TOP 10 unattributed APT mysteries
Targeted attack attribution is always a tricky thing, and in general, we believe that attribution is best left to law enforcement agencies. The reason is that, while in 90%, it is possible to understand...
Tagged: Targeted Attacks
The BlueNoroff cryptocurrency hunt is still on
BlueNoroff is the name of an APT group coined by Kaspersky researchers while investigating the notorious attack on Bangladesh’s Central Bank back in 2016. A mysterious group with links to Lazarus and an unusual...
Kaspersky Managed Detection and Response: interesting cases
Kaspersky Managed Detection and Response (MDR) provides advanced protection against the growing number of threats that bypass automatic security barriers. Its capabilities are backed by a high-professional team of security analysts operating all over...
The story of the year: ransomware in the headlines
In the past twelve months, the word “ransomware” has popped up in countless headlines worldwide across both print and digital publications: The Wall Street Journal, the BBC, the New York Times. It is no...
WIRTE’s campaign in the Middle East ‘living off the land’ since at least 2019
Overview This February, during our hunting efforts for threat actors using VBS/VBA implants, we came across MS Excel droppers that use hidden spreadsheets and VBA macros to drop their first stage implant. The implant...
WIRTE APT Campaign Active Since 2019
According to Kaspersky’s Securelist threat report, the threat actor has targeted a majority of industries in the Middle East. The affected entities are located in Armenia, Cyprus, Egypt, Jordan, Lebanon, Palestine, Syria, and Turkey....
APT annual review 2021
In the Global Research and Analysis Team at Kaspersky, we track the ongoing activities of more than 900 advanced threat actors and activity clusters; you can find our quarterly overviews here, here and here....
ScarCruft surveilling North Korean defectors and human rights activists
The ScarCruft group (also known as APT37 or Temp.Reaper) is a nation-state sponsored APT actor we first reported in 2016. ScarCruft is known to target North Korean defectors, journalists who cover North Korea-related news...
Advanced threat predictions for 2022
Over the past 12 months, the style and severity of APT threats has continued to evolve. Despite their constantly changing nature, there is a lot we can learn from recent APT trends to predict...
APT trends report Q3 2021
For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research...
Lyceum group reborn
This year, we had the honor to be selected for the thirty-first edition of the Virus Bulletin conference. During the live program, we presented our research into the Lyceum group (also known as Hexane),...
MysterySnail attacks with Windows zero-day
Executive Summary In late August and early September 2021, Kaspersky technologies detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. The exploit had numerous debug strings from...
DarkHalo after SolarWinds: the Tomiris connection
Background In December 2020, news of the SolarWinds incident took the world by storm. While supply-chain attacks were already a documented attack vector leveraged by a number of APT actors, this specific campaign stood...
GhostEmperor: From ProxyLogon to kernel mode
Download GhostEmperor’s technical details (PDF) While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for...
Exploitation of the CVE-2021-40444 vulnerability in MSHTML
Summary Last week, Microsoft reported the remote code execution vulnerability CVE-2021-40444 in the MSHTML browser engine. According to the company, this vulnerability has already been used in targeted attacks against Microsoft Office users. In...
IT threat evolution Q2 2021
Targeted attacks The leap of a Cycldek-related threat actor It is quite common for Chinese-speaking threat actors to share tools and methodologies: one such example is the infamous “DLL side-loading triad”: a legitimate executable,...
