APT trends report Q3 2021

For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They […]

Continue Reading

Lyceum group reborn

This year, we had the honor to be selected for the thirty-first edition of the Virus Bulletin conference. During the live program, we presented our research into the Lyceum group (also known as Hexane), which was first exposed by Secureworks in 2019. In 2021, we have been able to identify a new cluster of the […]

Continue Reading

SAS 2021: Learning to ChaCha with APT41

Straight from the sunny UK to the stage of SAS-at-Home 2021, John Southworth (PwC) will be giving some insights about the threat actor APT41, also known as Red Kelpie and Winnti. Starting with APT10 (Red Apollo), the presentation will dance you through the malware used by APT41 – the Motnug loader and its descendant, the […]

Continue Reading

SAS 2021: Operation Software Concepts

During the ‘Operation Software Concepts: A Beautiful Envelope for Wrapping Weapon‘ talk on SAS-at-Home 2021, Rintaro Koike, Shogo Hayashi and Ryuichi Tanabe from NTT Security (Japan) will cover a new APT campaign named Operation Software Concepts. They will share details about this multi-stage attack campaign targeting Russian and Mongolian governments and defense sector with droppers, […]

Continue Reading

GhostEmperor: From ProxyLogon to kernel mode

 Download GhostEmperor’s technical details (PDF) While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. This cluster stood out for its usage of a formerly unknown Windows kernel mode rootkit that we dubbed Demodex, and a sophisticated multi-stage malware framework aimed […]

Continue Reading

APT trends report Q2 2021

For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They […]

Continue Reading

LuminousMoth APT: Sweeping attacks for the chosen few

APT actors are known for the frequently targeted nature of their attacks. Typically, they will handpick a set of targets that in turn are handled with almost surgical precision, with infection vectors, malicious implants and payloads being tailored to the victims’ identities or environment. It’s not often we observe a large-scale attack conducted by actors […]

Continue Reading