Movatterモバイル変換

SOC, TI and IR posts

Outlaw cybergang attacking targets worldwide

The Kaspersky Global Emergency Response Team (GERT) detected an Outlaw mining botnet in a customer incident. In this article, we share insights into this botnet’s SSH-based infection chain.

Lumma Stealer – Tracking distribution channels

Streamlining detection engineering in security operation centers

Incident response analyst report 2024

The SOC files: Chasing the web shell

Managed detection and response in 2024

One policy to rule them all

Attackers exploiting a patched FortiClient EMS vulnerability in the wild

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

Whispers from the Dark Web Cave. Cyberthreats in the Middle East

A deep dive into the most interesting incident response cases of last year

Approach to mainframe penetration testing on z/OS

Tusk: unraveling a complex infostealer campaign

Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK

Trusted relationship attacks: trust, but verify

SOC, TI and IR posts

Hot Topics

Keyloggers: How they work and how to detect them (Part 1)

Scammers’ delivery service: exclusively dangerous

RansomEXX Trojan attacks Linux systems

Reports

Operation SyncHole: Lazarus APT goes back to the well

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

GOFFEE continues to attack organizations in Russia

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain

Kaspersky GReAT experts discovered a complex APT attack on Russian organizations dubbed Operation ForumTroll, which exploits zero-day vulnerabilities in Google Chrome.

Subscribe to our weekly e-mails

The hottest research right in your inbox

Movatterモバイル変換

Other solutions

Other Industries

Other Products

Other Services

SOC, TI and IR posts

Outlaw cybergang attacking targets worldwide

Lumma Stealer – Tracking distribution channels

Streamlining detection engineering in security operation centers

Incident response analyst report 2024

The SOC files: Chasing the web shell

Managed detection and response in 2024

One policy to rule them all

Attackers exploiting a patched FortiClient EMS vulnerability in the wild

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

Whispers from the Dark Web Cave. Cyberthreats in the Middle East

A deep dive into the most interesting incident response cases of last year

Approach to mainframe penetration testing on z/OS

Tusk: unraveling a complex infostealer campaign

Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK

Trusted relationship attacks: trust, but verify

Keyloggers: How they work and how to detect them (Part 1)

Scammers’ delivery service: exclusively dangerous

RansomEXX Trojan attacks Linux systems

Subscribe

Reports

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain

Subscribe to our weekly e-mails

Subscribe to our weekly e-mails