How to catch a wild triangle
How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules.
targeted attacks
StripedFly: Perennially flying under the radar
Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. The amount of effort that went into creating the framework is truly remarkable, and its disclosure was quite astonishing.
The outstanding stealth of Operation Triangulation
In this report Kaspersky shares insights into the validation components used in Operation Triangulation, TriangleDB implant post-compromise activity, as well as details of some additional modules.
APT trends report Q3 2023
TetrisPhantom targets government entities in APAC, APT BadRory attacks multiple entities in Russia, new malicious campaign uses well-known Owowa, IIS backdoor and other significant events during Q3 2023
A hack in hand is worth two in the bush
We analyzed the data published by Cyber Av3ngers and found it to be sourced from older leaks by another hacktivist group called Moses Staff.
Malware Persistence Locations: Windows and Linux
Malware persistence is a crucial aspect of cyber threats that often goes unnoticed by unsuspecting users. In the realm of cybersecurity, it refers to the ability of malicious software to establish a foothold on a targeted system, allowing it to maintain its presence over an extended period. This persistence is achieved through various covert techniques, […]
IT threat evolution in Q2 2023
Q2 2023 overview: targeted attacks such as Operation Triangulation, CloudWizard and Lazarus activity, Nokoyawa ransomware, and others.
Focus on DroxiDat/SystemBC
An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack.
Common TTPs of attacks against industrial organizations
In 2022 we investigated a series of attacks against industrial organizations in Eastern Europe. In the campaigns, the attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems.
APT trends report Q2 2023
This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023.