Provided FREE to you thanks to our wonderful sponsors

sponsor sponsor sponsor sponsor
sponsor sponsor
sponsor sponsor sponsor sponsor sponsor sponsor
Toggle view mode
FTS on file and folder names

2024.01.05 - Turkish espionage campaigns in the Netherlands

2024.01.10 - Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN

2024.01.11 - Clearing the Fog of War – A critical analysis of recent energy sector cyberattacks in Denmark and Ukraine

2024.01.11 - Volt Typhoon Compromises 30 percent of Cisco RV320 and 325 Devices in 37 Days

2024.01.15 - Ivanti Connect Secure VPN Exploitation Goes Global

2024.01.17 - New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs

2024.01.18 - Ivanti Connect Secure VPN Exploitation: New Observations

2024.01.18 - Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware

2024.01.19 - Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021

2024.01.19 - Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard

2024.01.22 - ScarCruft - Attackers Gather Strategic Intelligence and Target Cybersecurity Professionals

2024.01.29 - Analysis of FalseFont Backdoor used by Peach-Sandstorm Threat Actor

2024.01.29 - Blackwood APT Group Has a New DLL Loader

2024.01.29 - Compromised routers are still leveraged as malicious infrastructure to target government organizations in Europe and Caucasus

2024.01.29 - KrustyLoader - Rust malware linked to Ivanti ConnectSecure compromises

2024.02.01 - Qianxin 2023 APT Report

2024.02.05 - Annual Threat Assessment of the US Intelligence Community 2024

2024.02.06 - BSI - Active APT groups in Germany

2024.02.06 - German Federal Office for Information Security - Active APT groups in Germany

2024.02.06 - Iran accelerates cyber ops against Israel from chaotic start

2024.02.07 - Iran surges cyber-enabled influence operations in support of Hamas

2024.02.07 - PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure

2024.02.08 - New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization

2024.02.09 - Ministry of Defence of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT

2024.02.09 - SugarGh0st RAT attacks Kazakhstan – State Technical Service

2024.02.12 - China’s Cyber Revenge - Why the PRC Fails to Back Its Claims of Western Espionage

2024.02.13 - CharmingCypress - Innovating Persistence

2024.02.14 - CVE-2024-21412 -Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day

2024.02.14 - Hamas-linked SameCoin campaign malware analysis

2024.02.14 - Staying ahead of threat actors in the age of AI

2024.02.15 - Lithuania National Threat Assessment 2024

2024.02.15 - TinyTurla Next Generation - Turla APT spies on Polish NGOs

2024.02.16 - Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign

2024.02.18 - I-S00N GitHub leaks

2024.02.19 - BfV and NIS warning of North Korean cyber threats targeting the Defense Sector

2024.02.19 - Pelmeni Wrapper - New Wrapper of Kazuar (Turla Backdoor)

2024.02.19 - VOLTZITE Espionage Operations Targeting U.S. Critical Systems

2024.02.20 - Earth Preta Campaign Uses DOPLUGS to Target Asia

2024.02.21 - Operation Texonto - Information operation targeting Ukrainian speakers in the context of the war

2024.02.22 - Doppelgänger - Russia-Aligned Influence Operation Targets Germany

2024.02.22 - Lessons from the iSOON Leaks

2024.02.22 - New Leak Shows Business Side of China’s APT Menace

2024.02.22 - To Russia With Love - Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer

2024.02.23 - Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT Campaigns

2024.02.23 - SVR cyber actors adapt tactics for initial cloud access

2024.02.23 - TrollAgent That Infects Systems Upon Security Program Installation Process (Kimsuky Group)

2024.02.26 - Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections

2024.02.27 - European diplomats targeted by SPIKEDWINE with WINELOADER

2024.02.27 - Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations

2024.02.27 - When Cats Fly - Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors

2024.02.28 - GTPDOOR - A novel backdoor tailored for covert access over the roaming exchange

2024.02.28 - New Malicious PyPI Packages used by Lazarus

2024.03.01 - APT37's ROKRAT HWP Object Linking and Embedding

2024.03.04 - NIS Press Release - cyber attacks targeting domestic semiconductor equipment companies

2024.03.05 - TODDLERSHARK - ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant

2024.03.07 - Evasive Panda leverages Monlam Festival to target Tibetans

2024.03.08 - Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard

2024.03.20 - Blind Eagle's North American Journey

2024.03.20 - Review of the Summer 2023 Microsoft Exchange Online Intrusion

2024.03.21 - AcidPour - New Embedded Wiper Variant of AcidRain Appears in Ukraine

2024.03.21 - Analysis of New DEEP#GOSU Attack Campaign Likely Associated with North Korean Kimsuky Targeting Victims with Stealthy Malware

2024.03.21 - China-linked Threats to Operational Technology

2024.03.21 - New details on TinyTurla’s post-compromise activity reveal full kill chain

2024.03.21 - TA450 (MuddyWater) uses embedded links in PDF attachments in latest campaign

2024.03.22 - APT29 Uses WINELOADER to Target German Political Parties

2024.03.24 - DinodasRAT Linux implant targeting entities worldwide

2024.03.25 - Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians

2024.03.25 - Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure

2024.03.25 - UK holds China state-affiliated organisations and individuals (APT31) responsible for malicious cyber activity

2024.03.26 - Investigation into hacking of Finnish Parliament's information systems has been ongoing

2024.03.26 - Malware Disguised as Installer from Korean Public Institution (Kimsuky Group)

2024.03.26 - New Zealand accuses China of hacking parliament, condemns activity

2024.03.28 - BITTER APT Targets Chinese Government Agency

2024.03.29 - New MuddyWater Campaigns After Operation Swords of Iron

2024.03.31 - Malware Spotlight - Linodas aka DinodasRAT for Linux

2024.04.02 - APT and financial attacks on industrial organizations in H2 2023

2024.04.02 - Earth Freybug Uses UNAPIMON for Unhooking Critical APIs

2024.04.10 - Turla APT Targets Albania With Backdooor in Ongoing Campaign to Breach European Organizations

2024.04.10 - eXotic Visit campaign - Tracing the footprints of Virtual Invaders

2024.04.11 - Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear

2024.04.11 - LightSpy Returns - Renewed Espionage Campaign Targets Southern Asia, Possibly India

2024.04.12 - Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400

2024.04.12 - XZ backdoor story - Initial analysis

2024.04.12 - Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)

2024.04.15 - Volt Typhoon - A Conspiratorial Swindling Campaign targets with U.S. Congress and Taxpayers conducted by U.S. Intelligence Community

2024.04.15 - Volt Typhoon false narrative a collusion among US politicians, intelligence community and companies to cheat funding, defame China

2024.04.16 - Analysis of the APT31 indictment

2024.04.18 - Annual report MIVD 2023

2024.04.18 - DuneQuixote campaign targets Middle Eastern entities with CR4T malware

2024.04.19 - UAC-0133 (Sandworm) plans for cyber sabotage on almost 20 objects of critical infrastructure of Ukraine

2024.04.20 - APT44 - Unearthing Sandworm

2024.04.22 - Analyzing Forest Blizzard's custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

2024.04.22 - MuddyWater campaign abusing Atera Agents

2024.04.22 - ToddyCat is making holes in your infrastructure

2024.04.24 - ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices

2024.04.24 - Assessing the Y, and How, of the XZ Utils incident

2024.04.24 - Pakistani APTs Escalate Attacks on Indian Government

2024.04.25 - LightSpy Malware Variant Targeting macOS

2024.04.29 - A Cunning Operator - Muddling Meerkat and China's Great Firewall

2024.05.01 - Analysis of ArcaneDoor Threat Infrastructure Suggests Potential Ties to Chinese-based Actor

2024.05.01 - Router Roulette - Cybercriminals and Nation-States Sharing Compromised Networks

2024.05.02 - North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts

2024.05.03 - Expanding APT42 Intelligence

2024.05.03 - German Government - Attribution of a Russian cyber campaign

2024.05.03 - SSSCIP Russian Cyber Operations H2 2023

2024.05.03 - Statement by the North Atlantic Council concerning malicious cyber activities against Germany and Czechia

2024.05.03 - Statement of the MFA on the Cyberattacks Carried by Russian Actor APT28 on Czechia

2024.05.04 - Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign

2024.05.06 - Six Australian MPs Confirm They were Targeted by China's APT31 Hackers

2024.05.07 - LNK File Disguised as Certificate Distributing RokRAT Malware

2024.05.08 - APT28 campaign targeting Polish government institutions

2024.05.08 - Iran-Aligned Emerald Divide Influence Campaign Evolves to Exploit Israel-Hamas Conflict

2024.05.09 - Kaspersky Securelist APT trends report Q1 2024

2024.05.10 - Recruitment Trap for Blockchain Practitioners - Analysis of Suspected Lazarus (APT-Q-1) Secret Stealing Operation

2024.05.14 - ESET APT Activity Report Q4 2023 - Q1 2024

2024.05.15 - To the Moon and back(doors) - Lunar landing in diplomatic missions

2024.05.16 - Springtail (Kimsuky) - New Linux Backdoor Added to Toolkit

2024.05.16 - Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024

2024.05.20 - Bad Karma, No Justice - Void Manticore Destructive Activities in Israel

2024.05.22 - Deep Dive into the Unfading Sea Haze

2024.05.22 - Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages

2024.05.23 - Hellhounds - Operation Lahat. Part 2

2024.05.23 - Malware Transmutation! - Unveiling the Hidden Traces of BloodAlchemy

2024.05.23 - Operation Diplomatic Specter - An Active Chinese Cyberespionage Campaign targeting Governmental Entities in the Middle East, Africa and Asia

2024.05.23 - Tracking APT SideWinder Domains

2024.05.24 - Unraveling the snake tangle - following the attacks of Shedding Zmiy

2024.05.28 - Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks

2024.05.29 - APT41's Reconnaissance Techniques and Toolkit

2024.05.29 - LightSpy Implant for macOS

2024.05.29 - Putin's hackers gained full access to Hungary's foreign ministry networks

2024.05.29 - Tracking Threat Actors Using Images and Artifacts

2024.05.30 - Analysis of APT Attack Cases Using Dora RAT Against Korean Companies (Andariel Group)

2024.05.30 - Disrupting FlyingYeti's (UAC-0149) campaign targeting Ukraine

2024.05.30 - GRU's BlueDelta (APT28) Targets Key Networks in Europe with Multi-Phase Espionage Campaigns

2024.05.30 - LilacSquid - The stealthy trilogy of PurpleInk, InkBox and InkLoader

2024.06.01 - From Vegas to Chengdu - Hacking Contests, Bug Bounties,and China's Offensive Cyber Ecosystem

2024.06.04 - Hurdling Over Hazards - Multifaceted Threats to the Paris Olympics

2024.06.04 - Operation Veles - Decade-Long Espionage Targeting the Global Research and Education Sector

2024.06.05 - Operation Crimson Palace - Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government

2024.06.05 - Phishing for Gold - Cyber Threats Facing the 2024 Paris Olympics

2024.06.05 - UAC-0020 (Vermin) attacks the Defense Forces of Ukraine using the SPECTR WPS in tandem with a legitimate SyncThing

2024.06.06 - Howling at the Inbox - Sticky Werewolf's Latest Malicious Aviation Attacks

2024.06.10 - APT and financial attacks on industrial organizations in Q1 2024

2024.06.10 - Another battlefield - Telegram as a digital front in Russia’s war against Ukraine

2024.06.10 - MIVD Ongoing state cyber espionage campaign via vulnerable edge devices

2024.06.11 - APT Attacks Using Cloud Storage

2024.06.11 - Noodle RAT - Reviewing the Backdoor Used by Chinese-Speaking Groups

2024.06.11 - SmallTiger Malware Used in Attacks Against South Korean Businesses (Kimsuky and Andariel)

2024.06.13 - Arid Viper poisons Android apps with AridSpy

2024.06.13 - DISGOMOJI Malware Used to Target Indian Government

2024.06.13 - Operation Celestial Force employs mobile and desktop malware to target Indian entities

2024.06.16 - China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence

2024.06.18 - Cloaked and Covert - Uncovering UNC3886 Espionage Operations

2024.06.19 - CERT-FR Malicious activities linked to the Nobelium intrusion set

2024.06.19 - New North-Korean based backdoor packs a punch

2024.06.20 - Sustained Campaign Using Chinese Espionage Tools Targets Telcos

2024.06.21 - Analysis of PHANTOM#SPIKE - Attackers Leveraging CHM Files to Run Custom CSharp Backdoors Likely Targeting Victims Associated with Pakistan

2024.06.21 - SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques

2024.06.21 - Unveiling SpiceRAT - SneakyChef's latest tool targeting EMEA and Asia

2024.06.24 - Armageddon is more than a Grammy-nominated album

2024.06.24 - Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation

2024.06.24 - Russia-Linked CopyCop Expands to Cover US Elections, Target Political Leaders

2024.06.26 - ChamelGang & Friends - Cyberespionage Groups Attacking Critical Infrastructure with Ransomware

2024.06.26 - Russian National (Amin Timovich Stigal) Charged for Conspiring with Russian Military Intelligence to Destroy Ukrainian Government Computer Systems and Data

2024.06.27 - Kimsuky deploys TRANSLATEXT to target South Korean academia

2024.06.28 - TeamViewer links corporate cyberattack to Russian state hackers

2024.07.01 - CapraTube Remix - Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts

2024.07.01 - Xctdoor Malware Used in Attacks Against Korean Companies (Andariel)

2024.07.05 - Turla - A Master’s Art of Evasion

2024.07.08 - CloudSorcerer – A new APT targeting Russian government entities

2024.07.08 - Volt Typhoon II - A secret Disinformation Campaign targeting U.S. Congress and Taxpayers conducted by U.S. Government agencies

2024.07.09 - APT40 Advisory - PRC MSS tradecraft in action

2024.07.09 - Italian government agencies and companies in the target of a Chinese APT17

2024.07.09 - OceanLotus uses social security topics as bait to conduct APT attacks

2024.07.10 - DodgeBox - A deep dive into the updated arsenal of APT41 Part 1

2024.07.11 - MoonWalk - A deep dive into the updated arsenal of APT41 Part 2

2024.07.13 - A Deep Dive into APT41s Latest Arsenal (Part 1)

2024.07.15 - New BugSleep Backdoor Deployed in Recent MuddyWater Campaigns

2024.07.16 - AG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies

2024.07.18 - APT41 Has Arisen From the DUST

2024.07.18 - The Patchwork group has updated its arsenal, launching attacks for the first time using Brute Ratel C4 and an enhanced version of PGoShell

2024.07.23 - Daggerfly - Espionage Group Makes Major Update to Toolset

2024.07.23 - KnowBe4 - How a North Korean Fake IT Worker Tried to Infiltrate Us

2024.07.23 - Transparent Tribe targets recent Election Results

2024.07.24 - FrostyGoop Intel Brief

2024.07.24 - Russia-nexus actor targets Ukraine

2024.07.24 - Spot burst of activity UAC-0057 (CERT-UA#10340)

2024.07.25 - APT45 - North Korea’s Digital Military Machine

2024.07.25 - How APT groups operate in Southeast Asia

2024.07.25 - Mid-year Doppelgänger information operations in Europe and the US

2024.07.25 - Onyx Sleet uses array of malware to gather intelligence for North Korea

2024.07.25 - SideWinder Utilizes New Infrastructure to Target Ports and Maritime Facilities in the Mediterranean Sea

2024.07.31 - Cyberattack on the Federal Office of Cartography and Geodesy can be attributed to Chinese state attackers

2024.08.01 - APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike

2024.08.01 - BITS and Bytes - Analyzing BITSLOTH, a newly identified backdoor

2024.08.01 - BfV CYBER INSIGHT - The i-Soon-Leaks - Industrialization of Cyber Espionage - Part 1 Organization and methods

2024.08.02 - Fighting Ursa Luring Targets With Car for Sale

2024.08.02 - StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms

2024.08.08 - Iran Targeting 2024 US Election

2024.08.08 - The i-Soon-Leaks - Industrialization of Cyber Espionage - Part 2

2024.08.09 - A Dive into Earth Baku's Latest Campaign

2024.08.12 - South Koreas Pseudo Hunter APT organization uses multiple domestic software vulnerabilities to attack China

2024.08.13 - Kaspersky APT trends report Q2 2024

2024.08.14 - Cyclops - a likely replacement for BellaCiao

2024.08.14 - EastWind campaign - new CloudSorcerer attacks on government organizations in Russia

2024.08.14 - Iranian backed group steps up phishing campaigns against Israel, U.S

2024.08.14 - Rivers of Phish - Sophisticated Phishing Targets Russias Perceived Enemies Around the Globe

2024.08.15 - The i-Soon-Leaks - Industrialization of Cyber Espionage - Part 3

2024.08.17 - Sidewinder APT – Phishing on Pakistan

2024.08.19 - BlindEagle flying high in Latin America

2024.08.20 - GreenCharlie Infrastructure Targeting US Political Entities with Advanced Phishing and Malware

2024.08.20 - New Backdoor Targeting Taiwan Employs Stealthy Communications

2024.08.21 - MoonPeak malware from North Korean actors unveils new details on attacker infrastructure

2024.08.22 - China-Nexus Threat Group Velvet Ant Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches

2024.08.22 - The i-Soon-Leaks - Industrialization of Cyber Espionage - Part 4

2024.08.23 - Analysis of New Variants and Subsequent Components of Patchwork(APT-Q-36) Spyder Downloader

2024.08.26 - Operation DevilTiger - 0day vulnerability techniques and tactics used by APT-Q-12 disclosed

2024.08.27 - Doppelgaenger - Details on a Russian disinformation campaign

2024.08.28 - Advanced Persistent Threat (OceanLotus) Targeting Vietnamese Human Rights Defenders

2024.08.28 - Analysis of two arbitrary code execution vulnerabilities affecting WPS Office

2024.08.28 - I Spy With My Little Eye - Uncovering an Iranian Counterintelligence Operation

2024.08.28 - Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

2024.08.28 - Operation Oxidový - Sophisticated Malware Campaign Targets Czech Officials Using NATO-Themed Decoys

2024.08.28 - Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations

2024.08.29 - State-backed attackers and commercial surveillance vendors repeatedly use the same exploits

2024.08.29 - The Malware That Must Not Be Named - Suspected Espionage Campaign Delivers Voldemort

2024.08.30 - North Korean threat actor Citrine Sleet exploiting Chromium zero-day

2024.09.03 - A deep dive into the most interesting incident response cases of last year

2024.09.03 - DeFied Expectations - Examining Web3 Heists

2024.09.04 - APT Lazarus - Eager Crypto Beavers, Video calls and Games

2024.09.04 - Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion

2024.09.04 - Reconnaissance Scanning Tools Used by Chinese Threat Actors and Those Available in Open Source

2024.09.05 - GRU 29155 Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure

2024.09.05 - Tropic Trooper spies on government entities in the Middle East

2024.09.06 - Chinese APT Abuses VSCode to Target Government in Asia

2024.09.06 - Disjointed Cyber Warfare - Internal Conflicts among Russian Intelligence Agencies

2024.09.06 - TIDRONE Targets Military and Satellite Industries in Taiwan

2024.09.09 - Earth Preta Evolves its Attacks with New Malware and Strategies

2024.09.09 - North Korean Threat Groups

2024.09.10 - Crimson Palace returns - New Tools, Tactics, and Targets

2024.09.11 - Targeted Iranian Attacks Against Iraqi Government Infrastructure

2024.09.15 - Kimsuky A Gift That Keeps on Giving

2024.09.15 - Shining a Light in the Dark – Uncovering an APT Lurking in Shadows of IT

2024.09.17 - An Offer You Can Refuse - UNC2970 Backdoor Deployment Using Trojanized PDF Reader

2024.09.17 - Analysis of Fox Kitten Infrastructure Reveals Unique Host Patterns and Potentially New IOCs

2024.09.18 - Code of Conduct - DPRKs Python-fueled intrusions into secured networks

2024.09.18 - Derailing the Raptor Train

2024.09.18 - Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

2024.09.19 - COLDWASTREL of space

2024.09.19 - Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC

2024.09.19 - The Iranian Cyber Capability

2024.09.19 - UNC1860 and the Temple of Oats - Irans Hidden Hand in Middle Eastern Networks

2024.09.23 - Analysis of APT-C-00 (OceanLotus) Dual Loader and Homologous VMP Loader

2024.09.24 - Analyzing the Newest Turla Backdoor

2024.09.25 - Unraveling SloppyLemmings Operations Across South Asia

2024.09.26 - Cyberespionage the Gamaredon way - Analysis of toolset used to spy on Ukraine in 2022 and 2023

2024.09.26 - Unraveling Sparkling Piscess Tool Set - KLogEXE and FPSpy

2024.09.27 - North Koreas hackers target Diehl Defence

2024.09.30 - A phishing campaign by the state attack group APT42 against academics

2024.09.30 - The Lies Russia Tells Itself

2024.10.01 - Evil Corps deep ties with Russia and NATO member attacks exposed

2024.10.01 - Zimperium Coverage on COLDRIVER Phishing Campaign

2024.10.02 - Separating the bee from the panda - CeranaKeeper making a beeline for Thailand

2024.10.02 - Stonefly - Extortion Attacks Continue Against U.S. Targets

2024.10.03 - SHROUDED SLEEP - A Deep Dive into North Korea’s Ongoing Campaign Against Southeast Asia

2024.10.05 - U.S. Wiretap Systems Targeted in China-Linked Hack

2024.10.07 - Awaken Likho is awake - new techniques of an APT group

2024.10.07 - Mind the (air) gap - GoldenJackal gooses government guardrails

2024.10.09 - Contagious Interview - DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware

2024.10.09 - Operation MiddleFloor - Disinformation campaign targets Moldova ahead of presidential elections and EU membership referendum

2024.10.10 - Analysis of attack activities of APT-C-20 (APT28) using compound attack tactics

2024.10.10 - Unmasking Adversary Infrastructure - How Certificates and Redirects Exposed Earth Baxia and PlugX Activity

2024.10.10 - Update on SVR Cyber Operations and Vulnerability Exploitation

2024.10.11 - Burning Zero Days - Suspected Nation-State Adversary Targets Ivanti CSA

2024.10.11 - GRU military unit 29155

2024.10.13 - FASTCash for Linux

2024.10.13 - OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

2024.10.14 - Volt Typhoon III - Unraveling Cyberespionage and Disinformation Operations Conducted by U.S. Government Agencies

2024.10.15 - Beyond the Surface - the evolution and expansion of the SideWinder APT group

2024.10.15 - Volt Typhoon - Part 2 Leveraging ExoneraTor to Unmask the Threat Actor

2024.10.16 - Chinas Influence Ops - Twisting Tales of Volt Typhoon at Home and Abroad

2024.10.16 - Fraudulent North Korean IT Worker Schemes - From Insider Threats to Extortion

2024.10.16 - Frequent vulnerabilities and high failure rates should be used to troubleshoot Intel product network security risks

2024.10.16 - IcePeony with the 996 work culture

2024.10.16 - Iranian Cyber Actors Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations

2024.10.16 - Operation Code on Toast

2024.10.16 - Suspected Mysterious Elephant group uses CHM files to attack multiple countries in South Asia

2024.10.16 - Unmasking CVE-2024-38178 - The Silent Threat of Windows Scripting Engine

2024.10.21 - MoonWalk - A closer look at APT41s updated arsenal (Part 2)

2024.10.23 - Highlighting Asylum Ambuscade (TA866) Activity Since 2021

2024.10.23 - Operation Overload Impersonates Media to Influence 2024 US Election

2024.10.23 - RDP configuration files as a means of obtaining remote access to a computer or _Rogue RDP_ (CERT-UA#11690)

2024.10.23 - The Crypto Game of Lazarus APT - Investors vs. Zero-days

2024.10.24 - LightSpy - Implant for iOS

2024.10.24 - Operation Cobalt Whisper - Threat Actor Targets Multiple Industries Across Hong Kong and Pakistan

2024.10.24 - Russian Strategic Information Attack for Catastrophic Effect

2024.10.28 - CloudScout - Evasive Panda scouting cloud services

2024.10.28 - Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives

2024.10.29 - Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

2024.10.30 - APT Group - Konni Launches New Attacks on South Korea

2024.10.30 - Jumpy Pisces Engages in Play Ransomware

2024.10.31 - Inside LameDuck - analyzing Anonymous Sudans threat operations

2024.10.31 - Pacific Rim - Inside the Counter-Offensive - The TTPs Used to Neutralize China-Based Threats

2024.11.04 - CRON#TRAP - Emulated Linux Environments as the Latest Tactic in Malware Staging

2024.11.04 - Cloudy With a Chance of RATs - Unveiling APT36 and the Evolution of ElizaRAT

2024.11.04 - New OceanLotus organization first used MST files to deliver special payload

2024.11.06 - Analysis of Cyber-Recon Activities Behind APT37 Threat Actor

2024.11.07 - APT Activity Report Q3 2024

2024.11.07 - BlueNoroff Hidden Risk - Threat Actor Targets Macs with Fake Crypto News and Novel Persistence

2024.11.12 - APT Actors Embed Malware within macOS Flutter Applications

2024.11.12 - China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike

2024.11.12 - Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity

2024.11.12 - LightSpy - APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign

2024.11.12 - New Zero-Detection Variant of Melofee Backdoor from Winnti Strikes RHEL 7.9

2024.11.13 - A three beats waltz - The ecosystem behind Chinese state-sponsored cyber threats

2024.11.13 - Stealthy Attributes of Lazarus APT Group - Evading Detection with Extended Attributes

2024.11.14 - Russian Sabotage Activities Escalate Amid Fraught Tensions

2024.11.15 - BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA

2024.11.16 - Patchwork (White Elephant) Protego remote control Trojan C2 implementation errors

2024.11.18 - Suspected Nation-State Adversary Targets Pakistan Navy in Cyber Espionage Campaign

2024.11.19 - FrostyGoops Zoom-In - A Closer Look into the Malware Artifacts, Behaviors and Network Communications

2024.11.19 - Spot the Difference- Earth Kashas New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella

2024.11.21 - DPRK IT Workers - A Network of Active Front Companies and Their Links to China

2024.11.21 - Russia-Aligned TAG-110 Targets Asia and Europe with HATVIBE and CHERRYSPY

2024.11.21 - Unveiling WolfsBane - Gelsemiums Linux counterpart to Gelsevirine

2024.11.22 - Seeing Through a GLASSBRIDGE - Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations

2024.11.22 - The Nearest Neighbor Attack - How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access

2024.11.22 - Unveiling the Past and Present of APT-K-47 Weapon - Asyncshell

2024.11.25 - Advanced threat predictions for 2025

2024.11.26 - Analysis report on recent phishing attacks by APT-C-48 (CNC)

2024.11.26 - RomCom exploits Firefox and Windows zero days in the wild

2024.11.28 - APT trends report Q3 2024

2024.12.02 - Analysis of Kimsuky Threat Actors Email Phishing Campaign

2024.12.04 - Frequent freeloader part I - Secret Blizzard compromising Storm-0156 infrastructure for espionage

2024.12.04 - Sichuan Silence Information Technology - Great Sounds are Often Inaudible

2024.12.04 - Snowblind - The Invisible Hand of Secret Blizzard

2024.12.05 - MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaurs Multi-Platform Attacks

2024.12.10 - Breaking the Circle - Chinese Communist Party Propaganda Infrastructure Rapidly Expands

2024.12.10 - Operation Digital Eye - Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels

2024.12.11 - Attack Exploiting Legitimate Service by APT-C-60

2024.12.11 - Frequent freeloader part II_ Russian actor Secret Blizzard using tools of other groups to attack Ukraine

2024.12.11 - Likely China-based Attackers Target High-profile Organizations in Southeast Asia

2024.12.11 - New Chinese Surveillance Tool Used by Public Security Bureaus

2024.12.11 - Two Russian Android Spyware Families from Gamaredon APT

2024.12.12 - Careto is back - what is new after 10 years of silence_

2024.12.12 - Declawing PUMAKIT

2024.12.12 - Glutton - A New Zero-Detection PHP Backdoor from Winnti Targets Cybercrimals

2024.12.13 - Analysis on the Case of TIDRONE Threat Actors Attacks on Korean Companies

2024.12.13 - Under the SADBRIDGE with GOSAR - QUASAR Gets a Golang Rewrite

2024.12.16 - HiatusRAT Actors Targeting Web Cameras and DVRs

2024.12.17 - Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks

2024.12.17 - Hidden in Plain Sight - TA397s New Attack Chain Delivers Espionage RATs

2024.12.19 - Lazarus group evolves its infection chain with old and new malware

2024.12.23 - Analysis of Attack Cases Against Korean Solutions by the Andariel Group (SmallTiger)

2024.12.23 - Cloud Atlas seen using a new tool in its attacks

2024.12.25 - OtterCookie, a new malware used by Contagious Interview

356 folders, 0 files