Tagged: Targeted Attacks

TOP 10 unattributed APT mysteries 0

TOP 10 unattributed APT mysteries

Targeted attack attribution is always a tricky thing, and in general, we believe that attribution is best left to law enforcement agencies. The reason is that, while in 90%, it is possible to understand...

WIRTE APT Campaign Active Since 2019 0

WIRTE APT Campaign Active Since 2019

According to Kaspersky’s Securelist threat report, the threat actor has targeted a majority of industries in the Middle East. The affected entities are located in Armenia, Cyprus, Egypt, Jordan, Lebanon, Palestine, Syria, and Turkey....

APT annual review 2021 0

APT annual review 2021

In the Global Research and Analysis Team at Kaspersky, we track the ongoing activities of more than 900 advanced threat actors and activity clusters; you can find our quarterly overviews here, here and here....

Advanced threat predictions for 2022 0

Advanced threat predictions for 2022

Over the past 12 months, the style and severity of APT threats has continued to evolve. Despite their constantly changing nature, there is a lot we can learn from recent APT trends to predict...

APT trends report Q3 2021 0

APT trends report Q3 2021

For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research...

Lyceum group reborn 0

Lyceum group reborn

This year, we had the honor to be selected for the thirty-first edition of the Virus Bulletin conference. During the live program, we presented our research into the Lyceum group (also known as Hexane),...

MysterySnail attacks with Windows zero-day 0

MysterySnail attacks with Windows zero-day

Executive Summary In late August and early September 2021, Kaspersky technologies detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. The exploit had numerous debug strings from...

GhostEmperor: From ProxyLogon to kernel mode 0

GhostEmperor: From ProxyLogon to kernel mode

 Download GhostEmperor’s technical details (PDF) While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for...

IT threat evolution Q2 2021 0

IT threat evolution Q2 2021

Targeted attacks The leap of a Cycldek-related threat actor It is quite common for Chinese-speaking threat actors to share tools and methodologies: one such example is the infamous “DLL side-loading triad”: a legitimate executable,...