mirror of
https://github.com/valitydev/APT_CyberCriminal_Campagin_Collections.git
synced 2024-11-06 16:55:28 +00:00
150 KiB
150 KiB
APT & CyberCriminal Campaign Collection
This is a collection of APT and CyberCriminal campaigns. Please fire issue to me if any lost APT/Malware events/campaigns.
🤷The password of malware samples could be 'virus' or 'infected'
Reference Resources
- kbandla
- APTnotes
- Florian Roth - APT Groups
- Attack Wiki
- threat-INTel
- targetedthreats
- 🍎 Raw Threat Intelligence
- APT search
- 🦂 APT Sample by 0xffff0800
2018
- Oct 19 - [Kaspersky] DarkPulsar | Local
- Oct 18 - [Medium] APT Sidewinder changes theirs TTPs to install their backdoor | Local
- Oct 18 - [CISCO] Tracking Tick Through Recent Campaigns Targeting East Asia | Local
- Oct 18 - [McAfee] Operation Oceansalt Attacks South Korea, U.S. and Canada with Source Code from Chinese Hacker Group | Local
- Oct 17 - [ESET] GreyEnergy: Updated arsenal of one of the most dangerous threat actors | Local
- Oct 17 - [Yoroi] Cyber-Espionage Campaign Targeting the Naval Industry (“MartyMcFly”) | Local
- Oct 15 - [Kaspersky] Octopus-infested seas of Central Asia | Local
- Oct 11 - [Symantec] Gallmaker: New Attack Group Eschews Malware to Live off the Land | Local
- Oct 10 - [Kaspersky] MuddyWater expands operations | Local
- Oct 03 - [Fireeye] APT38: Details on New North Korean Regime-Backed Threat Group | Local
- Sep 27 - [ESET] LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group | Local
- Sep 20 - [360] (Non-English) (CN) PoisonVine | Local
- Sep 13 - [Fireeye] APT10 Targeting Japanese Corporations Using Updated TTPs | Local
- Sep 10 - [Kaspersky] LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company | Local
- Sep 07 - [CheckPoint] Domestic Kitten: An Iranian Surveillance Operation | Local
- Sep 07 - [Medium] Goblin Panda targets Cambodia sharing capacities with another Chinese group hackers Temp Periscope | Local
- Sep 04 - [Palo Alto Network] OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE | Local
- Aug 30 - [Crowdstrike] Two Birds, One STONE PANDA | Local
- Aug 30 - [Arbor] Double the Infection, Double the Fun | Local
- Aug 30 - [Dark Matter] COMMSEC: The Trails of WINDSHIFT APT | Local
- Aug 28 - [CheckPoint] CeidPageLock: A Chinese RootKit | Local
- Aug 23 - [Kaspersky] Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware | Local
- Aug 21 - [ESET] TURLA OUTLOOK BACKDOOR | Local
- Aug 21 - [Trend Micro] Supply Chain Attack Operation Red Signature Targets South Korean Organizations | Local
- Aug 16 - [Recorded Future] Chinese Cyberespionage Originating From Tsinghua University Infrastructure | Local
- Aug 09 - [McAfee] Examining Code Reuse Reveals Undiscovered Links Among North Korea’s Malware Families | Local
- Aug 02 - [Medium] Goblin Panda against the Bears | Local
- Aug 01 - [Medium] Malicious document targets Vietnamese officials | Local
- Jul 31 - [Palo Alto Network] Bisonal Malware Used in Attacks Against Russia and South Korea | Local
- Jul 31 - [Medium] Malicious document targets Vietnamese officials | Local
- Jul 16 - [Trend Micro] New Andariel Reconnaissance Tactics Hint At Next Targets | Local
- Jul 13 - [CSE] Operation Roman Holiday – Hunting the Russian APT28 group | Local
- Jul 12 - [CISCO] Advanced Mobile Malware Campaign in India uses Malicious MDM | Local
- Jul 09 - [ESET] Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign | Local
- Jul 08 - [CheckPoint] APT Attack In the Middle East: The Big Bang | Local
- Jul 08 - [Fortinet] Hussarini – Targeted Cyber Attack in the Philippines | Local
- Jun XX - [Ahnlab] [KR] Operation Red Gambler | Local
- Jun 26 - [Palo Alto Networks] RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families | Local
- Jun 23 - [Ahnlab] Full Discloser of Andariel,A Subgroup of Lazarus Threat Group | Local
- Jun 20 - [Symantec] Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies | Local
- Jun 19 - [Kaspersky] Olympic Destroyer is still alive | Local
- Jun 14 - [Trend Micro] Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor | Local
- Jun 14 - [intezer] MirageFox: APT15 Resurfaces With New Tools Based On Old Ones | Local
- Jun 13 - [Kaspersky] LuckyMouse hits national data center to organize country-level waterholing campaign | Local
- Jun 07 - [Volexity] Patchwork APT Group Targets US Think Tanks | Local
- Jun 07 - [ICEBRG] ADOBE FLASH ZERO-DAY LEVERAGED FOR TARGETED ATTACK IN MIDDLE EAST | Local
- Jun 07 - [FireEye] A Totally Tubular Treatise on TRITON and TriStation | Local
- Jun 06 - [CISCO] VPNFilter Update - VPNFilter exploits endpoints, targets new devices | Local
- Jun 06 - [GuardiCore] OPERATION PROWLI: MONETIZING 40,000 VICTIM MACHINES | Local
- Jun 06 - [Palo Alto Networks] Sofacy Group’s Parallel Attacks | Local
- May 31 - [CISCO] NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea | Local
- May 29 - [intezer] Iron Cybercrime Group Under The Scope | Local
- May 23 - [CISCO] New VPNFilter malware targets at least 500K networking devices worldwide | Local
- May 23 - [Ahnlab] [KR] Andariel Group Trend Report | Local
- May 23 - [Trend Micro] Confucius Update: New Tools and Techniques, Further Connections with Patchwork | Local
- May 22 - [Intrusiontruth] The destruction of APT3 | Local
- May 22 - [ESET] Turla Mosquito: A shift towards more generic tools | Local
- May 09 - [Recorded Future] Iran’s Hacker Hierarchy Exposed | Local
- May 09 - [360] Analysis of CVE-2018-8174 VBScript 0day and APT actor related to Office targeted attack | Local
- May 03 - [ProtectWise] Burning Umbrella | Local
- May 03 - [Kaspersky] Who’s who in the Zoo: Cyberespionage operation targets Android users in the Middle East | Local
- May 03 - [Ahnlab] Detailed Analysis of Red Eyes Hacking Group | Local
- Apr 27 - [Tencent] (CN) OceanLotus new malware analysis | Local
- Apr 26 - [CISCO] GravityRAT - The Two-Year Evolution Of An APT Targeting India | Local
- Apr 24 - [FireEye] Metamorfo Campaigns Targeting Brazilian Users | Local
- Apr 24 - [McAfee] Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide | Local
- Apr 24 - [ESET] Sednit update: Analysis of Zebrocy | Local
- Apr 23 - [Accenture] HOGFISH REDLEAVES CAMPAIGN | Local
- Apr 23 - [Symantec] New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia | Local
- Apr 23 - [Kaspersky] Energetic Bear/Crouching Yeti: attacks on servers | Local
- Apr 17 - [NCCGroup] Decoding network data from a Gh0st RAT variant | Local
- Apr 12 - [Kaspersky] Operation Parliament, who is doing what? | Local
- Apr 04 - [Trend Micro] New MacOS Backdoor Linked to OceanLotus Found | Local
- Mar 29 - [Trend Micro] ChessMaster Adds Updated Tools to Its Arsenal | Local
- Mar 27 - [Arbor] Panda Banker Zeros in on Japanese Targets | Local
- Mar 23 - [Ahnlab] Targeted Attacks on South Korean Organizations | Local
- Mar 15 - [US-CERT] Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors | Local
- Mar 14 - [Symantec] Inception Framework: Alive and Well, and Hiding Behind Proxies | Local
- Mar 14 - [Trend Micro] Tropic Trooper’s New Strategy | Local
- Mar 13 - [FireEye] Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign | Local
- Mar 13 - [Kaspersky] Time of death? A therapeutic postmortem of connected medicine | Local
- Mar 13 - [Proofpoint] Drive-by as a service: BlackTDS | Local
- Mar 13 - [ESET] OceanLotus: Old techniques, new backdoor | Local
- Mar 12 - [Trend Micro] Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia | Local
- Mar 09 - [Kaspersky] Masha and these Bears 2018 Sofacy Activity | Local
- Mar 09 - [NCC] APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS | Local
- Mar 09 - [ESET] New traces of Hacking Team in the wild | Local
- Mar 08 - [McAfee] Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant | Local
- Mar 08 - [Kaspersky] OlympicDestroyer is here to trick the industry | Local
- Mar 08 - [Arbor] Donot Team Leverages New Modular Malware Framework in South Asia | Local
- Mar 08 - [Crysis] Territorial Dispute – NSA’s perspective on APT landscape | Local
- Mar 07 - [Palo Alto Networks] Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent | Local
- Mar 06 - [Kaspersky] The Slingshot APT | Local
- Mar 05 - [Palo Alto Networks] Sure, I’ll take that! New ComboJack Malware Alters Clipboards to Steal Cryptocurrency | Local
- Mar 02 - [McAfee] McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups | Local
- Mar 01 - [Security 0wnage] A Quick Dip into MuddyWater's Recent Activity | Local
- Feb 28 - [Palo Alto Networks] Sofacy Attacks Multiple Government Entities | Local
- Feb 28 - [Symantec] Chafer: Latest Attacks Reveal Heightened Ambitions | Local
- Feb 21 - [Avast] Avast tracks down Tempting Cedar Spyware | Local
- Feb 20 - [Arbor] Musical Chairs Playing Tetris | Local
- Feb 20 - [Kaspersky] A Slice of 2017 Sofacy Activity | Local
- Feb 20 - [FireEye] APT37 (Reaper): The Overlooked North Korean Actor | Local
- Feb 13 - [Trend Micro] Deciphering Confucius’ Cyberespionage Operations | Local
- Feb 07 - [CISCO] Targeted Attacks In The Middle East | Local
- Feb 02 - [McAfee] Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems | Local
- Feb 01 - [Bitdefender] Operation PZChao: a possible return of the Iron Tiger APT | Local
- Jan 30 - [Palo Alto Networks] Comnie Continues to Target Organizations in East Asia | Local
- Jan 30 - [RSA] APT32 Continues ASEAN Targeting | Local
- Jan 29 - [Trend Micro] Hacking Group Spies on Android Users in India Using PoriewSpy | Local
- Jan 29 - [Palo Alto Networks] VERMIN: Quasar RAT and Custom Malware Used In Ukraine | Local
- Jan 27 - [Accenture] DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS’ MEETING AND ASSOCIATES | Local
- Jan 26 - [Palo Alto Networks] The TopHat Campaign: Attacks Within The Middle East Region Using Popular Third-Party Services | Local
- Jan 25 - [Palo Alto Networks] OilRig uses RGDoor IIS Backdoor on Targets in the Middle East | Local
- Jan 24 - [Trend Micro] Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More | Local
- Jan 18 - [NCSC] Turla group update Neuron malware | Local
- Jan 17 - [Lookout] Dark Caracal | Local
- Jan 16 - [Kaspersky] Skygofree: Following in the footsteps of HackingTeam | Local
- Jan 16 - [Recorded Future] North Korea Targeted South Korean Cryptocurrency Users and Exchange in Late 2017 Campaign | Local
- Jan 16 - [CISCO] Korea In The Crosshairs | Local
- Jan 15 - [Trend Micro] New KillDisk Variant Hits Financial Organizations in Latin America | Local
- Jan 12 - [Trend Micro] Update on Pawn Storm: New Targets and Politically Motivated Campaigns | Local
- Jan 11 - [McAfee] North Korean Defectors and Journalists Targeted Using Social Networks and KakaoTalk | Local
- Jan 09 - [ESET] Diplomats in Eastern Europe bitten by a Turla mosquito | Local
- Jan 07 - [Clearsky] Operation DustySky | Local
- Jan 06 - [McAfee] Malicious Document Targets Pyeongchang Olympics | Local
- Jan 04 - [Carnegie] Iran’s Cyber Threat: Espionage, Sabotage, and Revenge | Local
2017
- Dec 19 - [Proofpoint] North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group | Local
- Dec 17 - [McAfee] Operation Dragonfly Analysis Suggests Links to Earlier Attacks | Local
- Dec 14 - [FireEye] Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure | Local
- Dec 11 - [Group-IB] MoneyTaker, revealed after 1.5 years of silent operations. | Local
- Dec 11 - [Trend Micro] Untangling the Patchwork Cyberespionage Group | Local
- Dec 07 - [FireEye] New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit | Local
- Dec 05 - [ClearSky] Charming Kitten: Iranian Cyber Espionage Against Human Rights Activists, Academic Researchers and Media Outlets – And the HBO Hacker Connection | Local
- Dec 04 - [RSA] The Shadows of Ghosts: Inside the Response of a Unique Carbanak Intrusion | Local
- Nov 22 - [REAQTA] A dive into MuddyWater APT targeting Middle-East | Local
- Nov 14 - [Palo Alto Networks] Muddying the Water: Targeted Attacks in the Middle East | Local
- Nov 10 - [Palo Alto Networks] New Malware with Ties to SunOrcal Discovered | Local
- Nov 07 - [McAfee] Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack | Local
- Nov 07 - [Symantec] Sowbug: Cyber espionage group targets South American and Southeast Asian governments | Local
- Nov 06 - [Trend Micro] ChessMaster’s New Strategy: Evolving Tools and Tactics | Local
- Nov 06 - [Volexity] OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society | Local
- Nov 02 - [PwC] The KeyBoys are back in town | Local
- Nov 02 - [Clearsky] LeetMX – a Yearlong Cyber-Attack Campaign Against Targets in Latin America | Local
- Nov 02 - [RISKIQ] New Insights into Energetic Bear’s Watering Hole Attacks on Turkish Critical Infrastructure | Local
- Oct 31 - [Cybereason] Night of the Devil: Ransomware or wiper? A look into targeted attacks in Japan using MBR-ONI | Local
- Oct 30 - [Kaspersky] Gaza Cybergang – updated activity in 2017 | Local
- Oct 27 - [Bellingcat] Bahamut Revisited, More Cyber Espionage in the Middle East and South Asia | Local
- Oct 24 - [ClearSky] Iranian Threat Agent Greenbug Impersonates Israeli High-Tech and Cyber Security Companies | Local
- Oct 16 - [BAE Systems] Taiwan Heist: Lazarus Tools And Ransomware | Local
- Oct 16 - [Kaspersky] BlackOasis APT and new targeted attacks leveraging zero-day exploit | Local
- OCt 16 - [Proofpoint] Leviathan: Espionage actor spearphishes maritime and defense targets | Local
- Oct 12 - [Dell] BRONZE BUTLER Targets Japanese Enterprises | Local
- Oct 10 - [Trustwave] Post Soviet Bank Heists | Local
- Oct 02 - [intezer] Evidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers | Local
- Sep XX - [MITRE] APT3 Adversary Emulation Plan | Local
- Sep 28 - [Palo Alto Networks] Threat Actors Target Government of Belarus Using CMSTAR Trojan | Local
- Sep 20 - [intezer] Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner | Local
- Sep 20 - [FireEye] Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware | Local
- Sep 20 - [CISCO] CCleaner Command and Control Causes Concern | Local
- Sep 18 - [CISCO] CCleanup: A Vast Number of Machines at Risk | Local
- Sep 12 - [FireEye] FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY | Local
- Sep 06 - [Symantec] Dragonfly: Western energy sector targeted by sophisticated attack group | Local
- Sep 06 - [Treadstone 71] Intelligence Games in the Power Grid | Local
- Aug 30 - [ESET] Gazing at Gazer: Turla’s new second stage backdoor | Local
- Aug 30 - [Kaspersky] Introducing WhiteBear | Local
- Aug 25 - [Proofpoint] Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures | Local
- Aug 18 - [RSA] Russian Bank Offices Hit with Broad Phishing Wave | Local
- Aug 17 - [Proofpoint] Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack | Local
- Aug 15 - [Palo Alto Networks] The Curious Case of Notepad and Chthonic: Exposing a Malicious Infrastructure | Local
- Aug 11 - [FireEye] APT28 Targets Hospitality Sector, Presents Threat to Travelers | Local
- Aug 01 - [Positive Research] Cobalt strikes back: an evolving multinational threat to finance | Local
- Jul 27 - [Trend Micro] ChessMaster Makes its Move: A Look into the Campaign’s Cyberespionage Arsenal | Local
- Jul 27 - [Palo Alto Networks] OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group | Local
- Jul 27 - [Clearsky, Trend Micro] Operation Wilted Tulip | Local
- Jul 24 - [Palo Alto Networks] “Tick” Group Continues Attacks | Local
- Jul 18 - [Clearsky] Recent Winnti Infrastructure and Samples | Local
- Jul 18 - [Bitdefender] Inexsmar: An unusual DarkHotel campaign | Local
- Jul 11 - [ProtectWise] Winnti Evolution - Going Open Source | Local
- Jul 10 - [Trend Micro] OSX Malware Linked to Operation Emmental Hijacks User Network Traffic | Local
- Jul 06 - [Malware Party] Operation Desert Eagle | Local
- Jul 05 - [Citizen Lab] Insider Information: An intrusion campaign targeting Chinese language news sites | Local
- Jun 30 - [ESET] TeleBots are back: supply-chain attacks against Ukraine | Local
- Jun 30 - [Kaspersky] From BlackEnergy to ExPetr | Local
- Jun 26 - [Dell] Threat Group-4127 Targets Google Accounts | Local
- Jun 22 - [Palo Alto Networks] The New and Improved macOS Backdoor from OceanLotus | Local
- Jun 22 - [Trend Micro] Following the Trail of BlackTech’s Cyber Espionage Campaigns | Local
- Jun 19 - [root9B] SHELLTEA + POSLURP MALWARE: memory resident point-of-sale malware attacks industry | Local
- Jun 18 - [Palo Alto Networks] APT3 Uncovered: The code evolution of Pirpi | Local
- Jun 15 - [Recorded Future] North Korea Is Not Crazy | Local
- Jun 14 - [ThreatConnect] KASPERAGENT Malware Campaign resurfaces in the run up to May Palestinian Authority Elections | Local
- Jun 13 - [US-CERT] HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure | Local
- Jun 12 - [Dragos] CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations | Local
- Jun 12 - [ESET] WIN32/INDUSTROYER A new threat for industrial control systems | Local
- May 30 - [Group-IB] Lazarus Arisen: Architecture, Techniques and Attribution | Local
- May 24 - [Cybereason] OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP | Local
- May 14 - [FireEye] Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations | Local
- May 03 - [Palo Alto Networks] Kazuar: Multiplatform Espionage Backdoor with API Access | Local
- May 03 - [CISCO] KONNI: A Malware Under The Radar For Years | Local
- Apr 27 - [Morphisec] Iranian Fileless Attack Infiltrates Israeli Organizations | Local
- Apr 13 - [F-SECURE] Callisto Group | Local
- Apr 05 - [Palo Alto Networks, Clearsky] Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA | Local
- Mar 15 - [JPCERT] FHAPPI Campaign | Local
- Mar 14 - [Clearsky] Operation Electric Powder – Who is targeting Israel Electric Company? | Local
- Mar 06 - [Kaspersky] From Shamoon to StoneDrill | Local
- Feb 28 - [IBM] Dridex’s Cold War: Enter AtomBombing | Local
- Feb 27 - [Palo Alto Networks] The Gamaredon Group Toolset Evolution | Local
- Feb 23 - [Bitdefender] Dissecting the APT28 Mac OS X Payload | Local
- Feb 22 - [FireEye] Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government | Local
- Feb 21 - [Arbor] Additional Insights on Shamoon2 | Local
- Feb 20 - [BAE Systems] azarus' False Flag Malware | Local
- Feb 17 - [JPCERT] ChChes - Malware that Communicates with C&C Servers Using Cookie Headers | Local
- Feb 16 - [BadCyber] Technical analysis of recent attacks against Polish banks | Local
- Feb 15 - [Morphick] Deep Dive On The DragonOK Rambo Backdoor | Local
- Feb 15 - [IBM] The Full Shamoon: How the Devastating Malware Was Inserted Into Networks | Local
- Feb 15 - [Dell] Iranian PupyRAT Bites Middle Eastern Organizations | Local
- Feb 15 - [Palo Alto Networks] Magic Hound Campaign Attacks Saudi Targets | Local
- Feb 14 - [Medium Corporation] Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal | Local
- Feb 12 - [BAE Systems] Lazarus & Watering-Hole Attacks | Local
- Feb 10 - [Cysinfo] Cyber Attack Targeting Indian Navy's Submarine And Warship Manufacturer | Local
- Feb 10 - [DHS] Enhanced Analysis of GRIZZLY STEPPE Activity | Local
- Feb 03 - [RSA] KingSlayer A Supply chain attack | Local
- Feb 03 - [BadCyber] Several Polish banks hacked, information stolen by unknown attackers | Local
- Feb 02 - [Proofpoint] Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX | Local
- Jan 30 - [Palo Alto Networks] Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments | Local
- Jan 25 - [Microsoft] Detecting threat actors in recent German industrial attacks with Windows Defender ATP | Local
- Jan 19 - [Cysinfo] URI Terror Attack & Kashmir Protest Themed Spear Phishing Emails Targeting Indian Embassies And Indian Ministry Of External Affairs | Local
- Jan 18 - [Trustwave] Operation Grand Mars: Defending Against Carbanak Cyber Attacks | Local
- Jan 15 - [tr1adx] Bear Spotting Vol. 1: Russian Nation State Targeting of Government and Military Interests | Local
- Jan 12 - [Kaspersky] The “EyePyramid” attacks | Local
- Jan 11 - [FireEye] APT28: AT THE CENTER OF THE STORM | Local
- Jan 09 - [Palo Alto Networks] Second Wave of Shamoon 2 Attacks Identified | Local
- Jan 05 - [Clearsky] Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford | Local
2016
- Dec 15 - [Microsoft] PROMETHIUM and NEODYMIUM APT groups on Turkish citizens living in Turkey and various other European countries. | Local
- Dec 13 - [ESET] The rise of TeleBots: Analyzing disruptive KillDisk attacks | Local
- Nov 30 - [Cysinfo] MALWARE ACTORS USING NIC CYBER SECURITY THEMED SPEAR PHISHING TO TARGET INDIAN GOVERNMENT ORGANIZATIONS | Local
- Nov 22 - [Palo Alto Networks] Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy | Local
- Nov 09 - [Fidelis] Down the H-W0rm Hole with Houdini's RAT | Local
- Nov 03 - [Booz Allen] When The Lights Went Out: Ukraine Cybersecurity Threat Briefing | Local
- Oct 31 - [Palo Alto Networks] Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve? | Local
- Oct 27 - [ESET] En Route with Sednit Part 3: A Mysterious Downloader | Local
- Oct 27 - [Trend Micro] BLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List | Local
- Oct 26 - [Vectra Networks] Moonlight – Targeted attacks in the Middle East | Local
- Oct 25 - [Palo Alto Networks] Houdini’s Magic Reappearance | Local
- Oct 25 - [ESET] En Route with Sednit Part 2: Lifting the lid on Sednit: A closer look at the software it uses | Local
- Oct 20 - [ESET] En Route with Sednit Part 1: Approaching the Target | Local
- Oct 17 - [ThreatConnect] ThreatConnect identifies Chinese targeting of two companies. Economic espionage or military intelligence? | Local
- Oct 05 - [Kaspersky] Wave your false flags | Local
- Oct 03 - [Kaspersky] On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users | Local
- Sep 29 - [NATO CCD COE] China and Cyber: Attitudes, Strategies, Organisation | Local
- Sep 28 - [ThreatConnect] Belling the BEAR: russia-hacks-bellingcat-mh17-investigation | Local
- Sep 26 - [Palo Alto Networks] Sofacy’s ‘Komplex’ OS X Trojan | Local
- Sep 18 - [Cyberkov] Hunting Libyan Scorpions | Local
- Sep 14 - [Palo Alto Networks] MILE TEA: Cyber Espionage Campaign Targets Asia Pacific Businesses and Government Agencies | Local
- Sep 06 - [Symantec] Buckeye cyberespionage group shifts gaze from US to Hong Kong | Local
- Sep 01 - [IRAN THREATS] MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS, FOREIGN POLICY INSTITUTIONS AND MIDDLE EASTERN COUNTRIES | Local
- Aug 25 - [Lookout] Technical Analysis of Pegasus Spyware | Local
- Aug 24 - [Citizen Lab] The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender | Local
- Aug 19 - [ThreatConnect] Russian Cyber Operations on Steroids | Local
- Aug 17 - [Kaspersky] Operation Ghoul: targeted attacks on industrial and engineering organizations | Local
- Aug 16 - [Palo Alto Networks] Aveo Malware Family Targets Japanese Speaking Users | Local
- Aug 11 - [IRAN THREATS] Iran and the Soft War for Internet Dominance | Local
- Aug 08 - [Forcepoint] MONSOON | Local
- Aug 08 - [Kaspersky] ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms | Local
- Aug 07 - [Symantec] Strider: Cyberespionage group turns eye of Sauron on targets | Local
- Aug 04 - [Recorded Future] Running for Office: Russian APT Toolkits Revealed | Local
- Aug 03 - [EFF] Operation Manul: I Got a Letter From the Government the Other Day...Unveiling a Campaign of Intimidation, Kidnapping, and Malware in Kazakhstan | Local
- Aug 02 - [Citizen Lab] Group5: Syria and the Iranian Connection | Local
- Jul 28 - [ICIT] China’s Espionage Dynasty | Local
- Jul 26 - [Palo Alto Networks] Attack Delivers ‘9002’ Trojan Through Google Drive | Local
- Jul 21 - [360] Sphinx (APT-C-15) Targeted cyber-attack in the Middle East | Local
- Jul 21 - [RSA] Hide and Seek: How Threat Actors Respond in the Face of Public Exposure | Local
- Jul 13 - [SentinelOne] State-Sponsored SCADA Malware targeting European Energy Companies | Local
- Jul 12 - [F-SECURE] NanHaiShu: RATing the South China Sea | Local
- Jul 08 - [Kaspersky] The Dropping Elephant – aggressive cyber-espionage in the Asian region | Local
- Jul 07 - [Proofpoint] NetTraveler APT Targets Russian, European Interests | Local
- Jul 07 - [Cymmetria] UNVEILING PATCHWORK: THE COPY-PASTE APT | Local
- Jul 03 - [Check Point] From HummingBad to Worse | Local
- Jul 01 - [Bitdefender] Pacifier APT | Local
- Jul 01 - [ESET] Espionage toolkit targeting Central and Eastern Europe uncovered | Local
- Jun 30 - [JPCERT] Asruex: Malware Infecting through Shortcut Files | Local
- Jun 29 - [Proofpoint] MONSOON – ANALYSIS OF AN APT CAMPAIGN | Local
- Jun 28 - [Palo Alto Networks] Prince of Persia – Game Over | Local
- Jun 28 - [JPCERT] (Japan)Attack Tool Investigation | Local
- Jun 26 - [Trend Micro] The State of the ESILE/Lotus Blossom Campaign | Local
- Jun 26 - [Cylance] Nigerian Cybercriminals Target High-Impact Industries in India via Pony | Local
- Jun 23 - [Palo Alto Networks] Tracking Elirks Variants in Japan: Similarities to Previous Attacks | Local
- Jun 21 - [Fortinet] The Curious Case of an Unknown Trojan Targeting German-Speaking Users | Local
- Jun 21 - [FireEye] Redline Drawn: China Recalculates Its Use of Cyber Espionage | Local
- Jun 21 - [ESET] Visiting The Bear Den | Local
- Jun 16 - [Dell] Threat Group-4127 Targets Hillary Clinton Presidential Campaign | Local
- Jun 15 - [CrowdStrike] Bears in the Midst: Intrusion into the Democratic National Committee | Local
- Jun 09 - [Clearsky] Operation DustySky Part 2 | Local
- Jun 02 - [Trend Micro] FastPOS: Quick and Easy Credit Card Theft | Local
- May 27 - [Trend Micro] IXESHE Derivative IHEATE Targets Users in America | Local
- May 26 - [Palo Alto Networks] The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor | Local
- May 25 - [Kaspersky] CVE-2015-2545: overview of current threats | Local
- May 24 - [Palo Alto Networks] New Wekby Attacks Use DNS Requests As Command and Control Mechanism | Local
- May 23 - [MELANI:GovCERT] APT Case RUAG Technical Report | Local
- May 22 - [FireEye] TARGETED ATTACKS AGAINST BANKS IN THE MIDDLE EAST | Local
- May 22 - [Palo Alto Networks] Operation Ke3chang Resurfaces With New TidePool Malware | Local
- May 18 - [ESET] Operation Groundbait: Analysis of a surveillance toolkit | Local
- May 17 - [FOX-IT] Mofang: A politically motivated information stealing adversary | Local
- May 17 - [Symantec] Indian organizations targeted in Suckfly attacks | Local
- May 10 - [Trend Micro] Backdoor as a Software Suite: How TinyLoader Distributes and Upgrades PoS Threats | paper | Local
- May 09 - [CMU SEI] Using Honeynets and the Diamond Model for ICS Threat Analysis | Local
- May 06 - [PwC] Exploring CVE-2015-2545 and its users | Local
- May 05 - [Forcepoint] Jaku: an on-going botnet campaign | Local
- May 02 - [Team Cymru] GOZNYM MALWARE target US, AT, DE | Local
- May 02 - [Palo Alto Networks] Prince of Persia: Infy Malware Active In Decade of Targeted Attacks | Local
- Apr 27 - [Kaspersky] Repackaging Open Source BeEF for Tracking and More | Local
- Apr 26 - [Financial Times] Cyber warfare: Iran opens a new front | Local
- Apr 26 - [Arbor] New Poison Ivy Activity Targeting Myanmar, Asian Countries | Local
- Apr 22 - [Cylance] The Ghost Dragon | Local
- Apr 21 - [SentinelOne] Teaching an old RAT new tricks | Local
- Apr 21 - [Palo Alto Networks] New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists | Local
- Apr 18 - [Citizen Lab] Between Hong Kong and Burma: Tracking UP007 and SLServer Espionage Campaigns | Local
- Apr 15 - [SANS] Detecting and Responding Pandas and Bears | Local
- Apr 12 - [Microsoft] PLATINUM: Targeted attacks in South and Southeast Asia | Local
- Mar 25 - [Palo Alto Networks] ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe | Local
- Mar 23 - [Trend Micro] Operation C-Major: Information Theft Campaign Targets Military Personnel in India | Local
- Mar 18 - [SANS] Analysis of the Cyber Attack on the Ukrainian Power Grid: Defense Use Case | Local
- Mar 17 - [PwC] Taiwan Presidential Election: A Case Study on Thematic Targeting | Local
- Mar 15 - [Symantec] Suckfly: Revealing the secret life of your code signing certificates | Local
- Mar 14 - [Proofpoint] Bank robbery in progress: New attacks from Carbanak group target banks in Middle East and US | Local
- Mar 10 - [Citizen Lab] Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans | Local
- Mar 09 - [FireEye] LESSONS FROM OPERATION RUSSIANDOLL | Local
- Mar 08 - [360] Operation OnionDog: A 3 Year Old APT Focused On the Energy and Transportation Industries in Korean-language Countries | Local
- Mar 03 - [Recorded Future] Shedding Light on BlackEnergy With Open Source Intelligence | Local
- Mar 01 - [Proofpoint] Operation Transparent Tribe - APT Targeting Indian Diplomatic and Military Interests | Local
- Feb 29 - [Fidelis] The Turbo Campaign, Featuring Derusbi for 64-bit Linux | Local
- Feb 24 - [NOVETTA] Operation Blockbuster | Local
- Feb 23 - [Cylance] OPERATION DUST STORM | Local
- Feb 12 - [Palo Alto Networks] A Look Into Fysbis: Sofacy’s Linux Backdoor | Local
- Feb 11 - [Recorded Future] Hacktivism: India vs. Pakistan | Local
- Feb 09 - [Kaspersky] Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage | Local
- Feb 08 - [ICIT] Know Your Enemies 2.0: A Primer on Advanced Persistent Threat Groups | Local
- Feb 04 - [Palo Alto Networks] T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques | Local
- Feb 03 - [Palo Alto Networks] Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve? | Local
- Feb 01 - [Sucuri] Massive Admedia/Adverting iFrame Infection | Local
- Feb 01 - [IBM] Organized Cybercrime Big in Japan: URLZone Now on the Scene | Local
- Jan 29 - [F5] Tinbapore: Millions of Dollars at Risk | Local
- Jan 29 - [Zscaler] Malicious Office files dropping Kasidet and Dridex | Local
- Jan 28 - [Kaspersky] BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents | Local
- Jan 27 - [Fidelis] Dissecting the Malware Involved in the INOCNATION Campaign | Local
- Jan 26 - [SentinelOne] Analyzing a New Variant of BlackEnergy 3 | Local
- Jan 24 - [Palo Alto Networks] Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists | Local
- Jan 21 - [Palo Alto Networks] NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan | Local
- Jan 19 - [360] 2015 APT Annual Report | Local
- Jan 14 - [CISCO] RESEARCH SPOTLIGHT: NEEDLES IN A HAYSTACK | Local
- Jan 14 - [Symantec] The Waterbug attack group | Local
- Jan 07 - [Clearsky] Operation DustySky | Local
- Jan 07 - [CISCO] RIGGING COMPROMISE - RIG EXPLOIT KIT | Local
- Jan 03 - [ESET] BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry | Local
2015
- Dec 23 - [PwC] ELISE: Security Through Obesity | Local
- Dec 22 - [Palo Alto Networks] BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger | Local
- Dec 20 - [FireEye] The EPS Awakens - Part 2 | Local
- Dec 18 - [Palo Alto Networks] Attack on French Diplomat Linked to Operation Lotus Blossom | Local
- Dec 16 - [Bitdefender] APT28 Under the Scope - A Journey into Exfiltrating Intelligence and Government Information | Local
- Dec 16 - [Trend Micro] Operation Black Atlas, Part 2: Tools and Malware Used and How to Detect Them | Local
- Dec 16 - [Fidelis] Dissecting the Malware Involved in the INOCNATION Campaign | Local
- Dec 15 - [AirBus] Newcomers in the Derusbi family | Local
- Dec 08 - [Citizen Lab] Packrat: Seven Years of a South American Threat Actor | Local
- Dec 07 - [FireEye] Financial Threat Group Targets Volume Boot Record | Local
- Dec 07 - [Symantec] Iran-based attackers use back door threats to spy on Middle Eastern targets | Local
- Dec 04 - [Kaspersky] Sofacy APT hits high profile targets with updated toolset | Local
- Dec 01 - [FireEye] China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets | Local
- Nov 30 - [FOX-IT] Ponmocup A giant hiding in the shadows | Local
- Nov 24 - [Palo Alto Networks] Attack Campaign on the Government of Thailand Delivers Bookworm Trojan | Local
- Nov 23 - [Minerva Labs, ClearSky] CopyKittens Attack Group | Local
- Nov 23 - [RSA] PEERING INTO GLASSRAT | Local
- Nov 23 - [Trend Micro] Prototype Nation: The Chinese Cybercriminal Underground in 2015 | Local
- Nov 19 - [Kaspersky] Russian financial cybercrime: how it works | Local
- Nov 19 - [JPCERT] Decrypting Strings in Emdivi | Local
- Nov 18 - [Palo Alto Networks] TDrop2 Attacks Suggest Dark Seoul Attackers Return | Local
- Nov 18 - [CrowdStrike] Sakula Reloaded | Local
- Nov 18 - [Damballa] Damballa discovers new toolset linked to Destover Attacker’s arsenal helps them to broaden attack surface | Local
- Nov 16 - [FireEye] WitchCoven: Exploiting Web Analytics to Ensnare Victims | Local
- Nov 10 - [Palo Alto Networks] Bookworm Trojan: A Model of Modular Architecture | Local
- Nov 09 - [Check Point] Rocket Kitten: A Campaign With 9 Lives | Local
- Nov 04 - [RSA] Evolving Threats:dissection of a CyberEspionage attack | Local
- Oct 16 - [Citizen Lab] Targeted Malware Attacks against NGO Linked to Attacks on Burmese Government Websites(https://otx.alienvault.com/pulse/5621208f4637f21ecf2aac36/) | Local
- Oct 15 - [Citizen Lab] Pay No Attention to the Server Behind the Proxy: Mapping FinFisher’s Continuing Proliferation | Local
- Oct 05 - [Recorded Future] Proactive Threat Identification Neutralizes Remote Access Trojan Efficacy | Local
- Oct 03 - [Cybereason] Webmail Server APT: A New Persistent Attack Methodology Targeting Microsoft Outlook Web Application (OWA) | Local
- Sep 23 - [ThreatConnect] PROJECT CAMERASHY: CLOSING THE APERTURE ON CHINA’S UNIT 78020 | PDF | local
- Sep 17 - [F-SECURE] The Dukes 7 Years of Russian Cyber Espionage - PDF | Local
- Sep 16 - [Proofpoint] The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK | Local
- Sep 16 - [Trend Micro] Operation Iron Tiger: How China-Based Actors Shifted Attacks from APAC to US Targets | IOC | Local
- Sep 15 - [Proofpoint] In Pursuit of Optical Fibers and Troop Intel: Targeted Attack Distributes PlugX in Russia | Local
- Sep 09 - [Kaspersky] Satellite Turla: APT Command and Control in the Sky | Local
- Sep 08 - [Palo Alto Networks] Musical Chairs: Multi-Year Campaign Involving New Variant of Gh0st Malware | Local
- Sep 01 - [Trend Micro, Clearsky] The Spy Kittens Are Back: Rocket Kitten 2 | PDF | Local
- Aug 20 - [Arbor] PlugX Threat Activity in Myanmar | Local
- Aug 20 - [Kaspersky] New activity of the Blue Termite APT | Local
- Aug 19 - [Symantec] New Internet Explorer zero-day exploited in Hong Kong attacks | Local
- Aug 10 - [ShadowServer] The Italian Connection: An analysis of exploit supply chains and digital quartermasters | Local
- Aug 08 - [cyint.dude] Threat Analysis: Poison Ivy and Links to an Extended PlugX Campaign | Local
- Aug 05 - [Dell] Threat Group-3390 Targets Organizations for Cyberespionage | Local
- Aug 04 - [RSA] Terracotta VPN: Enabler of Advanced Threat Anonymity | Local
- Jul 30 - [ESET] Operation Potao Express | IOC | Local
- Jul 28 - [Symantec] Black Vine: Formidable cyberespionage group targeted aerospace, healthcare since 2012 | Local
- Jul 27 - [FireEye] HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group | Local
- Jul 22 - [F-SECURE] Duke APT group's latest tools: cloud services and Linux support | Local
- Jul 20 - [ThreatConnect] China Hacks the Peace Palace: All Your EEZ’s Are Belong to Us | Local
- Jul 20 - [Palo Alto Networks] Watering Hole Attack on Aerospace Firm Exploits CVE-2015-5122 to Install IsSpace Backdoor | Local
- Jul 14 - [Palo Alto Networks] Tracking MiniDionis: CozyCar’s New Ride Is Related to Seaduke | Local
- Jul 14 - [Trend Micro] An In-Depth Look at How Pawn Storm’s Java Zero-Day Was Used | Local
- Jul 13 - [Symantec] "Forkmeiamfamous": Seaduke, latest weapon in the Duke armory | Local
- Jul 13 - [FireEye] Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability CVE-2015-5119 Following Hacking Team Leak | Local
- Jul 10 - [Palo Alto Networks] APT Group UPS Targets US Government with Hacking Team Flash Exploit | Local
- Jul 09 - [Symantec] Butterfly: Corporate spies out for financial gain | Local
- Jul 08 - [Kaspersky] Wild Neutron – Economic espionage threat actor returns with new tricks | Local
- Jul 08 - [Volexity] APT Group Wekby Leveraging Adobe Flash Exploit (CVE-2015-5119) | Local
- Jun 30 - [ESET] Dino – the latest spying malware from an allegedly French espionage group analyzed | Local
- Jun 28 - [Dragon Threat Labs] APT on Taiwan - insight into advances of adversary TTPs | Local
- Jun 26 - [FireEye] Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign | Local
- Jun 24 - [PwC] UnFIN4ished Business (FIN4) | Local
- Jun 22 - [Kaspersky] Winnti targeting pharmaceutical companies | Local
- Jun 16 - [Palo Alto Networks] Operation Lotus Bloom | Local
- Jun 15 - [Citizen Lab] Targeted Attacks against Tibetan and Hong Kong Groups Exploiting CVE-2014-4114 | Local
- Jun 12 - [Volexity] Afghan Government Compromise: Browser Beware | Local
- Jun 10 - [Kaspersky] The_Mystery_of_Duqu_2_0 IOC Yara | Local
- Jun 10 - [Crysys Lab] Duqu 2.0 | Local
- Jun 09 - [Microsoft] Duqu 2.0 Win32k Exploit Analysis | Local
- Jun 04 - [JP Internet Watch] Blue Thermite targeting Japan (CloudyOmega) | Local
- Jun 03 - [ClearSky] Thamar Reservoir | Local
- May 29 - [360] OceanLotusReport | Local
- May 28 - [Kaspersky] Grabit and the RATs | Local
- May 27 - [Antiy Labs] Analysis On Apt-To-Be Attack That Focusing On China's Government Agency' | Local
- May 27 - [CyberX] BlackEnergy 3 – Exfiltration of Data in ICS Networks | Local
- May 26 - [ESET] Dissecting-Linux/Moose | Local
- May 21 - [Kaspersky] The Naikon APT and the MsnMM Campaigns | Local
- May 19 - [Panda] Operation 'Oil Tanker' | Local
- May 18 - [Palo Alto Networks] Cmstar Downloader: Lurid and Enfal’s New Cousin | Local
- May 14 - [Trend Micro] Operation Tropic Trooper | Local
- May 14 - [Kaspersky] The Naikon APT | Local
- May 13 - SPEAR: A Threat Actor Resurfaces
- May 12 - root9B Uncovers Planned Sofacy Cyber Attack Targeting Several International and Domestic Financial Institutions
- May 07 - Dissecting the Kraken
- May 05 - Targeted attack on France’s TV5Monde | Local
- Apr 27 - Attacks against Israeli & Palestinian interests
- Apr 22 - CozyDuke
- Apr 21 - The CozyDuke APT
- Apr 20 - Sofacy II – Same Sofacy, Different Day
- Apr 18 - Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack
- Apr 16 - Operation Pawn Storm Ramps Up its Activities; Targets NATO, White House
- Apr 15 - The Chronicles of the Hellsing APT: the Empire Strikes Back
- Apr 12 - APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation
- Mar 31 - Volatile Cedar – Analysis of a Global Cyber Espionage Campaign
- Mar 19 - Rocket Kitten Showing Its Claws: Operation Woolen-GoldFish and the GHOLE campaign
- Mar 11 - Inside the EquationDrug Espionage Platform
- Mar 10 - Tibetan Uprising Day Malware Attacks
- Mar 06 - Is Babar a Bunny?
- Mar 06 - Animals in the APT Farm
- Mar 05 - Casper Malware: After Babar and Bunny, Another Espionage Cartoon
- Feb 24 - A deeper look into Scanbox
- Feb 27 - The Anthem Hack: All Roads Lead to China | Local
- Feb 25 - Southeast Asia: An Evolving Cyber Threat Landscape
- Feb 25 - PlugX goes to the registry (and India)
- Feb 18 - [G DATA] Babar: espionage software finally found and put under the microscope | Local
- Feb 18 - [CIRCL Luxembourg] Shooting Elephants | Local
- Feb 17 - [Kaspersky] Desert Falcons APT | Local
- Feb 17 - [Kaspersky] A Fanny Equation: "I am your father, Stuxnet" | Local
- Feb 16 - [Trend Micro] Operation Arid Viper | Local
- Feb 16 - [Kaspersky] The Carbanak APT | Local
- Feb 16 - [Kaspersky] Equation: The Death Star of Malware Galaxy | Local
- Feb 10 - [CrowdStrike] CrowdStrike Global Threat Intel Report for 2014 | Local
- Feb 04 - [Trend Micro] Pawn Storm Update: iOS Espionage App Found | Local
- Feb 02 - [FireEye] Behind the Syrian Conflict’s Digital Frontlines | Local
- Jan 29 - [JPCERT] Analysis of PlugX Variant - P2P PlugX | Local
- Jan 29 - [Symantec] Backdoor.Winnti attackers and Trojan.Skelky | Local
- Jan 27 - [Kaspersky] Comparing the Regin module 50251 and the "Qwerty" keylogger | Local
- Jan 22 - [Kaspersky] Regin's Hopscotch and Legspin | Local
- Jan 22 - [Symantec] Scarab attackers Russian targets | IOCs | Local
- Jan 22 - [Symantec] The Waterbug attack group | Local
- Jan 20 - [BlueCoat] Reversing the Inception APT malware | Local
- Jan 20 - [G DATA] Analysis of Project Cobra | Local
- Jan 15 - [G DATA] Evolution of Agent.BTZ to ComRAT | Local
- Jan 12 - [Dell] Skeleton Key Malware Analysis | Local
- Jan 11 - [Dragon Threat Labs] Hong Kong SWC attack | Local
2014
- Dec 22 - Anunak: APT against financial institutions
- Dec 21 - Operation Poisoned Helmand
- Dec 19 - TA14-353A: Targeted Destructive Malware (wiper)
- Dec 18 - Malware Attack Targeting Syrian ISIS Critics
- Dec 17 - Wiper Malware – A Detection Deep Dive
- Dec 12 - Bots, Machines, and the Matrix
- Dec 12 - Vinself now with steganography
- Dec 10 - South Korea MBR Wiper
- Dec 10 - W64/Regin, Stage #1
- Dec 10 - W32/Regin, Stage #1
- Dec 10 - Cloud Atlas: RedOctober APT
- Dec 09 - The Inception Framework
- Dec 08 - The 'Penquin' Turla
- Dec 03 - Operation Cleaver: The Notepad Files | Local
- Dec 02 - Operation Cleaver | IOCs | Local
- Nov 30 - FIN4: Stealing Insider Information for an Advantage in Stock Trading?
- Nov 24 - Deep Panda Uses Sakula Malware | Local
- Nov 24 - TheIntercept's report on The Regin Platform
- Nov 24 - Kaspersky's report on The Regin Platform
- Nov 23 - Symantec's report on Regin
- Nov 21 - [FireEye] Operation Double Tap | IOCs | Local
- Nov 20 - EvilBunny: Suspect #4
- Nov 14 - Roaming Tiger (Slides)
- Nov 14 - OnionDuke: APT Attacks Via the Tor Network
- Nov 13 - Operation CloudyOmega: Ichitaro 0-day targeting Japan
- Nov 12 - [ESET] Korplug military targeted attacks: Afghanistan & Tajikistan
- Nov 11 - The Uroburos case- Agent.BTZ’s successor, ComRAT
- Nov 10 - The Darkhotel APT - A Story of Unusual Hospitality
- Nov 03 - Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kong’s Pro-Democracy Movement
- Nov 03 - New observations on BlackEnergy2 APT activity
- Oct 31 - Operation TooHash
- Oct 30 - The Rotten Tomato Campaign
- Oct 28 - Group 72, Opening the ZxShell
- Oct 28 - APT28 - A Window Into Russia's Cyber Espionage Operations
- Oct 27 - Micro-Targeted Malvertising via Real-time Ad Bidding
- Oct 27 - ScanBox framework – who’s affected, and who’s using it?
- Oct 27 - Full Disclosure of Havex Trojans - ICS Havex backdoors
- Oct 24 - LeoUncia and OrcaRat
- Oct 23 - Modified Tor Binaries
- Oct 22 - Sofacy Phishing by PWC
- Oct 22 - Operation Pawn Storm: The Red in SEDNIT
- Oct 20 - OrcaRAT - A whale of a tale
- Oct 14 - Sandworm - CVE-2104-4114
- Oct 14 - Group 72 (Axiom)
- Oct 14 - Derusbi Preliminary Analysis
- Oct 14 - Hikit Preliminary Analysis
- Oct 14 - ZoxPNG Preliminary Analysis
- Oct 09 - Democracy in Hong Kong Under Attack
- Oct 03 - New indicators for APT group Nitro
- Sep 26 - BlackEnergy & Quedagh
- Sep 26 - Aided Frame, Aided Direction (Sunshop Digital Quartermaster)
- Sep 23 - Ukraine and Poland Targeted by BlackEnergy (video)
- Sep 19 - Watering Hole Attacks using Poison Ivy by "th3bug" group
- Sep 18 - COSMICDUKE: Cosmu with a twist of MiniDuke
- Sep 17 - Chinese intrusions into key defense contractors
- Sep 10 - Operation Quantum Entanglement
- Sep 08 - When Governments Hack Opponents: A Look at Actors and Technology video
- Sep 08 - Targeted Threat Index: Characterizingand Quantifying Politically-MotivatedTargeted Malware video
- Sep 04 - Gholee – a “Protective Edge” themed spear phishing campaign | Local
- Sep 04 - Forced to Adapt: XSLCmd Backdoor Now on OS X
- Sep 03 - Darwin’s Favorite APT Group (APT12)
- Aug 29 - Syrian Malware Team Uses BlackWorm for Attacks
- Aug 28 - Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks
- Aug 27 - North Korea’s cyber threat landscape
- Aug 27 - NetTraveler APT Gets a Makeover for 10th Birthday
- Aug 25 - Vietnam APT Campaign
- Aug 20 - El Machete
- Aug 18 - The Syrian Malware House of Cards | Local
- Aug 13 - A Look at Targeted Attacks Through the Lense of an NGO | Local
- Aug 12 - New York Times Attackers Evolve Quickly (Aumlib/Ixeshe/APT12)
- Aug 07 - The Epic Turla Operation Appendix
- Aug 06 - Operation Poisoned Hurricane
- Aug 05 - Operation Arachnophobia
- Aug 04 - Sidewinder Targeted Attack Against Android
- Jul 31 - Energetic Bear/Crouching Yeti Appendix
- Jul 31 - Energetic Bear/Crouching Yeti
- Jul 29 - [Dell] Threat Group-3279 Targets the Video Game Industry | Local
- Jul 20 - Sayad (Flying Kitten) Analysis & IOCs
- Jul 11 - Pitty Tiger | Local
- Jul 10 - TR-25 Analysis - Turla / Pfinet / Snake/ Uroburos
- Jul 07 - Deep Pandas, Deep in Thought: Chinese Targeting of National Security Think Tanks | Local
- Jun 10 - Anatomy of the Attack: Zombie Zero
- Jun 30 - Dragonfly: Cyberespionage Attacks Against Energy Suppliers
- Jun 20 - Embassy of Greece Beijing
- Jun 09 - Putter Panda
- Jun 06 - Illuminating The Etumbot APT Backdoor (APT12)
- May 28 - NewsCaster_An_Iranian_Threat_Within_Social_Networks | Local
- May 21 - RAT in jar: A phishing campaign using Unrecom
- May 20 - Miniduke Twitter C&C
- May 13 - CrowdStrike's report on Flying Kitten
- May 13 - Operation Saffron Rose (aka Flying Kitten)
- Apr 26 - CVE-2014-1776: Operation Clandestine Fox
- Mar 12 - [Fireeye] A Detailed Examination of the Siesta Campaign| Local
- Mar 08 - Russian spyware Turla
- Mar 07 - Snake Campaign & Cyber Espionage Toolkit
- Mar 06 - [TrendMicro] The Siesta Campaign | Local
- Feb 28 - Uroburos: Highly complex espionage software with Russian roots
- Feb 25 - The French Connection: French Aerospace-Focused CVE-2014-0322 Attack Shares Similarities with 2012 Capstone Turbine Activity | Local
- Feb 23 - Gathering in the Middle East, Operation STTEAM
- Feb 20 - Mo' Shells Mo' Problems - Deep Panda Web Shells | Local
- Feb 20 - [FireEye] Operation GreedyWonk: Multiple Economic and Foreign Policy Sites Compromised, Serving Up Flash Zero-Day Exploit | Local
- Feb 19 - XtremeRAT: Nuisance or Threat?
- Feb 19 - The Monju Incident
- Feb 13 - Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website
- Feb 11 - Unveiling "Careto" - The Masked APT
- Jan 31 - Intruder File Report- Sneakernet Trojan
- Jan 21 - [RSA] Shell_Crew (Deep Panda) | Local
- Jan 15 - “New'CDTO:'A'Sneakernet'Trojan'Solution
- Jan 14 - The Icefog APT Hits US Targets With Java Backdoor
- Jan 13 - Targeted attacks against the Energy Sector
- Jan 06 - PlugX: some uncovered points
2013
- ??? ?? - THE LITTLE MALWARE THAT COULD: Detecting and Defeating the China Chopper Web Shell | Local
- ??? ?? - Deep Panda (OFFLINE) | Local
- Dec 20 - ETSO APT Attacks Analysis | Local
- Dec 11 - Operation "Ke3chang"
- Dec 02 - njRAT, The Saga Continues
- Nov 11 - Supply Chain Analysis
- Nov 10 - Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method
- Oct 24 - Terminator RAT or FakeM RAT | Local
- Sep 30 - World War C: State of affairs in the APT world
- Sep 25 - The 'ICEFROG' APT: A Tale of cloak and three daggers
- Sep 17 - Hidden Lynx - Professional Hackers for Hire
- Sep 13 - Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets
- Sep 11 - The "Kimsuky" Operation
- Sep 06 - Evasive Tactics: Taidoor | | Local
- Sep ?? - Feature: EvilGrab Campaign Targets Diplomatic Agencies
- Aug 23 - Operation Molerats: Middle East Cyber Attacks Using Poison Ivy
- Aug 21 - POISON IVY: Assessing Damage and Extracting Intelligence
- Aug 19 - ByeBye Shell and the targeting of Pakistan
- Aug 02 - Surtr: Malware Family Targeting the Tibetan Community
- Aug 02 - Where There is Smoke, There is Fire: South Asian Cyber Espionage Heats Up
- Aug ?? - APT Attacks on Indian Cyber Space
- Aug ?? - Operation Hangover - Unveiling an Indian Cyberattack Infrastructure
- Jul 31 - Blackhat: In-Depth Analysis of Escalated APT Attacks (Lstudio,Elirks), video
- Jul 31 - Secrets of the Comfoo Masters
- Jul 15 - PlugX revisited: "Smoaler"
- Jul 09 - Dark Seoul Cyber Attack: Could it be worse?
- Jun 30 - Targeted Campaign Steals Credentials in Gulf States and Caribbean
- Jun 28 - njRAT Uncovered
- Jun 21 - A Call to Harm: New Malware Attacks Target the Syrian Opposition
- Jun 18 - Trojan.APT.Seinup Hitting ASEAN
- Jun 07 - KeyBoy, Targeted Attacks against Vietnam and India
- Jun 04 - The NetTraveller (aka 'Travnet')
- Jun 01 - Crude Faux: An analysis of cyber conflict within the oil & gas industries
- Jun ?? - The Chinese Malware Complexes: The Maudi Surveillance Operation
- May 30 - TR-14 - Analysis of a stage 3 Miniduke malware sample
- May ?? - Operation Hangover
- Apr 24 - Operation Hangover
- Apr 21 - MiniDuke - The Final Cut
- Apr 13 - "Winnti" More than just a game
- Apr 01 - Trojan.APT.BaneChant
- Mar 28 - TR-12 - Analysis of a PlugX malware variant used for targeted attacks
- Mar 27 - APT1: technical backstage (Terminator/Fakem RAT)
- Mar 21 - Darkseoul/Jokra Analysis And Recovery
- Mar 20 - The TeamSpy Crew Attacks
- Mar 20 - Dissecting Operation Troy
- Mar 17 - Safe: A Targeted Threat
- Mar 13 - You Only Click Twice: FinFisher’s Global Proliferation
- Feb 27 - Miniduke: Indicators v1
- Feb 27 - The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor
- Feb 26 - Stuxnet 0.5: The Missing Link
- Feb 22 - Comment Crew: Indicators of Compromise
- Feb 18 - Mandiant APT1 Report
- Feb 12 - Targeted cyber attacks: examples and challenges ahead
- Jan 18 - Operation Red October
- Jan 14 - Red October Diplomatic Cyber Attacks Investigation
- Jan 14 - The Red October Campaign
2012
- Nov 03 - Systematic cyber attacks against Israeli and Palestinian targets going on for a year
- Nov 01 - RECOVERING FROM SHAMOON
- Oct 31 - CYBER ESPIONAGE Against Georgian Government (Georbot Botnet)
- Oct 27 - Trojan.Taidoor: Targeting Think Tanks
- Oct 08 - Matasano notes on DarkComet, Bandook, CyberGate and Xtreme RAT
- Sep 18 - The Mirage Campaign
- Sep 12 - The VOHO Campaign: An in depth analysis
- Sep 07 - IEXPLORE RAT
- Sep 06 - The Elderwood Project
- Aug 18 - The Taidoor Campaign AN IN-DEPTH ANALYSIS | Local
- Aug 09 - Gauss: Abnormal Distribution
- Jul 27 - The Madi Campaign
- Jul 25 - From Bahrain With Love: FinFisher’s Spy Kit Exposed?
- Jul 11 - Wired article on DarkComet creator
- Jul 10 - Advanced Social Engineering for the Distribution of LURK Malware
- May 31 - sKyWIper (Flame/Flamer)
- May 22 - IXESHE An APT Campaign
- May 18 - Analysis of Flamer C&C Server
- Apr 16 - OSX.SabPub & Confirmed Mac APT attacks
- Apr 10 - Anatomy of a Gh0st RAT
- Mar 26 - Luckycat Redux
- Mar 13 - Reversing DarkComet RAT's crypto
- Mar 12 - Crouching Tiger, Hidden Dragon, Stolen Data
- Feb 29 - The Sin Digoo Affair
- Feb 03 - Command and Control in the Fifth Domain
- Jan 03 - The HeartBeat APT
2011
- Dec 08 - Palebot trojan harvests Palestinian online credentials
- Oct 31 - The Nitro Attacks: Stealing Secrets from the Chemical Industry
- Oct 26 - Duqu Trojan Questions and Answers
- Oct 12 - Alleged APT Intrusion Set: "1.php" Group
- Sep 22 - The "LURID" Downloader
- Sep 11 - SK Hack by an Advanced Persistent Threat
- Sep 09 - The RSA Hack
- Aug 03 - HTran and the Advanced Persistent Threat
- Aug 02 - Operation Shady rat : Vanity
- Aug 04 - Operation Shady RAT
- Apr 20 - Stuxnet Under the Microscope
- Feb 18 - Night Dragon Specific Protection Measures for Consideration
- Feb 10 - Global Energy Cyberattacks: Night Dragon
2010
- Dec 09 - The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability
- Sep 30 - W32.Stuxnet Dossier
- Sep 03 - The "MSUpdater" Trojan And Ongoing Targeted Attacks
- Apr 06 - Shadows in the cloud: Investigating Cyber Espionage 2.0
- Mar 14 - In-depth Analysis of Hydraq (OFFLINE)
- Feb 24 - How Can I Tell if I Was Infected By Aurora? (IOCs) (OFFLINE)
- Feb 10 - HB Gary Threat Report: Operation Aurora
- Jan ?? - Case Study: Operation Aurora - Triumfant (OFFLINE)
- Jan 27 - Operation Aurora Detect, Diagnose, Respond (OFFLINE)
- Jan 20 - McAfee Labs: Combating Aurora
- Jan 13 - The Command Structure of the Aurora Botnet - Damballa
- Jan 12 - Operation Aurora
2009
- Mar 29 - Tracking GhostNet
- Jan 18 - Impact of Alleged Russian Cyber Attacks
2008
- Nov 19 - [Wired] Agent.BTZ | Local
- Nov 04 - [DTIC] China's Electronic Long-Range Reconnaissance | Local
- Oct 02 - [Culture Mandala] How China will use cyber warfare to leapfrog in military competitiveness | Local
- Aug 10 - [Georgia] Russian Invasion of Georgia Russian Cyberwar on Georgia | Local