APT annual review 2021

In the Global Research and Analysis Team at Kaspersky, we track the ongoing activities of more than 900 advanced threat actors and activity clusters; you can find our quarterly overviews here, here and here. For this annual review, we have tried to focus on what we consider to be the most interesting trends and developments […]

Continue Reading

IT threat evolution Q3 2021

IT threat evolution Q3 2021 IT threat evolution in Q3 2021. PC statistics IT threat evolution in Q3 2021. Mobile statistics Targeted attacks WildPressure targets macOS Last March, we reported a WildPressure campaign targeting industrial-related entities in the Middle East. While tracking this threat actor in spring 2021, we discovered a newer version. It contains […]

Continue Reading

Advanced threat predictions for 2022

Over the past 12 months, the style and severity of APT threats has continued to evolve. Despite their constantly changing nature, there is a lot we can learn from recent APT trends to predict what might lie ahead in the coming year. Based on the collective knowledge and insights of our experts, we have developed […]

Continue Reading

APT trends report Q3 2021

For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They […]

Continue Reading

Lyceum group reborn

This year, we had the honor to be selected for the thirty-first edition of the Virus Bulletin conference. During the live program, we presented our research into the Lyceum group (also known as Hexane), which was first exposed by Secureworks in 2019. In 2021, we have been able to identify a new cluster of the […]

Continue Reading

MysterySnail attacks with Windows zero-day

Executive Summary In late August and early September 2021, Kaspersky technologies detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. The exploit had numerous debug strings from an older, publicly known exploit for vulnerability CVE-2016-3309, but closer analysis revealed that it was a zero-day. We discovered that it […]

Continue Reading