88 88
88 88
88 88
8b d8 8b, ,d8 88 88 8b,dPPYba, ,adPPYb,88 ,adPPYba, 8b,dPPYba, ,adPPYb,d8 8b,dPPYba, ,adPPYba, 88 88 8b,dPPYba, ,adPPYb,88
`8b d8' `Y8, ,8P' aaaaaaaa 88 88 88P' `"8a a8" `Y88 a8P_____88 88P' "Y8 a8" `Y88 88P' "Y8 a8" "8a 88 88 88P' `"8a a8" `Y88
`8b d8' )888( """""""" 88 88 88 88 8b 88 8PP""""""" 88 8b 88 88 8b d8 88 88 88 88 8b 88
`8b,d8' ,d8" "8b, "8a, ,a88 88 88 "8a, ,d88 "8b, ,aa 88 "8a, ,d88 88 "8a, ,a8" "8a, ,a88 88 88 "8a, ,d88
"8" 8P' `Y8 `"YbbdP'Y8 88 88 `"8bbdP"Y8 `"Ybbd8"' 88 `"YbbdP"Y8 88 `"YbbdP"' `"YbbdP'Y8 88 88 `"8bbdP"Y8
aa, ,88
"Y8bbdP"
..........................'''''''''',,,,,,,,,;;;;;;;;;;;;;;::::::::::::cccccccccccccccccccllcclcccclllllccccccccccccccccccccccccccccccccccccccccccccccccccc:cccc:::::c:::::;;;;;;;;;;;;;,,,,,,,,,,,,''''
......................'..'''...''''',,,,,,,;;;;;;;;;;;;;;;;:::::::::::ccccccccccccccccllccccccllllllllllcccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc::::::;;;;;;;;;;;;;,,,,,,,,,,,''
......................''''''''''''',,,;,,;;;;;;;;:::::;;;::::::::::::cccccccccccccccccclcccllllllllllllllcccccllcccccccclclllllccccccccccllcclccccccccccccccccccccccccccc:::::::::::;;;;;;;;;;;,,,,,,,,'
........................'''''''''',,,,;;;;;;;;;;;::::::::::::::::::::ccccccccccclllllcclllllclllllllllllllllllllcccccclllllllllllcccccllcllcclcccccccccccccccccccccccccccccc:::::::::;;;;;;;;;;,,,,,,,,'
.........................''''''''',,,;;;;;;;;;;;::::;::::::c:::::::cccllcccllllllcclllllcllllllllllllllllllllllllllllllllllllllccccccccllllllllllcccccccccccccccccccccccccccc::::::::;;;;;;;;;;;;;,,,,,,
......................''''''''''',,,;;;;;;;;::::::::::::::cccc:ccccccccclccllllllllllllllcllllllllllllollllllllllllllllllllllllccccccclllllllllllllcccccccccclcccccccccccccccc::::::::::::;;;;;;;;;;,,,,
....................'''''''''',,,,,,;;;;;;;:;;:::::::::::cccccccccccccclccclllllllllllllllllcllllllloollllllllllllllllllllllllllllllllllllllllllllllllllllcclllccclllcclllcccccc::::::::::::;;;;;;;;;;,,
...................''''''''',,,,,,,;;;;;;;;;;;:::::::c:::::ccccccccccclllllllllllllllllllllllllllllllllllllllllllllollllllllllllllllllllllllllllllclllllccccllllccclllllcccllcccc::::::::::::::::;;;;;;;
................'''''''''''''',,,,;;;;;;;;;;;::::::ccc:::::cccccclccclllllllllllllllllllllllllllllllllllllllllllllllllllllollloolllllllllllllllllllllllllccclllllcclllllccccccccccccc::::::::::::;;;;;;;
..............'''''''''''''''',,,,;;;;;:;:::::::::::::::::ccccccclcccllcllllllllllllllllloollllllllllllooooolllllooloollllllllollllllooolllllllllllllllllllllllllcclccccccllcccccccccccc:::::::::::;;;;;
.............'''''''',,,,'',,,,,,,;;;;:::::::::::::::::::cccccccclllcccclllllllllllllllllllllllllloooooooooollllloooooolllllloooolllllooooollllllllllllllllllllllcclcccccccccccccccccccccc::::::::::;;;;
............'''''',,,,,,'',,,,,,,;;;;;;::::::::::::::::::::ccccccclllclllllllllllllloolllllllll::;;;,,,,,,,,,,;;;;:::::ccccllloooollllllloolllllllllllllllllllllllllllllcccccclccccccccccc::::::::::::;;
............''''',,,,,,,,,,,,,,,,;;;;;;;:::::::::::::::cccccccccccllllllllllllllllllllllllllc;'..........................'',,;;::cccllllloollllllllllllllllllllllllllllllccclllcccccccccccccc::::::::::;
............'''''',,,,,,,,,;;,,,;;;;;;;;::::::::::::::::::cccccccccclllllllllllllllllllllllc'. ...................''',;;;;;;:cccllllcccclllllllllllllllollllllllcccclllllccccccccccccccccc::::::
.............'''''',,,,,,,,,,,,,;;;;;;::::;;;;:::::::::ccccccccccccccccccccllllllllllllllll; .........','',;;::ccllcccccllllllllllllllloollllllcllcccllllllcccccccccc:ccccc:::::
...........''''''''''',,,,,,,,,,;;;;;;:::;;;;;;::::::::::ccccccccccccccccclllllllllllllllll:. . ..........................',,;:cloddddoolllllllllooollllllclllccllllllllccccccccccccc::::::
...........''''''''''''',,,,,,,,,,;;;;;;;;;;;;:::::::::::cccccccccccccccccclllllllllllllllll:. ........................',,,,;;,'.....',;clodxxdddooolllllllllllllcllcllllllllccccccccccccc::::::
...........''''..'''',,,'',,,,,,,,;;;;;;;;;;;;:::::::::::::cccc::::ccccccccllclllccccclllllll:. .....................',,,,,;;::ccccccc:;,''''',;:cclloddooollc::clccllllllllllllcccccccccccc::::::
..........'.......''',,,,,,,,,,,,,,,;;;;;;;;;;;;;;:::::::;:::::::::cccccccccccclllcccccclllllc' ......................'',;;;;;:cccllllloooolc:;;;,,,''',;:looddl;;:::cclllccccllllccccccc:cccc:::::
.........''.....'''''',,,,,,,,,,,,,,,,,;;;;;;;;;;;;;;;::;;::::::::::::cccccccccclcccccccclllll;. ......................''',,;:::ccccllooooooodddoolcc::;;,'.',:odl:;;;;;::ccccllccllcccclcccccccc::::
..........'........'''',,,''''',,,,,,,,,;;,;;;;;;;;;;;;::;:::;::::::::::c:ccccccccccccccccllcl:. .................''''',,;;::clllllooodddddddddddollccccc:;'',::,'.'''',;;;:clllcllcccccllccccccc:::
...................'''''''''''''''''',,',,,,,,,,,,,,;;;;;;;;;;;;;::::::::::cccccccccccccccllccc. ................'',,,;;;::cloloddddxxxkkkkkxxddoollccclll:;,,'........''',;:cllllcccccccccccccc:::
.....................'''''''''''''''''''''',,,,,,,,,,,;;,,;;;;;;;;::::::::ccccccccccccccccccclc. ................''',,;;::cclloodxxkkkkOOOOkkkxddooolclllll:;'.............'';clllllcccccccccccc:::
.............'''......''.............''''''''',,,,,,,,,,,,,,,,;;;;;;;;;;::::cccccccccccccccccc:. ......'',,''''''''',,,;::ccllooddxxkkOOOkkkkkxxxddoooooodo:,.................;llllllccccccccccc:::
,:;'''....':looooolc;;,'...............'''''.'''''''''',,,,,,,,,;;;;;;;;;::::c::::::cccccccccc,. ......''''''''...'',,;;:ccloodddxxkkkkkkkkkkxxxxxxxxxxxxdl,'................':llcllllcclcllccccccc
col,,:'. ;dkdl:cdxdodkxlclc;,'..................''''''''''''',',,,,,,,;;;;;:::::::::::::cccc:'.. .........'..''...'''',,;:clldxkkkkO000000OOOkkxxxxxxxxkkkd:'.........'.....';clllllllllllllllcccccc
ldd:.;:.. :xocodxkkodkxdkKK0Ol.............................''.........''''',,,,;;;;;;;::::::;........................'''',;;:clodxOOOO00KKKXXKKKKK0Okkxxxxxkxl,...........'..',:llllllllolllllllccccccc
;ldl.':,. ;dlcdxdodllkOko:;;;'............................... ..........''''........................''',,;:clodxkOOOO0KKXXXXXXXXXXXK00Oxdooo:,'''..'.....'',:cllllllllloolllcllccccccc
.,llc,',..;ooclddllo;.','..................................... .........''''''''......'.''',,;cldxkO0000KKXXXXNNXXXXXXKK0kdoollc:,'.''.....',:lllllllllllllllccclccccccc
.:lo:.::,clcoxl;'............................................. .......''',,,,,'''',,;:cloodxkO0KKXXXXXXXKKKK0xoooollo:..''..'.',cloollllllllloollccccccccccc
.;llc',cc:ldc;'................................................... ......'',,;;;::;;;:ccloodxkO0000K0Oxddooclo:.....'..,cllooollllollllolllcclccccccc
' .:loc.,oc;,.......................................................... .....',,;:::cc::::ccclodooooolldl'....''',:llllloolllllllloollllcccccccc
;..cdo:.':'................................................................. ....',;:cccc:::;;;,;ll,....'',,;clllolllllllllllooolcccccccccc
' .:dkd,.c:........................................................................ ...,;;:cccc::,'''.'',,:lllollllllllllllloollcclcccccc
;..,oxxl,;:.............................................................................. ........... ...',,;;;;;;;:cllllllllllllllllllllllcclccccc
;'..;col;'.............................................................................. .....',,,,,''''.... ...',;:coooolllllllllllllloolcccccccc
....,coc'.............................................................................. ..... .........';:clllccccc,'c:. ...';;:cllllllllllcllllccccccc
....,coo;............................................................................. .... ..:;',;clllooddxxdc;:;;. .... ...';:clllcclllccccccc
....':odc......................................... ...................................''.. .... .;olokkkxdxxkkkOd:ldc,. .. ......... ...,;:cllllccccc
.....,cdd;........................................ .............................':::;'',,'.. ... 'dxdOkkkkOOOOOOOdlc;...'...''...... ... .. ..,;cccccc
......:ldl'... . ............................... .. ........................';;lxxd::cooc'. .'. .,odoxkkO000000K0Oxc...,'..,,''''........ ...... ..,:cc
......,cod:. . ... ............................ ....................':ccc;;:lxxxxkOkd;. ... .,cllxk0KKKKKKKKKOd'..,;. ';;,,,,,...''. ..''...... ,cc
.......;ldo'.. ... .................. ...... .................';;cdxxocloddoodddxdl'. .... ..';;:cdk0KKKKKKKK0x,..;;,..,:;;;,,'.',,,...',,'.....'''....... ..':cc
.. ..,codc. . ... . ...... ............;cllc;,;looooooollccccccc:'. .............'',;coxO00KKKKXKk,..;;;' .;;;;;,'..,;;...',;;,'''.,lollollccc::;;;,,,'''',,,,,,,,,;:ccc:c
. .';ldo,. .. . . ... ........';:::lddollllcccccccc:::;;;;;;;'.. ............';codxkO0KKKKk;..,;;;..';;;;;,..,;;'..',;;;,,'',clllllolllllllllclcccccclllllcccccccccc
..,coxc. .. ....... .... ........ .....,colc,';cllcccc:::::::cc:::;,,'''',,'..............';:cldxkO00KKk;..,,;:;..,;;,,,..,,;,'.'',;;,,,,,cllllllllllllllllllcccccccllcccccccccccc
..;ldo,. .......... . ....,;;;:lolcclocc:::;;;;:::::::::;;;,,'''',,;;;;,,,,,;,,;:cllodxkkO0KO;..,,',;,',;;,,,..,,;;,''',,;,,,,;:llllllllolllllllclllcccccccccccccccccccc
..,codl. ...... ...,;::;,,;cllc::::;;;;;;;;::::::::::::;;;;,,,,,;;;;;;;;::cccllodddxkO00O:..,;,.',,,;;,,,'.,,,,,,,,,,,;,,,,:lllllcllllllollllclcccccccccccccccccccccc
..;ldd;. .... ...',;;;:cccloolc:;;;,,,,,,;;;;;::::::::::::;;;;;;,,,,,,,;;::cccoodxxxxO00Oc..';;'..',;,,,,..',,,,,,,,,,,,,,,;clllllllllllllllllllcccccccccccccccccccccc
.':oxl. . . ... . ..,::;,',;::::::;;,,,'',,,,,;;;:::::::::cc::::::::;;;;;,,,;;;;;;:ccodxxxkO00l..';;,'..',,,','..,,,'''''''...,,,:llccllllllllloooolllcccccccc:ccc:ccc::cccc
.,cdx:. .. ..',,,;::::::;;,,,,'''''',,;;;:::cc;,;ccccc;,;cc:cc;;::::::ccc:::::cldxxkkO0K0o..';;,'..'',,'''..'','..'''......';clllllllllllllooooolllllccccc:cccccc:::::::
.':lxo. . ....''',;;;;,,,,''',;;;;;;::;;:;:ccc:,';:ccc:,',:ccc:,';clllol::cldxkOkk00KKKKOc..',,;,'..'','''..',,''','.. .....;cllllllllllllllloollllcccccc::cccc::::::::
..,cdd:. ...'''...','''',,,;;;::::c::c::;;:::ccllllllooooooooddoooolccccc::cclxOKxlk00KKOo,..',,,,''..'''''..',,'',,'. .....:lllllllllllllllllllllcccccc::ccccc:::::::
.':oxo' .',''''..'',,;:c::cccccc;,::;cc:::::::::;,,,,,,,,,,;:cllooodxxxxxxxddddddoclx0KKo..',,,,,,,'...''...'''',,,'..... ...:llcclclllllclllllllllccc:ccc:::::::::::::
..,cdxc. . ....'..',,;:llol;;ll:::;;,,,,'''..... ......',,;;:clloolcc:::;;...'...''''........''',,,,'''....... ...;clccclllllllccclcccccccccccccc::::::::::::
..;lxo' ......',:c;,:::ccc:;,,''...... ..... .......... ............ ..................'',,,''',,,'''.......;llllllllllccccccclcclcccccccc:cc:::::;;::::
.,codc. ......',;clc,,::;,,'..... ......................... ..........'..''....',,''''''''':lllllcccclllcclllllclllccccc::::::::::::::::
..;ldd, ........',,:;;,'........ ................................ ........',,''',,,,,,,,;;,,,;::ccllcccllolllllllccclllcccc::::::::::::::;
.,codc. ..'.......''''..... ........................................ .. ... .......'''',,,,,,,,;;;;;;;;:::ccllllllllllllcccllllcccc::ccc:::::::::
..;lod; .'',,............ ................................'',,'. .. . .................''',,,;;:cclccllcccllllllllllccc::::::cc:::;;::
.':ldl. .';'','........ .... .........................'''',,,'... .... ... ...... . ..........',;:ccllcccccccllcllcccc:::::::::::::::
..;cdd;. ..';,..... ........................'''''',,,,,,,' ................. .......',:ccccccccccccccccc:::::::::::::;;;
.':ldl. ..... ....................'''''''''',,,,,,,,. .. ... .....................................',;ccccccccccccccc::::::::::::;;;;
..;cod:. ...................''''''',,,,,,'''.. ... ..........'....',,''''.'''''...........,;ccccc:::cccc:::::::;;;;;;;;;;
.':ldo' . ....................''........ . ......... ..............';;,,,,',,,,,,,,,''''''''';:ccc:::::cc::::::;;;;;;;;;;;
.;codc. ....................... .. ........................',,,,'.........'......''''''';::::::::::::::::;;;;;;;;;;;
.';cdo' ............... ... .....................''...................''''''...',,;:::::::::::;;;;;;;;;;;
.':ldc. ..... .. ........''''''''''''''''',,,,,,,'''''''''..'''''.''',,;;:::::;;;;;;;;;;;;
..;coo' .... ... ............'''''''''''''''',,,,''''''''''.'''''',,;;:;;;;;;;;;;;,
.':loc. . ..'. ... ................'',,,,,,,'''''''''''''''''.''',,,;;;;;;;;;,
..,clo, ............ .''..... ....... ...........................'',,,,,,,,,,,,''''''''''''''''''''''',,,,;;;,,,
.';coc. ................ ..'.. .....................'..........''''..'''''',,,,,,,,,,,,''''''''''',,,'''''''''''''''',,,,,,
..':ll,. ................ ...,'. .................'''''''''''''''''''''',,,,,,,,,,,,''''''''''',,,,,,,,,''''''''''''''''''
..,clc. ......................... ..............'''''''''',,,',,,,,,,,,,;;;;;,,,,'''''..''',,,,,,,,,,,,,,,''''''''''''''
.';cl,. ..................... .. ................'''''''',,,,,,,,,,,,,,,,,,,,,''''...',,,;;,,,,,,,,,,,,,,,,,,'''''''''
..':lc. ........................ ..................''''',,,,,,,,,,,,,,,,,,,'''....',,;;,,,,,,,;;,,,,,,,,,,,,,,,''''''
..;cl;. .......................... ................'''',,,,,,,,,,,,,,,,,''.....'',;;,,,,''',,,,,,,,,,,,,,,,,,,,'''''
.';lc. .......................... .. ................'''',,,,,,,,,,,,,,,'''....',,,,,,,,'''''',,,,,,,,,,,,,,,,,,,,,''.
..,cl;. ............................ .. ................'',,,,,,,,,,,,,,,,''......',,;;,,''''..''''',,,,,,,,,,,,,,,,,,'''.
.';cc. ............................. ........ ...........''',,,,,,,,,,,,,,,'......'',,,,,,''''....''''',''',''',,,'',,,'''..
.,:c;. ................................. ........ ............'''''''''''',''''.....''',,,,,,,''......'''''''''''''','''''''''..
..;cc' ........................................... ............''''''''','',,''....''',,,,,,,,''.......'''''''''''''''''''''.....
.';c;. .................................................. .......'''''',''''''....'',,,,,,,,,''.........'..''''''''.'''''''......
..,::' ................................................... .........''''''''''.....'',,,,,,,,''..................'''...''''.......
.';:;. ..............................................................'''''''''....'',,,,,,,,''..........................''........
..';:' .......................................... ....................''''''''''''',,,,,,,,,'.....................................
..,:;. ...............................................................''',,'''''',,,,,,,,,,''.................................. ..
..';:' .......................................... ......................''',''''''',,'''',,,''.....................................
2025-01-05 - Treasury Sanctions Technology Company for Support to Malicious Cyber Group
2025-01-07 - Tracking Deployment of Russian Surveillance Technologies in Central Asia and Latin America
2025-01-08 - Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation
2025-01-09 - APT32 Poisoning GitHub, Targeting Chinese Cybersecurity Professionals and Specific Large Enterprises
2025-01-09 - Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain
2025-01-15 - Operation 99 - North Koreas Cyber Assault on Software Developers
2025-01-16 - Weaponized Software Targets Chinese-Speaking Organizations
2025-01-20 - Operation Hurricane - A brief discussion of the techniques and tactics of the Xinhai Lotus organization in memory
2025-01-21 - Love and hate under war - The GamaCopy uses military-related bait to launch attacks on Russia
2025-01-23 - Mapping Suspected KEYPLUG Infrastructure - TLS Certificates, GhostWolf, and RedGolf APT41 Activity
2025-01-28 - ScatterBrain - Unmasking the Shadow of PoisonPlug's Obfuscator
2025-01-29 - CL-STA-0048 - An Espionage Operation Against High-Value Targets in South Asia
2025-01-29 - Operation Phantom Circuit - North Koreas Global Data Exfiltration Campaign
2025-02-03 - Analysis of malicious HWP cases of APT37 group distributed through K messenger
2025-02-07 - Chinese-Speaking Group Manipulates SEO with BadIIS
2025-02-12 - Cybercrime - A Multifaceted National Security Threat
2025-02-12 - UAC-0063 Cyber Espionage Operation Expanding from Central Asia
2025-02-13 - Analyzing DEEP#DRIVE - North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks
2025-02-13 - Stimmen aus Moskau - Russian Influence Operations Target German Elections
2025-02-18 - Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection
2025-02-19 - Signals of Trouble - Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger
2025-02-20 - Analysis of the APT-C-28 (ScarCruft) organizations attack activities using fileless delivery of RokRat
2025-02-20 - SPAWNCHIMERA Malware - The Chimera Spawning from Ivanti Connect Secure Vulnerability
2025-02-20 - Stately Taurus Activity in Southeast Asia Links to Bookworm Malware
2025-02-20 - Weathering the storm - In the midst of a Typhoon
2025-02-21 - Angry Likho - Old beasts in a new forest
2025-02-23 - The Bybit Incident - When Research Meets Reality
2025-02-24 - Operation SalmonSlalom - A new attack targeting industrial organizations in APAC
2025-02-25 - Chinese APT Target Royal Thai Police in Malware Campaign
2025-02-26 - RustDoor and Koi Stealer for macOS Used by North Korea-Linked Threat Actor to Target the Cryptocurrency Sector
2025-02-27 - A case of phishing email attack by Larva-24005 group targeting Japan
2025-02-27 - Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools
2025-03-03 - Operation sea elephant - The dying walrus wandering the Indian Ocean
2025-03-04 - Call It What You Want - Threat Actor Delivers Highly Targeted Multistage Polyglot Malware
2025-03-12 - Hack The Sandbox - Unveiling the Truth Behind Disappearing Artifacts
2025-03-12 - New Android Spyware by North Korean APT37
2025-03-13 - Analyzing OBSCURE#BAT - Threat Actors Lure Victims into Executing Malicious Batch Scripts to Deploy Stealthy Rootkits
2025-03-13 - Detailed Analysis of DocSwap Malware Disguised as Security Document Viewer
2025-03-14 - Off the Beaten Path - Recent Unusual Malware
2025-03-18 - ZDI-CAN-25373 - Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns
2024-01-08 - Mastercard Data Leak, New Fully Undetectable Ransomware, Elusive Stealer Source Code Leak, and More
2024-01-09 - IcedID – Technical Malware Analysis [Second Stage]
2024-01-10 - Analysis of an Info Stealer — Chapter 2 - The iOS App
2024-01-10 - Analyzing APT28’s OCEANMAP Backdoor & Exploring its C2 Server Artifacts
2024-01-11 - Clearing the Fog of War – A critical analysis of recent energy sector cyberattacks in Denmark and Ukraine
2024-01-01 - Russian Language Cybercriminal Forums - An Excursion Into The Core Of The Underground Ecosystem
2024-01-03 - Security Copilot Promptbook - Threat Actor Profile
2024-01-04 - Follow-On Extortion Campaign Targeting Victims of Akira and Royal Ransomware
2024-01-05 - Turkish espionage campaigns in the Netherlands
2024-01-09 - Avast Updates Babuk Ransomware Decryptor in Cooperation with Cisco Talos and Dutch Police
2024-01-09 - Data Insights on AgentTesla and OriginLogger Victims
2024-01-09 - Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign
2024-01-09 - New RE#TURGENCE Attack Campaign- Turkish Hackers Target MSSQL Servers to Deliver Domain-Wide MIMIC Ransomware
2024-01-10 - Atomic Stealer rings in the new year with updated version
2024-01-02 - Open Source Stealers (OSS) – Python
2024-01-03 - Ukraine Targeted by UAC-0050 Using Remcos RAT Pipe Method for Evasion
2024-01-04 - Hunting for Cobalt Strike in PCAP
2024-01-04 - Qakbot Returns
2024-01-05 - AsyncRAT loader - Obfuscation, DGAs, decoys and Govno
2024-01-05 - DarkGate from AutoIT to Shellcode Execution
2024-01-06 - Technical Analysis of recent Pikabot Core Module
2024-01-06 - Understanding Internals of SmokeLoader
2024-01-07 - INC Linux Ransomware - Sandboxing with ELFEN and Analysis
2024-01-08 - Deceptive Cracked Software Spreads Lumma Variant on YouTube
2024-01-12 - Cutting Edge - Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation
2024-01-12 - CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
2024-01-12 - Sneaky Azorult Back in Action and Goes Undetected
2024-01-15 - A Victim of Mallox Ransomware - How Truesec CSIRT Fought Back
2024-01-15 - An Introduction to Reverse Engineering .NET AOT Applications
2024-01-15 - From Russia With Code - Disarming Atomic Stealer
2024-01-15 - Hunting AsyncRAT & QuasarRAT
2024-01-23 - CherryLoader - A New Go-based Loader Discovered in Recent Intrusions
2024-01-16 - Detailed Analysis of DarkGate; Investigating new top-trend backdoor malware
2024-01-16 - Keyhole Analysis
2024-01-16 - P2PInfect Worm Evolves to Target a New Platform
2024-01-17 - Enter The Gates - An Analysis of the DarkGate AutoIt Loader
2024-01-17 - New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs
2024-01-17 - Whispers of Atlantida - Safeguarding Your Digital Treasure
2024-01-18 - Chae$ Chronicles - Version 4.1 Dedicated to Morphisec Researchers
2024-01-18 - Detect Mortis Locker Ransomware with YARA
2024-01-18 - Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware
2024-01-19 - Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021
2024-01-19 - npm Package Found Delivering Sophisticated RAT
2024-01-19 - Parrot TDS - A Persistent and Evolving Malware Campaign
2024-01-19 - Zloader - No Longer Silent in the Night
2024-01-21 - A Look into PlugX Kernel driver
2024-01-22 - Cactus Ransomware
2024-01-22 - Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web
2024-01-22 - Pikabot distirbution methods and capabilities
2024-01-22 - ScarCruft - Attackers Gather Strategic Intelligence and Target Cybersecurity Professionals
2024-01-29 - HeadCrab 2.0 - Evolving Threat in Redis Malware Landscape
2024-01-24 - Layers of Deception - Analyzing the Complex Stages of XLoader 4.3 Malware Evolution
2024-01-25 - Midnight Blizzard - Guidance for responders on nation-state attack
2024-01-26 - Russian APT Operation - Star Blizzard
2024-01-23 - NetSupport RAT hits again with new IOCs
2024-01-23 - Stately Taurus Targets Myanmar Amidst Concerns over Military Junta’s Handling of Rebel Attacks
2024-01-24 - The Endless Struggle Against APT10- Insights from LODEINFO v0.6.6 - v0.7.3 Analysis
2024-01-25 - NSPX30 - A sophisticated AitM-enabled implant evolving since 2005
2024-01-29 - Blackwood APT Group Has a New DLL Loader
2024-01-29 - KrustyLoader - Rust malware linked to Ivanti ConnectSecure compromises
2024-01-29 - Technical analysis of WinRAR zero-day malware and C2 protocol emulation
2024-01-30 - DarkGate malware delivered via Microsoft Teams - detection and response
2024-01-30 - Evolution of UNC4990 - Uncovering USB Malware's Hidden Depths
2024-01-23 - Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver
2024-02-02 - CrackedCantil Dropper Delivers Numerous Malware
2024-02-02 - FritzFrog Botnet Expands Attack Arsenal with Log4Shell Exploits
2024-02-02 - Practical FOFA Asset Expansion - APT-C-23 Android Malware
2024-01-30 - Reporting on Volt Typhoon’s “JDY” Botnet Administration Via Tor Sparks Questions
2024-01-31 - Tracking 15 Years of Qakbot Development
2024-02-01 - Installskey Rewind 2023
2024-01-30 - Python’s Byte - The Rise of Scripted Ransomware
2024-01-30 - The Bear and The Shell- New Campaign Against Russian Opposition
2024-01-30 - Trigona Ransomware Threat Actor Uses Mimic Ransomware
2024-01-31 - Pawn Storm Uses Brute Force and Stealth Against High-Value Targets
2024-01-31 - Technical analysis - The silent torrent of VileRAT
2024-02-01 - Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor
2024-02-01 - ESET takes part in global operation to disrupt the Grandoreiro banking trojan
2024-02-01 - From the Depths - Analyzing the Cthulhu Stealer Malware for macOS
2024-02-07 - KV-Botnet - Don’t call it a Comeback
2024-02-07 - PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure
2024-02-06 - APT-K-47 Organization Launches Espionage Attacks Using a New Trojan Tool
2024-02-06 - Unfolding Agent Tesla - The Art of Credentials Harvesting
2024-02-07 - HijackLoader Expands Techniques to Improve Defense Evasion
2024-02-07 - Kimsuky disguised as a Korean company signed with a valid certificate to distribute Troll Stealer
2024-02-07 - MAR-10448362-1.v1 Volt Typhoon
2024-02-07 - Raspberry Robin Keeps Riding the Wave of Endless 1-Days
2024-02-08 - New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization
2024-02-08 - Unmasking-the-dot-stealer
2024-02-04 - CrackedCantil- A Malware Symphony Breakdown
2024-02-02 - Proactive response - AnyDesk, any breach
2024-02-10 - KrustyLoader - About stripped Rust symbol recovery
2024-02-11 - Analysing STOP Ransomware
2024-02-12 - The (D)Evolution of Pikabot
2024-02-13 - Bumblebee Buzzes Back in Black
2024-02-09 - The Phoenix Rises Again
2024-02-13 - CharmingCypress - Innovating Persistence
2024-02-13 - Unraveling the Many Stages and Techniques Used by RedCurl-EarthKapre APT
2024-02-13 - Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
2024-02-13 - What is Lumma Stealer
2024-02-14 - My-Game Retired - Latest Changes to Gootloader
2024-02-14 - Zloader Strikes Back
2024-02-15 - TinyTurla Next Generation - Turla APT spies on Polish NGOs
2024-02-16 - Malware Analysis — AgentTesla
2024-02-16 - VOLTZITE
2024-02-16 - Writing a Qakbot 5.0 config extractor with Malcat
2024-02-19 - A Technical Analysis of the BackMyData Ransomware Used to Attack Hospitals in Romania
2024-02-19 - Analysis of Nood RAT Used in Attacks Against Linux (Gh0st RAT’s Variant)
2024-02-19 - Anatsa Trojan Returns - Targeting Europe and Expanding Its Reach
2024-02-19 - Pelmeni Wrapper - New Wrapper of Kazuar (Turla Backdoor)
2024-02-20 - Earth Preta Campaign Uses DOPLUGS to Target Asia
2024-02-20 - Understanding Macros in Malware - Types, Capabilities, Case Study
2024-02-21 - A stealthy threat uncovered - TeaBot on Google Play Store
2024-02-21 - Automating Qakbot Malware Analysis with Binary Ninja
2024-02-21 - Brussels spyware bombshell - Surveillance software found on officials’ phones
2024-02-21 - Malware Analysis — Remcos RAT
2024-02-21 - To Russia With Love - Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer
2024-02-22 - 8220 Gang Cryptomining Campaign Targets Linux & Windows Platforms
2024-02-22 - CloudRouter - 911 Proxy Resurrected
2024-02-22 - Doppelgänger - Russia-Aligned Influence Operation Targets Germany
2024-02-22 - Malware Analysis - XWorm
2024-02-22 - Scattered Spider laying new eggs
2024-02-23 - PIKABOT, I choose you!
2024-02-23 - Xeno RAT - A New Remote Access Trojan with Advance Capabilities
2024-02-26 - Advanced CyberChef Techniques for Configuration Extraction - Detailed Walkthrough and Examples
2024-02-26 - SEO Poisoning to Domain Control - The Gootloader Saga Continues
2024-02-27 - European diplomats targeted by SPIKEDWINE with WINELOADER
2024-02-27 - Hunting PrivateLoader - The malware behind InstallsKey PPI service
2024-02-27 - When Stealers Converge - New Variant of Atomic Stealer in the Wild
2024-02-28 - Just Carry A Ladder - Why Your EDR Let Pikabot Jump Through
2024-02-28 - XRed Backdoor - The Hidden Threat in Trojanized Programs
2024-02-29 - Dissecting DarkGate - Modular Malware Delivery and Persistence as a Service
2024-02-29 - Don't get BITTER about being targeted -- fight back with the help of the community
2024-02-29 - Novel ELF64 Remote Access Tool Embedded in Malicious PyPI Uploads
2024-02-26 - “Pantsless Data”- Decoding Chinese Cybercrime TTPs
2024-02-26 - UAC-0149 Attack Detection - Hackers Launch a Targeted Attack Against the Armed Forces of Ukraine, as CERT-UA Reports
2024-02-27 - Unveiling Phemedrone Stealer - Threat Analysis and Detections
2024-02-29 - Same Same, but Different
2024-02-29 - The Anatomy of an ALPHA SPIDER Ransomware Attack
2024-03-01 - Agent Tesla Analysis [Part 2 - Deobfuscation]
2024-02-28 - New Malicious PyPI Packages used by Lazarus
2024-01-10 - Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN
2024-01-11 - Volt Typhoon Compromises 30 percent of Cisco RV320 and 325 Devices in 37 Days
2024-01-15 - Ivanti Connect Secure VPN Exploitation Goes Global
2024-01-19 - Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard
2024-01-29 - Analysis of FalseFont Backdoor used by Peach-Sandstorm Threat Actor
2024-01-29 - Compromised routers are still leveraged as malicious infrastructure
2024-02-06 - BSI - Active APT groups in Germany
2024-02-06 - German Federal Office for Information Security - Active APT groups in Germany
2024-02-06 - Iran accelerates cyber ops against Israel from chaotic start
2024-02-07 - Iran surges cyber-enabled influence operations in support of Hamas
2024-02-09 - Ministry of Defence of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT
2024-02-09 - SugarGh0st RAT attacks Kazakhstan – State Technical Service
2024-02-12 - China’s Cyber Revenge - Why the PRC Fails to Back Its Claims of Western Espionage
2024-02-14 - CVE-2024-21412 -Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day
2024-02-14 - Hamas-linked SameCoin campaign malware analysis
2024-02-16 - Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign
2024-02-18 - I-S00N GitHub leaks
2024-02-19 - BfV and NIS warning of North Korean cyber threats targeting the Defense Sector
2024-02-21 - Operation Texonto - Information operation targeting Ukrainian speakers in the context of the war
2024-02-22 - To Russia With Love - Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer
2024-02-23 - SVR cyber actors adapt tactics for initial cloud access
2024-02-23 - TrollAgent That Infects Systems Upon Security Program Installation Process (Kimsuky Group)
2024-02-26 - Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections
2024-02-27 - Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations
2024-02-27 - When Cats Fly - Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors
2024-02-28 - GTPDOOR - A novel backdoor tailored for covert access over the roaming exchange
2024-01-15 - NoaBot Botnet - Sandboxing with ELFEN and Analysis
2024-03-01 - APT37's ROKRAT HWP Object Linking and Embedding
2024-03-04 - NIS Press Release - cyber attacks targeting domestic semiconductor equipment companies
2024-03-05 - TODDLERSHARK - ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant
2024-03-07 - Evasive Panda leverages Monlam Festival to target Tibetans
2024-03-08 - Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard
2024-03-20 - Blind Eagle's North American Journey
2024-03-20 - Review of the Summer 2023 Microsoft Exchange Online Intrusion
2024-03-21 - AcidPour - New Embedded Wiper Variant of AcidRain Appears in Ukraine
2024-03-21 - Analysis of New DEEP#GOSU Attack Campaign Likely Associated with North Korean Kimsuky Targeting Victims with Stealthy Malware
2024-03-21 - China-linked Threats to Operational Technology
2024-03-21 - New details on TinyTurla’s post-compromise activity reveal full kill chain
2024-03-21 - TA450 (MuddyWater) uses embedded links in PDF attachments in latest campaign
2024-03-22 - APT29 Uses WINELOADER to Target German Political Parties
2024-03-24 - DinodasRAT Linux implant targeting entities worldwide
2024-03-25 - Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians
2024-03-25 - Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure
2024-03-25 - UK holds China state-affiliated organisations and individuals (APT31) responsible for malicious cyber activity
2024-03-26 - Investigation into hacking of Finnish Parliament's information systems has been ongoing
2024-03-26 - Malware Disguised as Installer from Korean Public Institution (Kimsuky Group)
2024-03-26 - New Zealand accuses China of hacking parliament, condemns activity
2024-03-28 - BITTER APT Targets Chinese Government Agency
2024-03-29 - New MuddyWater Campaigns After Operation Swords of Iron
2024-03-31 - Malware Spotlight - Linodas aka DinodasRAT for Linux
2024-04-02 - APT and financial attacks on industrial organizations in H2 2023
2024-04-02 - Earth Freybug Uses UNAPIMON for Unhooking Critical APIs
2024-04-10 - eXotic Visit campaign - Tracing the footprints of Virtual Invaders
2024-04-10 - Turla APT Targets Albania With Backdooor in Ongoing Campaign to Breach European Organizations
2024-04-11 - Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear
2024-04-11 - LightSpy Returns - Renewed Espionage Campaign Targets Southern Asia, Possibly India
2024-04-12 - Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400
2024-04-12 - XZ backdoor story - Initial analysis
2024-04-12 - Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
2024-04-15 - Volt Typhoon - A Conspiratorial Swindling Campaign targets with U.S. Congress and Taxpayers conducted by U.S. Intelligence Community
2024-04-15 - Volt Typhoon false narrative a collusion among US politicians, intelligence community and companies to cheat funding, defame China
2024-04-16 - Analysis of the APT31 indictment
2024-04-18 - Annual report MIVD 2023
2024-04-18 - DuneQuixote campaign targets Middle Eastern entities with CR4T malware
2024-04-19 - UAC-0133 (Sandworm) plans for cyber sabotage on almost 20 objects of critical infrastructure of Ukraine
2024-04-20 - APT44 - Unearthing Sandworm
2024-04-22 - Analyzing Forest Blizzard's custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
2024-04-22 - MuddyWater campaign abusing Atera Agents
2024-04-22 - ToddyCat is making holes in your infrastructure
2024-04-24 - ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
2024-04-24 - Assessing the Y, and How, of the XZ Utils incident
2024-04-24 - Pakistani APTs Escalate Attacks on Indian Government
2024-04-25 - LightSpy Malware Variant Targeting macOS
2024-04-29 - A Cunning Operator - Muddling Meerkat and China's Great Firewall
2024-05-01 - Analysis of ArcaneDoor Threat Infrastructure Suggests Potential Ties to Chinese-based Actor
2024-05-01 - Router Roulette - Cybercriminals and Nation-States Sharing Compromised Networks
2024-05-02 - North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts
2024-05-03 - Expanding APT42 Intelligence
2024-05-03 - German Government - Attribution of a Russian cyber campaign
2024-05-03 - SSSCIP Russian Cyber Operations H2 2023
2024-05-03 - Statement by the North Atlantic Council concerning malicious cyber activities against Germany and Czechia
2024-05-03 - Statement of the MFA on the Cyberattacks Carried by Russian Actor APT28 on Czechia
2024-05-04 - Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign
2024-05-06 - Six Australian MPs Confirm They were Targeted by China's APT31 Hackers
2024-05-07 - LNK File Disguised as Certificate Distributing RokRAT Malware
2024-05-08 - APT28 campaign targeting Polish government institutions
2024-05-08 - Iran-Aligned Emerald Divide Influence Campaign Evolves to Exploit Israel-Hamas Conflict
2024-05-09 - Kaspersky Securelist APT trends report Q1 2024
2024-05-10 - Recruitment Trap for Blockchain Practitioners - Analysis of Suspected Lazarus (APT-Q-1) Secret Stealing Operation
2024-05-14 - ESET APT Activity Report Q4 2023 - Q1 2024
2024-05-15 - To the Moon and back(doors) - Lunar landing in diplomatic missions
2024-05-16 - Springtail (Kimsuky) - New Linux Backdoor Added to Toolkit
2024-05-16 - Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024
2024-05-20 - Bad Karma, No Justice - Void Manticore Destructive Activities in Israel
2024-05-22 - Deep Dive into the Unfading Sea Haze
2024-05-22 - Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages
2024-05-23 - Hellhounds - Operation Lahat. Part 2
2024-05-23 - Malware Transmutation! - Unveiling the Hidden Traces of BloodAlchemy
2024-05-23 - Operation Diplomatic Specter - An Active Chinese Cyberespionage Campaign targeting Governmental Entities in the Middle East, Africa and Asia
2024-05-23 - Tracking APT SideWinder Domains
2024-05-24 - Unraveling the snake tangle - following the attacks of Shedding Zmiy
2024-05-28 - Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
2024-05-29 - APT41's Reconnaissance Techniques and Toolkit
2024-05-29 - LightSpy Implant for macOS
2024-05-29 - Putin's hackers gained full access to Hungary's foreign ministry networks
2024-05-29 - Tracking Threat Actors Using Images and Artifacts
2024-05-30 - Analysis of APT Attack Cases Using Dora RAT Against Korean Companies (Andariel Group)
2024-05-30 - Disrupting FlyingYeti's (UAC-0149) campaign targeting Ukraine
2024-05-30 - GRU's BlueDelta (APT28) Targets Key Networks in Europe with Multi-Phase Espionage Campaigns
2024-05-30 - LilacSquid - The stealthy trilogy of PurpleInk, InkBox and InkLoader
2024-06-01 - From Vegas to Chengdu - Hacking Contests, Bug Bounties,and China's Offensive Cyber Ecosystem
2024-06-04 - Hurdling Over Hazards - Multifaceted Threats to the Paris Olympics
2024-06-04 - Operation Veles - Decade-Long Espionage Targeting the Global Research and Education Sector
2024-06-05 - Operation Crimson Palace - Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government
2024-06-05 - Phishing for Gold - Cyber Threats Facing the 2024 Paris Olympics
2024-06-05 - UAC-0020 (Vermin) attacks the Defense Forces of Ukraine using the SPECTR WPS in tandem with a legitimate SyncThing
2024-06-06 - Howling at the Inbox - Sticky Werewolf's Latest Malicious Aviation Attacks
2024-06-10 - Another battlefield - Telegram as a digital front in Russia’s war against Ukraine
2024-06-10 - APT and financial attacks on industrial organizations in Q1 2024
2024-06-10 - MIVD Ongoing state cyber espionage campaign via vulnerable edge devices
2024-06-11 - APT Attacks Using Cloud Storage
2024-06-11 - Noodle RAT - Reviewing the Backdoor Used by Chinese-Speaking Groups
2024-06-11 - SmallTiger Malware Used in Attacks Against South Korean Businesses (Kimsuky and Andariel)
2024-06-13 - Arid Viper poisons Android apps with AridSpy
2024-06-13 - DISGOMOJI Malware Used to Target Indian Government
2024-06-13 - Operation Celestial Force employs mobile and desktop malware to target Indian entities
2024-06-16 - China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence
2024-06-18 - Cloaked and Covert - Uncovering UNC3886 Espionage Operations
2024-06-19 - CERT-FR Malicious activities linked to the Nobelium intrusion set
2024-06-19 - New North-Korean based backdoor packs a punch
2024-06-20 - Sustained Campaign Using Chinese Espionage Tools Targets Telcos
2024-06-21 - Analysis of PHANTOM#SPIKE - Attackers Leveraging CHM Files to Run Custom CSharp Backdoors Likely Targeting Victims Associated with Pakistan
2024-06-21 - SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques
2024-06-21 - Unveiling SpiceRAT - SneakyChef's latest tool targeting EMEA and Asia
2024-06-24 - Armageddon is more than a Grammy-nominated album
2024-06-24 - Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation
2024-06-24 - Russia-Linked CopyCop Expands to Cover US Elections, Target Political Leaders
2024-06-26 - ChamelGang & Friends - Cyberespionage Groups Attacking Critical Infrastructure with Ransomware
2024-06-26 - Russian National (Amin Timovich Stigal) Charged for Conspiring with Russian Military Intelligence to Destroy Ukrainian Government Computer Systems and Data
2024-06-27 - Kimsuky deploys TRANSLATEXT to target South Korean academia
2024-06-28 - TeamViewer links corporate cyberattack to Russian state hackers
2024-07-01 - CapraTube Remix - Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts
2024-07-01 - Xctdoor Malware Used in Attacks Against Korean Companies (Andariel)
2024-07-05 - Turla - A Master’s Art of Evasion
2024-07-08 - CloudSorcerer – A new APT targeting Russian government entities
2024-07-08 - Volt Typhoon II - A secret Disinformation Campaign targeting U.S. Congress and Taxpayers conducted by U.S. Government agencies
2024-07-09 - APT40 Advisory - PRC MSS tradecraft in action
2024-07-09 - Italian government agencies and companies in the target of a Chinese APT17
2024-07-09 - OceanLotus uses social security topics as bait to conduct APT attacks
2024-07-10 - DodgeBox - A deep dive into the updated arsenal of APT41 Part 1
2024-07-11 - MoonWalk - A deep dive into the updated arsenal of APT41 Part 2
2024-07-13 - A Deep Dive into APT41s Latest Arsenal (Part 1)
2024-07-15 - New BugSleep Backdoor Deployed in Recent MuddyWater Campaigns
2024-07-16 - AG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies
2024-07-18 - APT41 Has Arisen From the DUST
2024-07-18 - The Patchwork group has updated its arsenal, launching attacks for the first time using Brute Ratel C4 and an enhanced version of PGoShell
2024-07-23 - Daggerfly - Espionage Group Makes Major Update to Toolset
2024-07-23 - KnowBe4 - How a North Korean Fake IT Worker Tried to Infiltrate Us
2024-07-23 - Transparent Tribe targets recent Election Results
2024-07-24 - FrostyGoop Intel Brief
2024-07-24 - Russia-nexus actor targets Ukraine
2024-07-24 - Spot burst of activity UAC-0057 (CERT-UA#10340)
2024-07-25 - APT45 - North Korea’s Digital Military Machine
2024-07-25 - How APT groups operate in Southeast Asia
2024-07-25 - Mid-year Doppelgänger information operations in Europe and the US
2024-07-25 - Onyx Sleet uses array of malware to gather intelligence for North Korea
2024-07-25 - SideWinder Utilizes New Infrastructure to Target Ports and Maritime Facilities in the Mediterranean Sea
2024-07-31 - Cyberattack on the Federal Office of Cartography and Geodesy can be attributed to Chinese state attackers
2024-08-01 - APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike
2024-08-01 - BfV CYBER INSIGHT - The i-Soon-Leaks - Industrialization of Cyber Espionage - Part 1 Organization and methods
2024-08-01 - BITS and Bytes - Analyzing BITSLOTH, a newly identified backdoor
2024-08-02 - Fighting Ursa Luring Targets With Car for Sale
2024-08-02 - StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms
2024-08-08 - Iran Targeting 2024 US Election
2024-08-08 - The i-Soon-Leaks - Industrialization of Cyber Espionage - Part 2
2024-08-09 - A Dive into Earth Baku's Latest Campaign
2024-08-12 - South Koreas Pseudo Hunter APT organization uses multiple domestic software vulnerabilities to attack China
2024-08-13 - Kaspersky APT trends report Q2 2024
2024-08-14 - Cyclops - a likely replacement for BellaCiao
2024-08-14 - EastWind campaign - new CloudSorcerer attacks on government organizations in Russia
2024-08-14 - Iranian backed group steps up phishing campaigns against Israel, U.S
2024-08-14 - Rivers of Phish - Sophisticated Phishing Targets Russias Perceived Enemies Around the Globe
2024-08-15 - The i-Soon-Leaks - Industrialization of Cyber Espionage - Part 3
2024-08-17 - Sidewinder APT – Phishing on Pakistan
2024-08-19 - BlindEagle flying high in Latin America
2024-08-20 - GreenCharlie Infrastructure Targeting US Political Entities with Advanced Phishing and Malware
2024-08-20 - New Backdoor Targeting Taiwan Employs Stealthy Communications
2024-08-21 - MoonPeak malware from North Korean actors unveils new details on attacker infrastructure
2024-08-22 - China-Nexus Threat Group Velvet Ant Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches
2024-08-22 - The i-Soon-Leaks - Industrialization of Cyber Espionage - Part 4
2024-08-23 - Analysis of New Variants and Subsequent Components of Patchwork(APT-Q-36) Spyder Downloader
2024-08-26 - Operation DevilTiger - 0day vulnerability techniques and tactics used by APT-Q-12 disclosed
2024-08-27 - Doppelgaenger - Details on a Russian disinformation campaign
2024-08-28 - Advanced Persistent Threat (OceanLotus) Targeting Vietnamese Human Rights Defenders
2024-08-28 - Analysis of two arbitrary code execution vulnerabilities affecting WPS Office
2024-08-28 - I Spy With My Little Eye - Uncovering an Iranian Counterintelligence Operation
2024-08-28 - Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
2024-08-28 - Operation Oxidový - Sophisticated Malware Campaign Targets Czech Officials Using NATO-Themed Decoys
2024-08-28 - Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations
2024-08-29 - State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
2024-08-29 - The Malware That Must Not Be Named - Suspected Espionage Campaign Delivers Voldemort
2024-08-30 - North Korean threat actor Citrine Sleet exploiting Chromium zero-day
2024-09-03 - A deep dive into the most interesting incident response cases of last year
2024-09-03 - DeFied Expectations - Examining Web3 Heists
2024-09-04 - APT Lazarus - Eager Crypto Beavers, Video calls and Games
2024-09-04 - Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion
2024-09-04 - Reconnaissance Scanning Tools Used by Chinese Threat Actors and Those Available in Open Source
2024-09-05 - GRU 29155 Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure
2024-09-05 - Tropic Trooper spies on government entities in the Middle East
2024-09-06 - Chinese APT Abuses VSCode to Target Government in Asia
2024-09-06 - Disjointed Cyber Warfare - Internal Conflicts among Russian Intelligence Agencies
2024-09-06 - TIDRONE Targets Military and Satellite Industries in Taiwan
2024-09-09 - Earth Preta Evolves its Attacks with New Malware and Strategies
2024-09-09 - North Korean Threat Groups
2024-09-10 - Crimson Palace returns - New Tools, Tactics, and Targets
2024-09-11 - Targeted Iranian Attacks Against Iraqi Government Infrastructure
2024-09-15 - Kimsuky A Gift That Keeps on Giving
2024-09-15 - Shining a Light in the Dark – Uncovering an APT Lurking in Shadows of IT
2024-09-17 - An Offer You Can Refuse - UNC2970 Backdoor Deployment Using Trojanized PDF Reader
2024-09-17 - Analysis of Fox Kitten Infrastructure Reveals Unique Host Patterns and Potentially New IOCs
2024-09-18 - Code of Conduct - DPRKs Python-fueled intrusions into secured networks
2024-09-18 - Derailing the Raptor Train
2024-09-18 - Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors
2024-09-19 - COLDWASTREL of space
2024-09-19 - Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC
2024-09-19 - The Iranian Cyber Capability
2024-09-19 - UNC1860 and the Temple of Oats - Irans Hidden Hand in Middle Eastern Networks
2024-09-23 - Analysis of APT-C-00 (OceanLotus) Dual Loader and Homologous VMP Loader
2024-09-24 - Analyzing the Newest Turla Backdoor
2024-09-25 - Unraveling SloppyLemmings Operations Across South Asia
2024-09-26 - Cyberespionage the Gamaredon way - Analysis of toolset used to spy on Ukraine in 2022 and 2023
2024-09-26 - Unraveling Sparkling Piscess Tool Set - KLogEXE and FPSpy
2024-09-27 - North Koreas hackers target Diehl Defence
2024-09-30 - A phishing campaign by the state attack group APT42 against academics
2024-09-30 - The Lies Russia Tells Itself
2024-10-01 - Evil Corps deep ties with Russia and NATO member attacks exposed
2024-10-01 - Zimperium Coverage on COLDRIVER Phishing Campaign
2024-10-02 - Separating the bee from the panda - CeranaKeeper making a beeline for Thailand
2024-10-02 - Stonefly - Extortion Attacks Continue Against U.S. Targets
2024-10-03 - SHROUDED SLEEP - A Deep Dive into North Korea’s Ongoing Campaign Against Southeast Asia
2024-10-05 - U.S. Wiretap Systems Targeted in China-Linked Hack
2024-10-07 - Awaken Likho is awake - new techniques of an APT group
2024-10-07 - Mind the (air) gap - GoldenJackal gooses government guardrails
2024-10-09 - Contagious Interview - DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware
2024-10-09 - Operation MiddleFloor - Disinformation campaign targets Moldova ahead of presidential elections and EU membership referendum
2024-10-10 - Analysis of attack activities of APT-C-20 (APT28) using compound attack tactics
2024-10-10 - Unmasking Adversary Infrastructure - How Certificates and Redirects Exposed Earth Baxia and PlugX Activity
2024-10-10 - Update on SVR Cyber Operations and Vulnerability Exploitation
2024-10-11 - Burning Zero Days - Suspected Nation-State Adversary Targets Ivanti CSA
2024-10-11 - GRU military unit 29155
2024-10-13 - FASTCash for Linux
2024-10-13 - OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf
2024-10-14 - Volt Typhoon III - Unraveling Cyberespionage and Disinformation Operations Conducted by U.S. Government Agencies
2024-10-15 - Beyond the Surface - the evolution and expansion of the SideWinder APT group
2024-10-15 - Volt Typhoon - Part 2 Leveraging ExoneraTor to Unmask the Threat Actor
2024-10-16 - Chinas Influence Ops - Twisting Tales of Volt Typhoon at Home and Abroad
2024-10-16 - Fraudulent North Korean IT Worker Schemes - From Insider Threats to Extortion
2024-10-16 - Frequent vulnerabilities and high failure rates should be used to troubleshoot Intel product network security risks
2024-10-16 - IcePeony with the 996 work culture
2024-10-16 - Iranian Cyber Actors Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
2024-10-16 - Operation Code on Toast
2024-10-16 - Suspected Mysterious Elephant group uses CHM files to attack multiple countries in South Asia
2024-10-16 - Unmasking CVE-2024-38178 - The Silent Threat of Windows Scripting Engine
2024-10-21 - MoonWalk - A closer look at APT41s updated arsenal (Part 2)
2024-10-23 - Highlighting Asylum Ambuscade (TA866) Activity Since 2021
2024-10-23 - Operation Overload Impersonates Media to Influence 2024 US Election
2024-10-23 - RDP configuration files as a means of obtaining remote access to a computer or _Rogue RDP_ (CERT-UA#11690)
2024-10-23 - The Crypto Game of Lazarus APT - Investors vs. Zero-days
2024-10-24 - LightSpy - Implant for iOS
2024-10-24 - Operation Cobalt Whisper - Threat Actor Targets Multiple Industries Across Hong Kong and Pakistan
2024-10-24 - Russian Strategic Information Attack for Catastrophic Effect
2024-10-28 - CloudScout - Evasive Panda scouting cloud services
2024-10-28 - Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives
2024-10-29 - Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
2024-10-30 - APT Group - Konni Launches New Attacks on South Korea
2024-10-30 - Jumpy Pisces Engages in Play Ransomware
2024-10-31 - Inside LameDuck - analyzing Anonymous Sudans threat operations
2024-10-31 - Pacific Rim - Inside the Counter-Offensive - The TTPs Used to Neutralize China-Based Threats
2024-11-04 - Cloudy With a Chance of RATs - Unveiling APT36 and the Evolution of ElizaRAT
2024-11-04 - CRON#TRAP - Emulated Linux Environments as the Latest Tactic in Malware Staging
2024-11-04 - New OceanLotus organization first used MST files to deliver special payload
2024-11-06 - Analysis of Cyber-Recon Activities Behind APT37 Threat Actor
2024-11-07 - APT Activity Report Q3 2024
2024-11-07 - BlueNoroff Hidden Risk - Threat Actor Targets Macs with Fake Crypto News and Novel Persistence
2024-11-12 - APT Actors Embed Malware within macOS Flutter Applications
2024-11-12 - China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike
2024-11-12 - Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity
2024-11-12 - LightSpy - APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign
2024-11-12 - New Zero-Detection Variant of Melofee Backdoor from Winnti Strikes RHEL 7.9
2024-11-13 - A three beats waltz - The ecosystem behind Chinese state-sponsored cyber threats
2024-11-13 - Stealthy Attributes of Lazarus APT Group - Evading Detection with Extended Attributes
2024-11-14 - Russian Sabotage Activities Escalate Amid Fraught Tensions
2024-11-15 - BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA
2024-11-16 - Patchwork (White Elephant) Protego remote control Trojan C2 implementation errors
2024-11-18 - Suspected Nation-State Adversary Targets Pakistan Navy in Cyber Espionage Campaign
2024-11-19 - FrostyGoops Zoom-In - A Closer Look into the Malware Artifacts, Behaviors and Network Communications
2024-11-19 - Spot the Difference- Earth Kashas New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella
2024-11-21 - DPRK IT Workers - A Network of Active Front Companies and Their Links to China
2024-11-21 - Russia-Aligned TAG-110 Targets Asia and Europe with HATVIBE and CHERRYSPY
2024-11-21 - Unveiling WolfsBane - Gelsemiums Linux counterpart to Gelsevirine
2024-11-22 - Seeing Through a GLASSBRIDGE - Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations
2024-11-22 - The Nearest Neighbor Attack - How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access
2024-11-22 - Unveiling the Past and Present of APT-K-47 Weapon - Asyncshell
2024-11-25 - Advanced threat predictions for 2025
2024-11-26 - Analysis report on recent phishing attacks by APT-C-48 (CNC)
2024-11-26 - RomCom exploits Firefox and Windows zero days in the wild
2024-11-28 - APT trends report Q3 2024
2024-12-02 - Analysis of Kimsuky Threat Actors Email Phishing Campaign
2024-12-04 - Frequent freeloader part I - Secret Blizzard compromising Storm-0156 infrastructure for espionage
2024-12-04 - Sichuan Silence Information Technology - Great Sounds are Often Inaudible
2024-12-04 - Snowblind - The Invisible Hand of Secret Blizzard
2024-12-05 - MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaurs Multi-Platform Attacks
2024-12-10 - Breaking the Circle - Chinese Communist Party Propaganda Infrastructure Rapidly Expands
2024-12-10 - Operation Digital Eye - Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels
2024-12-11 - Attack Exploiting Legitimate Service by APT-C-60
2024-12-11 - Frequent freeloader part II_ Russian actor Secret Blizzard using tools of other groups to attack Ukraine
2024-12-11 - Likely China-based Attackers Target High-profile Organizations in Southeast Asia
2024-12-11 - New Chinese Surveillance Tool Used by Public Security Bureaus
2024-12-11 - Two Russian Android Spyware Families from Gamaredon APT
2024-12-12 - Careto is back - what is new after 10 years of silence_
2024-12-12 - Declawing PUMAKIT
2024-12-12 - Glutton - A New Zero-Detection PHP Backdoor from Winnti Targets Cybercrimals
2024-12-13 - Analysis on the Case of TIDRONE Threat Actors Attacks on Korean Companies
2024-12-13 - Under the SADBRIDGE with GOSAR - QUASAR Gets a Golang Rewrite
2024-12-16 - HiatusRAT Actors Targeting Web Cameras and DVRs
2024-12-17 - Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks
2024-12-17 - Hidden in Plain Sight - TA397s New Attack Chain Delivers Espionage RATs
2024-12-19 - Lazarus group evolves its infection chain with old and new malware
2024-12-23 - Analysis of Attack Cases Against Korean Solutions by the Andariel Group (SmallTiger)
2024-12-23 - Cloud Atlas seen using a new tool in its attacks
2024-12-25 - OtterCookie, a new malware used by Contagious Interview