APT
全面复盘:2022年Konni组织针对东欧和东北亚地区的攻击活动分析
点击蓝字关注我们一概述 Konni是Cisco Talos于2017年披露的一个远控木马,最早的攻击活动开始于2014年,主要针对俄罗斯、韩国等地区进行...
Operation(Đường chín đoạn) typhoon:觊觎南海九段线的赛博海莲
概述去年,奇安信威胁情报中心发布了《Operation(Thủy Tinh)OceanStorm:隐匿在深海巨渊下的邪恶莲花》[1]。此后海莲花的攻击活动不降反增,并在2022年入侵...
APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network
The Russia-linked APT29 nation-state actor has been found leveraging a 'lesser-known' Windows feature called Credential Roaming following a success...
APT 10利用自定义后门LODEINFO向日本各类机构发起攻击
自2019年以来,卡巴斯基一直在跟踪涉及LODEINFO恶意软件家族的活动,寻找迭代版本,并彻底调查利用这些新变体的任何攻击。LODEINFO是一种复杂的无文件恶意软...
XDSpy APT组织近期针对俄罗斯国防部的攻击活动分析
点击蓝字关注我们一概述 XDSpy是ESET于2020年首次披露的APT组织,该组织最早活跃于2011年,主要针对东欧和塞尔维亚地区的政府、军队、外...
APT10: Tracking down LODEINFO 2022, part II
Evolution of LODEINFO backdoor shellcode In the previous publication ‘Tracking down LODEINFO 2022, part I‘, we mentioned that the initial infect...
APT10: Tracking down LODEINFO 2022, part I
New infection vector using SFX file and DOWNIISSA downloader Kaspersky has been tracking activities involving the LODEINFO malware family since ...
Not a dream job: Hunting for malicious job offers from an APT
Tldr: A recent Mandiant’s blog described a series of targeted attacks over Whatsapp by an APT cluster named UNC4034. We found several additional ca...
APT-36 Uses New TTPs and New Tools to Target Indian Governmental Organizations
Summary APT-36 (also known as Transparent Tribe) is an advanced persistent threat group attributed to Pakistan that primarily targets users working...
APT 蔓灵花样本分析
本文为看雪论坛优秀文章看雪论坛作者ID:戴夫的小推车一ATP简介蔓灵花又名BITTER、APT-C-08、苦象、T-APT-17等称号,是一个据称有南亚背景的APT组织,具有强...