyPI Phishing Campaign JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks/
2022.09.01 - Raspberry Robin and Dridex Two Birds of a Feather/
2022.09.02 - Buzzing in the Background BumbleBee, a New Modular Backdoor Evolved From BookWorm/
2022.09.05 - Northwestern Polytechnical University was attacked by the US NSA network attack report (Part 1)/
2022.09.05 - Spyware Campaign Targeting The Uyghur Community/
2022.09.06 - DangerousSavanna - Two-year long campaign targets financial institutions in French-speaking Africa/
2022.09.06 - Pro-Russian Group Targeting Ukraine Supporters with DDoS Attacks/
2022.09.06 - TA505 Group's TeslaGun In-Depth Analysis/
2022.09.06 - Worok - The big picture/
2022.09.07 - APT42 - Crooked Charms, Cons and Compromises/
2022.09.07 - Initial access broker repurposing techniques in targeted attacks against Ukraine/
2022.09.07 - MagicRAT Lazarus latest gateway into victim networks/
2022.09.07 - Profiling DEV-0270 PHOSPHORUS ransomware operations/
2022.09.08 - BRONZE PRESIDENT Targets Government Officials/
2022.09.08 - Lazarus and the tale of three RATs/
2022.09.09 - US Department of the Treasury/
2022.09.13 - Bvp47 Version 1.7 Technical Details Report II/
2022.09.13 - Look What You Made Me Do TA453 Uses Multi-Persona Impersonation to Capitalize on FOMO/
2022.09.13 - New Wave of Espionage Activity Targets Asian Governments/
2022.09.13 - Security Announcements/
2022.09.14 - Dissecting PlugX to Extract Its Crown Jewels/
2022.09.14 - Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations/
2022.09.14 - Its Time to PuTTY DPRK Job Opportunity Phishing via WhatsApp/
2022.09.14 - Opsec Mistakes Reveal COBALT MIRAGE Threat Actors/
2022.09.14 - You never walk alone The SideWalk backdoor gets a Linux variant/
2022.09.15 - F5 BIG-IP Vulnerability (CVE-2022-1388) Exploited by BlackTech/
2022.09.15 - Gamaredon APT targets Ukrainian government agencies in new campaign/
2022.09.15 - Webworm Espionage Attackers Testing and Using Older Modified RATs/
2022.09.19 - Russia-Nexus UAC-0113 Emulating Telecommunication Providers in Ukraine/
2022.09.22 - 7 Years of Scarlet Mimic’s Mobile Surveillance Campaign Targeting Uyghurs/
2022.09.22 - APT41 and Recent Activity/
2022.09.22 - Chinese State-Sponsored Group TA413 Adopts New Capabilities in Pursuit of Tibetan Targets/
2022.09.22 - Raspberry Robins Roshtyak A Little Lesson in Trickery/
2022.09.22 - THE MYSTERY OF METADOR AN UNATTRIBUTED THREAT HIDING IN TELCOS, ISPS, AND UNIVERSITIES/
2022.09.22 - Void Balaur The Sprawling Infrastructure of a Careless Mercenary/
2022.09.23 - GRU Rise of the Telegram MinIOns/
2022.09.23 - In the footsteps of the Fancy Bear PowerPointmouse-over event abused to deliver Graphite implants/
2022.09.26 - Hunting for Unsigned DLLs to Find APTs/
2022.09.27 - Securonix Threat Labs Security Advisory Detecting STEEPMAVERICK New Covert Attack Campaign Targeting/
2022.09.28 - A Deep Dive Into the APT28’s stealer called CredoMap/
2022.09.28 - New campaign uses government union-themed lures to deliver Cobalt Strike beacons/
2022.09.29 - Bad VIBEs Part One Investigating Novel Malware Persistence Within ESXi Hypervisors/
2022.09.29 - Witchetty Group Uses Updated Toolset in Attacks on Governments in Middle East/
2022.09.29 - ZINC weaponizing open-source software/
2022.09.30 - A glimpse into the shadowy realm of a Chinese APT detailed analysis of a ShadowPad intrusion/
2022.09.30 - Amazonthemed campaigns of Lazarus in the Netherlands and Belgium/
2022.10.03 - DeftTorero tactics techniques and procedures of intrusions revealed/
2022.10.03 - Revealing Emperor Dragonfly Night Sky and Cheerscrypt - A Single Ransomware Group/
2022.10.04 - Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization/
2022.10.04 - MSSQL, meet Maggie/
2022.10.04 - The Rise of Earth Aughisky Tracking the Campaigns Taidoor Started/
2022.10.06 - Mustang Panda Abuses Legitimate Apps to Target Myanmar Based Victims/
2022.10.07 - Making oRAT - GO!/
2022.10.11 - The Russian SpyAgent a Decade Later and RAT Tools Remain at Risk/
2022.10.12 - Winnti APT group docks in Sri Lanka for new campaign/
2022.10.12 - WIP19 Espionage New Chinese APT Targets IT Service Providers and Telcos With Signed Malware/
2022.10.13 - Alchimist A new attack framework in Chinese for Mac Linux and Windows/
2022.10.13 - Chinese-linked hackers targeted U.S. state legislature, researchers say/
2022.10.14 - New Prestige ransomware impacts organizations in Ukraine and Poland/
2022.10.17 - DiceyF deploys GamePlayerFramework in online casino development studio/
2022.10.18 - APT27 One Year To Exfiltrate Them All Intrusion In-Depth Analysis/
2022.10.18 - SafeBreach Labs Researchers Uncover New Fully Undetectable Powershell Backdoor/
2022.10.18 - Spyder Loader Malware Seen in Recent Campaign Targeting Organizations in Hong Kong/
2022.10.20 - Domestic Kitten campaign spying on Iranian citizens with new FurBall malware/
2022.10.21 - WarHawk - the New Backdoor in the Arsenal of the SideWinder APT Group/
2022.10.23 - Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries/
2022.10.24 - Unveil the evolution of Kimsuky targeting Android devices with newly discovered mobile malware/
2022.10.27 - Threat Analysis Active C2 Discovery Using Protocol Emulation Part3 ShadowPad/
2022.10.28 - Cranefly - Threat Actor Uses Previously Unseen Techniques and Tools in Stealthy Campaign/
2022.10.31 - APT10 Tracking down LODEINFO 2022 part I/
2022.11.01 - Analysis of Suspected Lazarus Attacks Against South/
2022.11.02 - RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom/
2022.11.03 - APT-36 Uses New TTPs and New Tools to Target Indian Governmental Organizations/
2022.11.03 - Not a dream job Hunting for malicious job offers from an APT/
2022.11.03 - OPERA1ER/
2022.11.07 - Sanctioned deals the Irano-Russian connection under Ankaras supervision Analysis of the NPPD leak/
2022.11.08 - They See Me Roaming Following APT29 by Taking a Deeper Look at Windows Credential Roaming/
2022.11.09 - Hack the Real Box APT41s New Subgroup Earth Longzhi/
2022.11.10 - Lookout Discovers Long-running Surveillance Campaigns Targeting Uyghurs/
2022.11.10 - PNG Steganography Hides Backdoor/
2022.11.11 - CERT GOV UA 5185/
2022.11.15 - Billbug - State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries/
2022.11.15 - DTrack activity targeting Europe and Latin America/
2022.11.17 - Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester/
2022.11.17 - Mustang Panda based in China has targeted attacks with malware Claimloader, may affect Japan/
2022.11.18 - Earth Preta Spear-Phishing Governments Worldwide/
2022.11.18 - GRU 26165 - The Russian cyber unit that hacks targets on-site/
2022.11.23 - Bahamut cybermercenary group targets Android users with fake VPN apps/
2022.11.25 - Analysis of APT-C-60 Attack on South Korea/
2022.11.26 - Russia-based RansomBoggs Ransomware Targeted Several Ukrainian Organizations/
2022.11.28 - Always Another Secret Lifting the Haze on China-nexus Espionage in Southeast Asia/
2022.11.29 - Suspected Iran-Nexus TAG-56 Uses UAE Forum Lure for Credential Theft Against US Think Tank/
2022.11.30 - Whos swimming in South Korean waters Meet ScarCrufts Dolphin/
2022.12.01 - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/
2022.12.01 - New CryWiper data wiper targets Russian courts mayors offices/
2022.12.01 - ZetaNile Open source software trojans from North Korea/
2022.12.02 - Hitching a ride with Mustang Panda/
2022.12.05 - Calisto show interests into entities involved in Ukraine war support/
2022.12.05 - Exposing TAG-53’s Credential Harvesting Infrastructure Used for Russia-Aligned Espionage Operations/
2022.12.05 - Hackers linked to Chinese government stole millions in Covid benefits Secret Service says/
2022.12.05 - Iran State-Backed Hacking of Activists Journalists Politicians/
2022.12.06 - Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets/
2022.12.07 - Fantasy – a new Agrius wiper deployed through a supply‑chain attack/
2022.12.07 - Internet Explorer 0-day exploited by North Korean actor APT37/
2022.12.08 - CERT GOV - UA-5683/
2022.12.08 - DeathStalker targets legal entities with new Janicab variant/
2022.12.08 - New MuddyWater Threat Old Kitten New Tricks/
2022.12.09 - APT Cloud Atlas Unbroken Threat/
2022.12.09 - Cloud Atlas targets entities in Russia and Belarus amid the ongoing war in Ukraine/
2022.12.09 - Drokbk Malware Uses GitHub as Dead Drop Resolver/
2022.12.09 - Iranian Exploitation Activities Continue as of November 2022/
2022.12.12 - Pulling the Curtains on Azov Ransomware Not a Skidsware but Polymorphic Wiper/
2022.12.13 - APT5 - Citrix ADC Threat Hunting Guidance/
2022.12.14 - Unmasking MirrorFace Operation LiberalFace targeting Japanese political entities/
2022.12.14 - Wouldve Couldve ShouldveDid TA453 Refuses to be Bound by Expectations/
2022.12.15 - Trojanized Windows 10 Operating System Installers Targeted Ukrainian Government/
2022.12.16 - Russia’s Wartime Cyber Operations in Ukraine - Military Impacts, Influences, and Implications/
2022.12.16 - SiestaGraph - New implant uncovered in ASEAN member foreign ministry/
2022.12.16 - The DPRK delicate sound of cyber/
2022.12.18 - CERT GOV - UA-5709/
2022.12.20 - Lazarus APT’s Operation Interception Uses Signed Binary/
2022.12.20 - Raspberry Robin Malware Targets Telecom Governments/
2022.12.20 - Russias Trident Ursa aka Gamaredon APT Cyber Conflict Operations Unwavering Since Invasion of Ukraine/
2022.12.20 - Threat Spotlight - XLLing in Excel - threat actors using malicious add-ins/
2022.12.22 - FIN7 Unveiled - A deep dive into notorious cybercrime gang/
2022.12.22 - Ransomware and wiper signed with stolen certificates/
2022.12.23 - New STEPPYKAVACH Attack Campaign Likely Targeting Indian Government Technical Insights and Detection/
2022.12.23 - RedDelta Targets European Government Organizations and Continues to Iterate Custom PlugX Variant/
2022.12.24 - APT41 - The spy who failed to encrypt me/
2022.12.24 - No-limits relationship Chinas state hackers scoop up intelligence on Ukraine and Russia/
2022.12.24 - SlowMist Investigation of North Korean APTs Large-Scale Phishing Attack on NFT Users/
2022.12.27 - Analysis of recent attack activities of APT-C-36 (Blind Eagle)/
2022.12.27 - BlueNoroff introduces new methods bypassing MoTW/
2022.12.28 - Analysis of APT organization Confuciuss cyber attack against IBO anti-terrorism operations in Pakistan/
2022.12.28 - Hidden Fangs in South Asia—A Briefing on Recent Rattlesnake Attacks/
2022.12.29 - Analysis of the ferry Trojan horse organized by CNC for the military industry and education industry/