/vx-underground/Malware Analysis/2024/

471 directories 0 files
Name Size Modified
Go up
2024-01-01 - Russian Language Cybercriminal Forums - An Excursion Into The Core Of The Underground Ecosystem/
2024-01-02 - Open Source Stealers (OSS) – Python/
2024-01-03 - Security Copilot Promptbook - Threat Actor Profile/
2024-01-03 - Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion/
2024-01-04 - Follow-On Extortion Campaign Targeting Victims of Akira and Royal Ransomware/
2024-01-04 - Hunting for Cobalt Strike in PCAP/
2024-01-04 - Qakbot Returns/
2024-01-05 - AsyncRAT loader - Obfuscation, DGAs, decoys and Govno/
2024-01-05 - DarkGate from AutoIT to Shellcode Execution/
2024-01-05 - Turkish espionage campaigns in the Netherlands/
2024-01-06 - Technical Analysis of recent Pikabot Core Module/
2024-01-06 - Understanding Internals of SmokeLoader/
2024-01-07 - INC Linux Ransomware - Sandboxing with ELFEN and Analysis/
2024-01-08 - Deceptive Cracked Software Spreads Lumma Variant on YouTube/
2024-01-08 - Mastercard Data Leak, New Fully Undetectable Ransomware, Elusive Stealer Source Code Leak, and More/
2024-01-09 - Avast Updates Babuk Ransomware Decryptor in Cooperation with Cisco Talos and Dutch Police/
2024-01-09 - Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign/
2024-01-09 - Data Insights on AgentTesla and OriginLogger Victims/
2024-01-09 - IcedID – Technical Malware Analysis [Second Stage]/
2024-01-09 - New RE#TURGENCE Attack Campaign- Turkish Hackers Target MSSQL Servers to Deliver Domain-Wide MIMIC Ransomware/
2024-01-10 - Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN/
2024-01-10 - Analysis of an Info Stealer — Chapter 2 - The iOS App/
2024-01-10 - Analyzing APT28’s OCEANMAP Backdoor & Exploring its C2 Server Artifacts/
2024-01-10 - Atomic Stealer rings in the new year with updated version/
2024-01-11 - Clearing the Fog of War – A critical analysis of recent energy sector cyberattacks in Denmark and Ukraine/
2024-01-11 - Volt Typhoon Compromises 30 percent of Cisco RV320 and 325 Devices in 37 Days/
2024-01-12 - Cutting Edge - Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation/
2024-01-12 - CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign/
2024-01-12 - Sneaky Azorult Back in Action and Goes Undetected/
2024-01-15 - A Victim of Mallox Ransomware - How Truesec CSIRT Fought Back/
2024-01-15 - An Introduction to Reverse Engineering .NET AOT Applications/
2024-01-15 - From Russia With Code - Disarming Atomic Stealer/
2024-01-15 - Hunting AsyncRAT & QuasarRAT/
2024-01-15 - Ivanti Connect Secure VPN Exploitation Goes Global/
2024-01-15 - NoaBot Botnet - Sandboxing with ELFEN and Analysis/
2024-01-16 - Detailed Analysis of DarkGate; Investigating new top-trend backdoor malware/
2024-01-16 - Keyhole Analysis/
2024-01-16 - P2PInfect Worm Evolves to Target a New Platform/
2024-01-17 - Enter The Gates - An Analysis of the DarkGate AutoIt Loader/
2024-01-17 - New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs/
2024-01-17 - Whispers of Atlantida - Safeguarding Your Digital Treasure/
2024-01-18 - Chae$ Chronicles - Version 4.1 Dedicated to Morphisec Researchers/
2024-01-18 - Detect Mortis Locker Ransomware with YARA/
2024-01-18 - Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware/
2024-01-19 - Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021/
2024-01-19 - Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard/
2024-01-19 - npm Package Found Delivering Sophisticated RAT/
2024-01-19 - Parrot TDS - A Persistent and Evolving Malware Campaign/
2024-01-19 - Zloader - No Longer Silent in the Night/
2024-01-21 - A Look into PlugX Kernel driver/
2024-01-22 - Cactus Ransomware/
2024-01-22 - Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web/
2024-01-22 - Pikabot distirbution methods and capabilities/
2024-01-22 - ScarCruft - Attackers Gather Strategic Intelligence and Target Cybersecurity Professionals/
2024-01-23 - CherryLoader - A New Go-based Loader Discovered in Recent Intrusions/
2024-01-23 - Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver/
2024-01-23 - NetSupport RAT hits again with new IOCs/
2024-01-23 - Stately Taurus Targets Myanmar Amidst Concerns over Military Junta’s Handling of Rebel Attacks/
2024-01-24 - Layers of Deception - Analyzing the Complex Stages of XLoader 4.3 Malware Evolution/
2024-01-24 - The Endless Struggle Against APT10- Insights from LODEINFO v0.6.6 - v0.7.3 Analysis/
2024-01-25 - Midnight Blizzard - Guidance for responders on nation-state attack/
2024-01-25 - NSPX30 - A sophisticated AitM-enabled implant evolving since 2005/
2024-01-26 - Russian APT Operation - Star Blizzard/
2024-01-29 - Analysis of FalseFont Backdoor used by Peach-Sandstorm Threat Actor/
2024-01-29 - Blackwood APT Group Has a New DLL Loader/
2024-01-29 - Compromised routers are still leveraged as malicious infrastructure/
2024-01-29 - HeadCrab 2.0 - Evolving Threat in Redis Malware Landscape/
2024-01-29 - KrustyLoader - Rust malware linked to Ivanti ConnectSecure compromises/
2024-01-29 - Technical analysis of WinRAR zero-day malware and C2 protocol emulation/
2024-01-30 - DarkGate malware delivered via Microsoft Teams - detection and response/
2024-01-30 - Evolution of UNC4990 - Uncovering USB Malware's Hidden Depths/
2024-01-30 - Python’s Byte - The Rise of Scripted Ransomware/
2024-01-30 - Reporting on Volt Typhoon’s “JDY” Botnet Administration Via Tor Sparks Questions/
2024-01-30 - The Bear and The Shell- New Campaign Against Russian Opposition/
2024-01-30 - Trigona Ransomware Threat Actor Uses Mimic Ransomware/
2024-01-31 - Pawn Storm Uses Brute Force and Stealth Against High-Value Targets/
2024-01-31 - Technical analysis - The silent torrent of VileRAT/
2024-01-31 - Tracking 15 Years of Qakbot Development/
2024-02-01 - Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor/
2024-02-01 - ESET takes part in global operation to disrupt the Grandoreiro banking trojan/
2024-02-01 - From the Depths - Analyzing the Cthulhu Stealer Malware for macOS/
2024-02-01 - Installskey Rewind 2023/
2024-02-02 - CrackedCantil Dropper Delivers Numerous Malware/
2024-02-02 - FritzFrog Botnet Expands Attack Arsenal with Log4Shell Exploits/
2024-02-02 - Practical FOFA Asset Expansion - APT-C-23 Android Malware/
2024-02-02 - Proactive response - AnyDesk, any breach/
2024-02-04 - CrackedCantil- A Malware Symphony Breakdown/
2024-02-06 - APT-K-47 Organization Launches Espionage Attacks Using a New Trojan Tool/
2024-02-06 - BSI - Active APT groups in Germany/
2024-02-06 - German Federal Office for Information Security - Active APT groups in Germany/
2024-02-06 - Iran accelerates cyber ops against Israel from chaotic start/
2024-02-06 - Unfolding Agent Tesla - The Art of Credentials Harvesting/
2024-02-07 - HijackLoader Expands Techniques to Improve Defense Evasion/
2024-02-07 - Iran surges cyber-enabled influence operations in support of Hamas/
2024-02-07 - Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer/
2024-02-07 - KV-Botnet - Don’t call it a Comeback/
2024-02-07 - MAR-10448362-1.v1 Volt Typhoon/
2024-02-07 - PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure/
2024-02-07 - Raspberry Robin Keeps Riding the Wave of Endless 1-Days/
2024-02-08 - New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization/
2024-02-08 - Unmasking-the-dot-stealer/
2024-02-09 - Ministry of Defence of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT/
2024-02-09 - SugarGh0st RAT attacks Kazakhstan – State Technical Service/
2024-02-09 - The Phoenix Rises Again/
2024-02-10 - KrustyLoader - About stripped Rust symbol recovery/
2024-02-11 - Analysing STOP Ransomware/
2024-02-12 - China’s Cyber Revenge - Why the PRC Fails to Back Its Claims of Western Espionage/
2024-02-12 - The (D)Evolution of Pikabot/
2024-02-13 - Bumblebee Buzzes Back in Black/
2024-02-13 - CharmingCypress - Innovating Persistence/
2024-02-13 - Unraveling the Many Stages and Techniques Used by RedCurl-EarthKapre APT/
2024-02-13 - Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day/
2024-02-13 - What is Lumma Stealer/
2024-02-14 - CVE-2024-21412 -Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day/
2024-02-14 - Hamas-linked SameCoin campaign malware analysis/
2024-02-14 - My-Game Retired - Latest Changes to Gootloader/
2024-02-14 - Zloader Strikes Back/
2024-02-15 - TinyTurla Next Generation - Turla APT spies on Polish NGOs/
2024-02-16 - Malware Analysis — AgentTesla/
2024-02-16 - Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign/
2024-02-16 - VOLTZITE/
2024-02-16 - Writing a Qakbot 5.0 config extractor with Malcat/
2024-02-18 - I-S00N GitHub leaks/
2024-02-19 - A Technical Analysis of the BackMyData Ransomware Used to Attack Hospitals in Romania/
2024-02-19 - Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT’s Variant)/
2024-02-19 - Anatsa Trojan Returns - Targeting Europe and Expanding Its Reach/
2024-02-19 - BfV and NIS warning of North Korean cyber threats targeting the Defense Sector/
2024-02-19 - Pelmeni Wrapper - New Wrapper of Kazuar (Turla Backdoor)/
2024-02-20 - Earth Preta Campaign Uses DOPLUGS to Target Asia/
2024-02-20 - Understanding Macros in Malware - Types, Capabilities, Case Study/
2024-02-21 - A stealthy threat uncovered - TeaBot on Google Play Store/
2024-02-21 - Automating Qakbot Malware Analysis with Binary Ninja/
2024-02-21 - Brussels spyware bombshell - Surveillance software found on officials’ phones/
2024-02-21 - Malware Analysis — Remcos RAT/
2024-02-21 - Operation Texonto - Information operation targeting Ukrainian speakers in the context of the war/
2024-02-21 - To Russia With Love - Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer/
2024-02-22 - 8220 Gang Cryptomining Campaign Targets Linux & Windows Platforms/
2024-02-22 - CloudRouter - 911 Proxy Resurrected/
2024-02-22 - Doppelgänger - Russia-Aligned Influence Operation Targets Germany/
2024-02-22 - Malware Analysis - XWorm/
2024-02-22 - Scattered Spider laying new eggs/
2024-02-22 - To Russia With Love - Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer/
2024-02-23 - PIKABOT, I choose you!/
2024-02-23 - SVR cyber actors adapt tactics for initial cloud access/
2024-02-23 - TrollAgent That Infects Systems Upon Security Program Installation Process (Kimsuky Group)/
2024-02-23 - Xeno RAT - A New Remote Access Trojan with Advance Capabilities/
2024-02-26 - Advanced CyberChef Techniques for Configuration Extraction - Detailed Walkthrough and Examples/
2024-02-26 - Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections/
2024-02-26 - SEO Poisoning to Domain Control - The Gootloader Saga Continues/
2024-02-26 - UAC-0149 Attack Detection - Hackers Launch a Targeted Attack Against the Armed Forces of Ukraine, as CERT-UA Reports/
2024-02-26 - “Pantsless Data”- Decoding Chinese Cybercrime TTPs/
2024-02-27 - European diplomats targeted by SPIKEDWINE with WINELOADER/
2024-02-27 - Hunting PrivateLoader - The malware behind InstallsKey PPI service/
2024-02-27 - Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations/
2024-02-27 - Unveiling Phemedrone Stealer - Threat Analysis and Detections/
2024-02-27 - When Cats Fly - Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors/
2024-02-27 - When Stealers Converge - New Variant of Atomic Stealer in the Wild/
2024-02-28 - GTPDOOR - A novel backdoor tailored for covert access over the roaming exchange/
2024-02-28 - Just Carry A Ladder - Why Your EDR Let Pikabot Jump Through/
2024-02-28 - New Malicious PyPI Packages used by Lazarus/
2024-02-28 - XRed Backdoor - The Hidden Threat in Trojanized Programs/
2024-02-29 - Dissecting DarkGate - Modular Malware Delivery and Persistence as a Service/
2024-02-29 - Don't get BITTER about being targeted -- fight back with the help of the community/
2024-02-29 - Novel ELF64 Remote Access Tool Embedded in Malicious PyPI Uploads/
2024-02-29 - Same Same, but Different/
2024-02-29 - The Anatomy of an ALPHA SPIDER Ransomware Attack/
2024-03-01 - Agent Tesla Analysis [Part 2 - Deobfuscation]/
2024-03-01 - APT37's ROKRAT HWP Object Linking and Embedding/
2024-03-04 - NIS Press Release - cyber attacks targeting domestic semiconductor equipment companies/
2024-03-05 - TODDLERSHARK - ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant/
2024-03-07 - Evasive Panda leverages Monlam Festival to target Tibetans/
2024-03-08 - Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard/
2024-03-20 - Blind Eagle's North American Journey/
2024-03-20 - Review of the Summer 2023 Microsoft Exchange Online Intrusion/
2024-03-21 - AcidPour - New Embedded Wiper Variant of AcidRain Appears in Ukraine/
2024-03-21 - Analysis of New DEEP#GOSU Attack Campaign Likely Associated with North Korean Kimsuky Targeting Victims with Stealthy Malware/
2024-03-21 - China-linked Threats to Operational Technology/
2024-03-21 - New details on TinyTurla’s post-compromise activity reveal full kill chain/
2024-03-21 - TA450 (MuddyWater) uses embedded links in PDF attachments in latest campaign/
2024-03-22 - APT29 Uses WINELOADER to Target German Political Parties/
2024-03-24 - DinodasRAT Linux implant targeting entities worldwide/
2024-03-25 - Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians/
2024-03-25 - Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure/
2024-03-25 - UK holds China state-affiliated organisations and individuals (APT31) responsible for malicious cyber activity/
2024-03-26 - Investigation into hacking of Finnish Parliament's information systems has been ongoing/
2024-03-26 - Malware Disguised as Installer from Korean Public Institution (Kimsuky Group)/
2024-03-26 - New Zealand accuses China of hacking parliament, condemns activity/
2024-03-28 - BITTER APT Targets Chinese Government Agency/
2024-03-29 - New MuddyWater Campaigns After Operation Swords of Iron/
2024-03-31 - Malware Spotlight - Linodas aka DinodasRAT for Linux/
2024-04-02 - APT and financial attacks on industrial organizations in H2 2023/
2024-04-02 - Earth Freybug Uses UNAPIMON for Unhooking Critical APIs/
2024-04-10 - eXotic Visit campaign - Tracing the footprints of Virtual Invaders/
2024-04-10 - Turla APT Targets Albania With Backdooor in Ongoing Campaign to Breach European Organizations/
2024-04-11 - Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear/
2024-04-11 - LightSpy Returns - Renewed Espionage Campaign Targets Southern Asia, Possibly India/
2024-04-12 - Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400/
2024-04-12 - XZ backdoor story - Initial analysis/
2024-04-12 - Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)/
2024-04-15 - Volt Typhoon - A Conspiratorial Swindling Campaign targets with U.S. Congress and Taxpayers conducted by U.S. Intelligence Community/
2024-04-15 - Volt Typhoon false narrative a collusion among US politicians, intelligence community and companies to cheat funding, defame China/
2024-04-16 - Analysis of the APT31 indictment/
2024-04-18 - Annual report MIVD 2023/
2024-04-18 - DuneQuixote campaign targets Middle Eastern entities with CR4T malware/
2024-04-19 - UAC-0133 (Sandworm) plans for cyber sabotage on almost 20 objects of critical infrastructure of Ukraine/
2024-04-20 - APT44 - Unearthing Sandworm/
2024-04-22 - Analyzing Forest Blizzard's custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials/
2024-04-22 - MuddyWater campaign abusing Atera Agents/
2024-04-22 - ToddyCat is making holes in your infrastructure/
2024-04-24 - ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices/
2024-04-24 - Assessing the Y, and How, of the XZ Utils incident/
2024-04-24 - Pakistani APTs Escalate Attacks on Indian Government/
2024-04-25 - LightSpy Malware Variant Targeting macOS/
2024-04-29 - A Cunning Operator - Muddling Meerkat and China's Great Firewall/
2024-05-01 - Analysis of ArcaneDoor Threat Infrastructure Suggests Potential Ties to Chinese-based Actor/
2024-05-01 - Router Roulette - Cybercriminals and Nation-States Sharing Compromised Networks/
2024-05-02 - North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts/
2024-05-03 - Expanding APT42 Intelligence/
2024-05-03 - German Government - Attribution of a Russian cyber campaign/
2024-05-03 - SSSCIP Russian Cyber Operations H2 2023/
2024-05-03 - Statement by the North Atlantic Council concerning malicious cyber activities against Germany and Czechia/
2024-05-03 - Statement of the MFA on the Cyberattacks Carried by Russian Actor APT28 on Czechia/
2024-05-04 - Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign/
2024-05-06 - Six Australian MPs Confirm They were Targeted by China's APT31 Hackers/
2024-05-07 - LNK File Disguised as Certificate Distributing RokRAT Malware/
2024-05-08 - APT28 campaign targeting Polish government institutions/
2024-05-08 - Iran-Aligned Emerald Divide Influence Campaign Evolves to Exploit Israel-Hamas Conflict/
2024-05-09 - Kaspersky Securelist APT trends report Q1 2024/
2024-05-10 - Recruitment Trap for Blockchain Practitioners - Analysis of Suspected Lazarus (APT-Q-1) Secret Stealing Operation/
2024-05-14 - ESET APT Activity Report Q4 2023 - Q1 2024/
2024-05-15 - To the Moon and back(doors) - Lunar landing in diplomatic missions/
2024-05-16 - Springtail (Kimsuky) - New Linux Backdoor Added to Toolkit/
2024-05-16 - Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024/
2024-05-20 - Bad Karma, No Justice - Void Manticore Destructive Activities in Israel/
2024-05-22 - Deep Dive into the Unfading Sea Haze/
2024-05-22 - Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages/
2024-05-23 - Hellhounds - Operation Lahat. Part 2/
2024-05-23 - Malware Transmutation! - Unveiling the Hidden Traces of BloodAlchemy/
2024-05-23 - Operation Diplomatic Specter - An Active Chinese Cyberespionage Campaign targeting Governmental Entities in the Middle East, Africa and Asia/
2024-05-23 - Tracking APT SideWinder Domains/
2024-05-24 - Unraveling the snake tangle - following the attacks of Shedding Zmiy/
2024-05-28 - Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks/
2024-05-29 - APT41's Reconnaissance Techniques and Toolkit/
2024-05-29 - LightSpy Implant for macOS/
2024-05-29 - Putin's hackers gained full access to Hungary's foreign ministry networks/
2024-05-29 - Tracking Threat Actors Using Images and Artifacts/
2024-05-30 - Analysis of APT Attack Cases Using Dora RAT Against Korean Companies (Andariel Group)/
2024-05-30 - Disrupting FlyingYeti's (UAC-0149) campaign targeting Ukraine/
2024-05-30 - GRU's BlueDelta (APT28) Targets Key Networks in Europe with Multi-Phase Espionage Campaigns/
2024-05-30 - LilacSquid - The stealthy trilogy of PurpleInk, InkBox and InkLoader/
2024-06-01 - From Vegas to Chengdu - Hacking Contests, Bug Bounties,and China's Offensive Cyber Ecosystem/
2024-06-04 - Hurdling Over Hazards - Multifaceted Threats to the Paris Olympics/
2024-06-04 - Operation Veles - Decade-Long Espionage Targeting the Global Research and Education Sector/
2024-06-05 - Operation Crimson Palace - Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government/
2024-06-05 - Phishing for Gold - Cyber Threats Facing the 2024 Paris Olympics/
2024-06-05 - UAC-0020 (Vermin) attacks the Defense Forces of Ukraine using the SPECTR WPS in tandem with a legitimate SyncThing/
2024-06-06 - Howling at the Inbox - Sticky Werewolf's Latest Malicious Aviation Attacks/
2024-06-10 - Another battlefield - Telegram as a digital front in Russia’s war against Ukraine/
2024-06-10 - APT and financial attacks on industrial organizations in Q1 2024/
2024-06-10 - MIVD Ongoing state cyber espionage campaign via vulnerable edge devices/
2024-06-11 - APT Attacks Using Cloud Storage/
2024-06-11 - Noodle RAT - Reviewing the Backdoor Used by Chinese-Speaking Groups/
2024-06-11 - SmallTiger Malware Used in Attacks Against South Korean Businesses (Kimsuky and Andariel)/
2024-06-13 - Arid Viper poisons Android apps with AridSpy/
2024-06-13 - DISGOMOJI Malware Used to Target Indian Government/
2024-06-13 - Operation Celestial Force employs mobile and desktop malware to target Indian entities/
2024-06-16 - China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence/
2024-06-18 - Cloaked and Covert - Uncovering UNC3886 Espionage Operations/
2024-06-19 - CERT-FR Malicious activities linked to the Nobelium intrusion set/
2024-06-19 - New North-Korean based backdoor packs a punch/
2024-06-20 - Sustained Campaign Using Chinese Espionage Tools Targets Telcos/
2024-06-21 - Analysis of PHANTOM#SPIKE - Attackers Leveraging CHM Files to Run Custom CSharp Backdoors Likely Targeting Victims Associated with Pakistan/
2024-06-21 - SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques/
2024-06-21 - Unveiling SpiceRAT - SneakyChef's latest tool targeting EMEA and Asia/
2024-06-24 - Armageddon is more than a Grammy-nominated album/
2024-06-24 - Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation/
2024-06-24 - Russia-Linked CopyCop Expands to Cover US Elections, Target Political Leaders/
2024-06-26 - ChamelGang & Friends - Cyberespionage Groups Attacking Critical Infrastructure with Ransomware/
2024-06-26 - Russian National (Amin Timovich Stigal) Charged for Conspiring with Russian Military Intelligence to Destroy Ukrainian Government Computer Systems and Data/
2024-06-27 - Kimsuky deploys TRANSLATEXT to target South Korean academia/
2024-06-28 - TeamViewer links corporate cyberattack to Russian state hackers/
2024-07-01 - CapraTube Remix - Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts/
2024-07-01 - Xctdoor Malware Used in Attacks Against Korean Companies (Andariel)/
2024-07-05 - Turla - A Master’s Art of Evasion/
2024-07-08 - CloudSorcerer – A new APT targeting Russian government entities/
2024-07-08 - Volt Typhoon II - A secret Disinformation Campaign targeting U.S. Congress and Taxpayers conducted by U.S. Government agencies/
2024-07-09 - APT40 Advisory - PRC MSS tradecraft in action/
2024-07-09 - Italian government agencies and companies in the target of a Chinese APT17/
2024-07-09 - OceanLotus uses social security topics as bait to conduct APT attacks/
2024-07-10 - DodgeBox - A deep dive into the updated arsenal of APT41 Part 1/
2024-07-11 - MoonWalk - A deep dive into the updated arsenal of APT41 Part 2/
2024-07-13 - A Deep Dive into APT41s Latest Arsenal (Part 1)/
2024-07-15 - New BugSleep Backdoor Deployed in Recent MuddyWater Campaigns/
2024-07-16 - AG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies/
2024-07-18 - APT41 Has Arisen From the DUST/
2024-07-18 - The Patchwork group has updated its arsenal, launching attacks for the first time using Brute Ratel C4 and an enhanced version of PGoShell/
2024-07-23 - Daggerfly - Espionage Group Makes Major Update to Toolset/
2024-07-23 - KnowBe4 - How a North Korean Fake IT Worker Tried to Infiltrate Us/
2024-07-23 - Transparent Tribe targets recent Election Results/
2024-07-24 - FrostyGoop Intel Brief/
2024-07-24 - Russia-nexus actor targets Ukraine/
2024-07-24 - Spot burst of activity UAC-0057 (CERT-UA#10340)/
2024-07-25 - APT45 - North Korea’s Digital Military Machine/
2024-07-25 - How APT groups operate in Southeast Asia/
2024-07-25 - Mid-year Doppelgänger information operations in Europe and the US/
2024-07-25 - Onyx Sleet uses array of malware to gather intelligence for North Korea/
2024-07-25 - SideWinder Utilizes New Infrastructure to Target Ports and Maritime Facilities in the Mediterranean Sea/
2024-07-31 - Cyberattack on the Federal Office of Cartography and Geodesy can be attributed to Chinese state attackers/
2024-08-01 - APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike/
2024-08-01 - BfV CYBER INSIGHT - The i-Soon-Leaks - Industrialization of Cyber Espionage - Part 1 Organization and methods/
2024-08-01 - BITS and Bytes - Analyzing BITSLOTH, a newly identified backdoor/
2024-08-02 - Fighting Ursa Luring Targets With Car for Sale/
2024-08-02 - StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms/
2024-08-08 - Iran Targeting 2024 US Election/
2024-08-08 - The i-Soon-Leaks - Industrialization of Cyber Espionage - Part 2/
2024-08-09 - A Dive into Earth Baku's Latest Campaign/
2024-08-12 - South Koreas Pseudo Hunter APT organization uses multiple domestic software vulnerabilities to attack China/
2024-08-13 - Kaspersky APT trends report Q2 2024/
2024-08-14 - Cyclops - a likely replacement for BellaCiao/
2024-08-14 - EastWind campaign - new CloudSorcerer attacks on government organizations in Russia/
2024-08-14 - Iranian backed group steps up phishing campaigns against Israel, U.S/
2024-08-14 - Rivers of Phish - Sophisticated Phishing Targets Russias Perceived Enemies Around the Globe/
2024-08-15 - The i-Soon-Leaks - Industrialization of Cyber Espionage - Part 3/
2024-08-17 - Sidewinder APT – Phishing on Pakistan/
2024-08-19 - BlindEagle flying high in Latin America/
2024-08-20 - GreenCharlie Infrastructure Targeting US Political Entities with Advanced Phishing and Malware/
2024-08-20 - New Backdoor Targeting Taiwan Employs Stealthy Communications/
2024-08-21 - MoonPeak malware from North Korean actors unveils new details on attacker infrastructure/
2024-08-22 - China-Nexus Threat Group Velvet Ant Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches/
2024-08-22 - The i-Soon-Leaks - Industrialization of Cyber Espionage - Part 4/
2024-08-23 - Analysis of New Variants and Subsequent Components of Patchwork(APT-Q-36) Spyder Downloader/
2024-08-26 - Operation DevilTiger - 0day vulnerability techniques and tactics used by APT-Q-12 disclosed/
2024-08-27 - Doppelgaenger - Details on a Russian disinformation campaign/
2024-08-28 - Advanced Persistent Threat (OceanLotus) Targeting Vietnamese Human Rights Defenders/
2024-08-28 - Analysis of two arbitrary code execution vulnerabilities affecting WPS Office/
2024-08-28 - I Spy With My Little Eye - Uncovering an Iranian Counterintelligence Operation/
2024-08-28 - Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations/
2024-08-28 - Operation Oxidový - Sophisticated Malware Campaign Targets Czech Officials Using NATO-Themed Decoys/
2024-08-28 - Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations/
2024-08-29 - State-backed attackers and commercial surveillance vendors repeatedly use the same exploits/
2024-08-29 - The Malware That Must Not Be Named - Suspected Espionage Campaign Delivers Voldemort/
2024-08-30 - North Korean threat actor Citrine Sleet exploiting Chromium zero-day/
2024-09-03 - A deep dive into the most interesting incident response cases of last year/
2024-09-03 - DeFied Expectations - Examining Web3 Heists/
2024-09-04 - APT Lazarus - Eager Crypto Beavers, Video calls and Games/
2024-09-04 - Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion/
2024-09-04 - Reconnaissance Scanning Tools Used by Chinese Threat Actors and Those Available in Open Source/
2024-09-05 - GRU 29155 Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure/
2024-09-05 - Tropic Trooper spies on government entities in the Middle East/
2024-09-06 - Chinese APT Abuses VSCode to Target Government in Asia/
2024-09-06 - Disjointed Cyber Warfare - Internal Conflicts among Russian Intelligence Agencies/
2024-09-06 - TIDRONE Targets Military and Satellite Industries in Taiwan/
2024-09-09 - Earth Preta Evolves its Attacks with New Malware and Strategies/
2024-09-09 - North Korean Threat Groups/
2024-09-10 - Crimson Palace returns - New Tools, Tactics, and Targets/
2024-09-11 - Targeted Iranian Attacks Against Iraqi Government Infrastructure/
2024-09-15 - Kimsuky A Gift That Keeps on Giving/
2024-09-15 - Shining a Light in the Dark – Uncovering an APT Lurking in Shadows of IT/
2024-09-17 - An Offer You Can Refuse - UNC2970 Backdoor Deployment Using Trojanized PDF Reader/
2024-09-17 - Analysis of Fox Kitten Infrastructure Reveals Unique Host Patterns and Potentially New IOCs/
2024-09-18 - Code of Conduct - DPRKs Python-fueled intrusions into secured networks/
2024-09-18 - Derailing the Raptor Train/
2024-09-18 - Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors/
2024-09-19 - COLDWASTREL of space/
2024-09-19 - Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC/
2024-09-19 - The Iranian Cyber Capability/
2024-09-19 - UNC1860 and the Temple of Oats - Irans Hidden Hand in Middle Eastern Networks/
2024-09-23 - Analysis of APT-C-00 (OceanLotus) Dual Loader and Homologous VMP Loader/
2024-09-24 - Analyzing the Newest Turla Backdoor/
2024-09-25 - Unraveling SloppyLemmings Operations Across South Asia/
2024-09-26 - Cyberespionage the Gamaredon way - Analysis of toolset used to spy on Ukraine in 2022 and 2023/
2024-09-26 - Unraveling Sparkling Piscess Tool Set - KLogEXE and FPSpy/
2024-09-27 - North Koreas hackers target Diehl Defence/
2024-09-30 - A phishing campaign by the state attack group APT42 against academics/
2024-09-30 - The Lies Russia Tells Itself/
2024-10-01 - Evil Corps deep ties with Russia and NATO member attacks exposed/
2024-10-01 - Zimperium Coverage on COLDRIVER Phishing Campaign/
2024-10-02 - Separating the bee from the panda - CeranaKeeper making a beeline for Thailand/
2024-10-02 - Stonefly - Extortion Attacks Continue Against U.S. Targets/
2024-10-03 - SHROUDED SLEEP - A Deep Dive into North Korea’s Ongoing Campaign Against Southeast Asia/
2024-10-05 - U.S. Wiretap Systems Targeted in China-Linked Hack/
2024-10-07 - Awaken Likho is awake - new techniques of an APT group/
2024-10-07 - Mind the (air) gap - GoldenJackal gooses government guardrails/
2024-10-09 - Contagious Interview - DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware/
2024-10-09 - Operation MiddleFloor - Disinformation campaign targets Moldova ahead of presidential elections and EU membership referendum/
2024-10-10 - Analysis of attack activities of APT-C-20 (APT28) using compound attack tactics/
2024-10-10 - Unmasking Adversary Infrastructure - How Certificates and Redirects Exposed Earth Baxia and PlugX Activity/
2024-10-10 - Update on SVR Cyber Operations and Vulnerability Exploitation/
2024-10-11 - Burning Zero Days - Suspected Nation-State Adversary Targets Ivanti CSA/
2024-10-11 - GRU military unit 29155/
2024-10-13 - FASTCash for Linux/
2024-10-13 - OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf/
2024-10-14 - Volt Typhoon III - Unraveling Cyberespionage and Disinformation Operations Conducted by U.S. Government Agencies/
2024-10-15 - Beyond the Surface - the evolution and expansion of the SideWinder APT group/
2024-10-15 - Volt Typhoon - Part 2 Leveraging ExoneraTor to Unmask the Threat Actor/
2024-10-16 - Chinas Influence Ops - Twisting Tales of Volt Typhoon at Home and Abroad/
2024-10-16 - Fraudulent North Korean IT Worker Schemes - From Insider Threats to Extortion/
2024-10-16 - Frequent vulnerabilities and high failure rates should be used to troubleshoot Intel product network security risks/
2024-10-16 - IcePeony with the 996 work culture/
2024-10-16 - Iranian Cyber Actors Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations/
2024-10-16 - Operation Code on Toast/
2024-10-16 - Suspected Mysterious Elephant group uses CHM files to attack multiple countries in South Asia/
2024-10-16 - Unmasking CVE-2024-38178 - The Silent Threat of Windows Scripting Engine/
2024-10-21 - MoonWalk - A closer look at APT41s updated arsenal (Part 2)/
2024-10-23 - Highlighting Asylum Ambuscade (TA866) Activity Since 2021/
2024-10-23 - Operation Overload Impersonates Media to Influence 2024 US Election/
2024-10-23 - RDP configuration files as a means of obtaining remote access to a computer or _Rogue RDP_ (CERT-UA#11690)/
2024-10-23 - The Crypto Game of Lazarus APT - Investors vs. Zero-days/
2024-10-24 - LightSpy - Implant for iOS/
2024-10-24 - Operation Cobalt Whisper - Threat Actor Targets Multiple Industries Across Hong Kong and Pakistan/
2024-10-24 - Russian Strategic Information Attack for Catastrophic Effect/
2024-10-28 - CloudScout - Evasive Panda scouting cloud services/
2024-10-28 - Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives/
2024-10-29 - Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files/
2024-10-30 - APT Group - Konni Launches New Attacks on South Korea/
2024-10-30 - Jumpy Pisces Engages in Play Ransomware/
2024-10-31 - Inside LameDuck - analyzing Anonymous Sudans threat operations/
2024-10-31 - Pacific Rim - Inside the Counter-Offensive - The TTPs Used to Neutralize China-Based Threats/
2024-11-04 - Cloudy With a Chance of RATs - Unveiling APT36 and the Evolution of ElizaRAT/
2024-11-04 - CRON#TRAP - Emulated Linux Environments as the Latest Tactic in Malware Staging/
2024-11-04 - New OceanLotus organization first used MST files to deliver special payload/
2024-11-06 - Analysis of Cyber-Recon Activities Behind APT37 Threat Actor/
2024-11-07 - APT Activity Report Q3 2024/
2024-11-07 - BlueNoroff Hidden Risk - Threat Actor Targets Macs with Fake Crypto News and Novel Persistence/
2024-11-12 - APT Actors Embed Malware within macOS Flutter Applications/
2024-11-12 - China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike/
2024-11-12 - Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity/
2024-11-12 - LightSpy - APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign/
2024-11-12 - New Zero-Detection Variant of Melofee Backdoor from Winnti Strikes RHEL 7.9/
2024-11-13 - A three beats waltz - The ecosystem behind Chinese state-sponsored cyber threats/
2024-11-13 - Stealthy Attributes of Lazarus APT Group - Evading Detection with Extended Attributes/
2024-11-14 - Russian Sabotage Activities Escalate Amid Fraught Tensions/
2024-11-15 - BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA/
2024-11-16 - Patchwork (White Elephant) Protego remote control Trojan C2 implementation errors/
2024-11-18 - Suspected Nation-State Adversary Targets Pakistan Navy in Cyber Espionage Campaign/
2024-11-19 - FrostyGoops Zoom-In - A Closer Look into the Malware Artifacts, Behaviors and Network Communications/
2024-11-19 - Spot the Difference- Earth Kashas New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella/
2024-11-21 - DPRK IT Workers - A Network of Active Front Companies and Their Links to China/
2024-11-21 - Russia-Aligned TAG-110 Targets Asia and Europe with HATVIBE and CHERRYSPY/
2024-11-21 - Unveiling WolfsBane - Gelsemiums Linux counterpart to Gelsevirine/
2024-11-22 - Seeing Through a GLASSBRIDGE - Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations/
2024-11-22 - The Nearest Neighbor Attack - How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access/
2024-11-22 - Unveiling the Past and Present of APT-K-47 Weapon - Asyncshell/
2024-11-25 - Advanced threat predictions for 2025/
2024-11-26 - Analysis report on recent phishing attacks by APT-C-48 (CNC)/
2024-11-26 - RomCom exploits Firefox and Windows zero days in the wild/
2024-11-28 - APT trends report Q3 2024/
2024-12-02 - Analysis of Kimsuky Threat Actors Email Phishing Campaign/
2024-12-04 - Frequent freeloader part I - Secret Blizzard compromising Storm-0156 infrastructure for espionage/
2024-12-04 - Sichuan Silence Information Technology - Great Sounds are Often Inaudible/
2024-12-04 - Snowblind - The Invisible Hand of Secret Blizzard/
2024-12-05 - MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaurs Multi-Platform Attacks/
2024-12-10 - Breaking the Circle - Chinese Communist Party Propaganda Infrastructure Rapidly Expands/
2024-12-10 - Operation Digital Eye - Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels/
2024-12-11 - Attack Exploiting Legitimate Service by APT-C-60/
2024-12-11 - Frequent freeloader part II_ Russian actor Secret Blizzard using tools of other groups to attack Ukraine/
2024-12-11 - Likely China-based Attackers Target High-profile Organizations in Southeast Asia/
2024-12-11 - New Chinese Surveillance Tool Used by Public Security Bureaus/
2024-12-11 - Two Russian Android Spyware Families from Gamaredon APT/
2024-12-12 - Careto is back - what is new after 10 years of silence_/
2024-12-12 - Declawing PUMAKIT/
2024-12-12 - Glutton - A New Zero-Detection PHP Backdoor from Winnti Targets Cybercrimals/
2024-12-13 - Analysis on the Case of TIDRONE Threat Actors Attacks on Korean Companies/
2024-12-13 - Under the SADBRIDGE with GOSAR - QUASAR Gets a Golang Rewrite/
2024-12-16 - HiatusRAT Actors Targeting Web Cameras and DVRs/
2024-12-17 - Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks/
2024-12-17 - Hidden in Plain Sight - TA397s New Attack Chain Delivers Espionage RATs/
2024-12-19 - Lazarus group evolves its infection chain with old and new malware/
2024-12-23 - Analysis of Attack Cases Against Korean Solutions by the Andariel Group (SmallTiger)/
2024-12-23 - Cloud Atlas seen using a new tool in its attacks/
2024-12-25 - OtterCookie, a new malware used by Contagious Interview/