mirror of
https://github.com/valitydev/APT_CyberCriminal_Campagin_Collections.git
synced 2024-11-06 16:55:28 +00:00
APT & CyberCriminal Campaign Collection
2008 | ||
2009 | ||
2010 | ||
2011 | ||
2012 | ||
2013 | ||
2014 | ||
2015 | ||
2016 | ||
2017 | ||
historical | ||
README.md |
APT & CyberCriminal Campaign Collection
This is a collection of APT and CyberCriminal campaigns. Please fire issue to me if any lost of APT/Malware events/campaigns.
Reference Resource
2017
- Feb 23 - Dissecting the APT28 Mac OS X Payload | Local
- Feb 22 - Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government | Local
- Feb 21 - Additional Insights on Shamoon2 | Local
- Feb 20 - Lazarus' False Flag Malware | Local
- Feb 17 - ChChes - Malware that Communicates with C&C Servers Using Cookie Headers Local
- Feb 15 - Deep Dive On The DragonOK Rambo Backdoor | Local
- Feb 15 - The Full Shamoon: How the Devastating Malware Was Inserted Into Networks | Local
- Feb 15 - Iranian PupyRAT Bites Middle Eastern Organizations | Local
- Feb 15 - Magic Hound Campaign Attacks Saudi Targets | Local
- Feb 14 - Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal | Local
- Feb 12 - Lazarus & Watering-Hole Attacks | Local
- Feb 10 - Cyber Attack Targeting Indian Navy's Submarine And Warship Manufacturer | Local
- Feb 10 - Enhanced Analysis of GRIZZLY STEPPE Activity | Local
- Feb 03 - KingSlayer A Supply chain attack | Local
- Feb 02 - Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX | Local
- Jan 30 - Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments | Local
- Jan 12 - The “EyePyramid” attacks | Local
- Jan 11 - APT28: AT THE CENTER OF THE STORM | Local
- Jan 09 - Second Wave of Shamoon 2 Attacks Identified | Local
- Jan 05 - Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford | Local
2016
- Dec 15 - PROMETHIUM and NEODYMIUM APT groups on Turkish citizens living in Turkey and various other European countries. | Local
- Dec 13 - The rise of TeleBots: Analyzing disruptive KillDisk attacks | Local
- Nov 22 - Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy | Local
- Nov 09 - Down the H-W0rm Hole with Houdini's RAT | Local
- Nov 03 - Booz Allen: When The Lights Went Out: Ukraine Cybersecurity Threat Briefing | Local
- Oct 31 - Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve? | Local
- Oct 27 - En Route with Sednit Part 3: A Mysterious Downloader | Local
- Oct 27 - BLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List | Local
- Oct 26 - Moonlight – Targeted attacks in the Middle East | Local
- Oct 25 - Houdini’s Magic Reappearance | Local
- Oct 25 - En Route with Sednit Part 2: Lifting the lid on Sednit: A closer look at the software it uses | Local
- Oct 20 - En Route with Sednit Part 1: Approaching the Target | Local
- Oct 17 - ThreatConnect identifies Chinese targeting of two companies. Economic espionage or military intelligence? | Local
- Oct 05 - Wave your false flags | Local
- Oct 03 - On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users | Local
- Sep 29 - China and Cyber: Attitudes, Strategies, Organisation | Local
- Sep 28 - ThreatConnect: Belling the BEAR: russia-hacks-bellingcat-mh17-investigation | Local
- Sep 26 - Sofacy’s ‘Komplex’ OS X Trojan | Local
- Sep 18 - Hunting Libyan Scorpions | Local
- Sep 14 - MILE TEA: Cyber Espionage Campaign Targets Asia Pacific Businesses and Government Agencies | Local
- Sep 06 - Buckeye cyberespionage group shifts gaze from US to Hong Kong | Local
- Sep 01 - MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS, FOREIGN POLICY INSTITUTIONS AND MIDDLE EASTERN COUNTRIES | Local
- Aug 25 - Technical Analysis of Pegasus Spyware | Local
- Aug 24 - The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender | Local
- Aug 17 - Operation Ghoul: targeted attacks on industrial and engineering organizations | Local
- Aug 16 - Aveo Malware Family Targets Japanese Speaking Users | Local
- Aug 11 - Iran and the Soft War for Internet Dominance | Local
- Aug 08 - [Forcepoint] MONSOON | Local
- Aug 08 - ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms | Local
- Aug 07 - Strider: Cyberespionage group turns eye of Sauron on targets | Local
- Aug 04 - Running for Office: Russian APT Toolkits Revealed | Local
- Aug 03 - [EFF] Operation Manul: I Got a Letter From the Government the Other Day...Unveiling a Campaign of Intimidation, Kidnapping, and Malware in Kazakhstan | Local
- Aug 02 - Group5: Syria and the Iranian Connection | Local
- Jul 28 - ICIT Briefing: China’s Espionage Dynasty | Local
- Jul 26 - Attack Delivers ‘9002’ Trojan Through Google Drive | Local
- Jul 21 - Sphinx (APT-C-15) Targeted cyber-attack in the Middle East | Local
- Jul 21 - Hide and Seek: How Threat Actors Respond in the Face of Public Exposure | Local
- Jul 13 - State-Sponsored SCADA Malware targeting European Energy Companies | Local
- Jul 12 - NanHaiShu: RATing the South China Sea | Local
- Jul 08 - The Dropping Elephant – aggressive cyber-espionage in the Asian region | Local
- Jul 07 - NetTraveler APT Targets Russian, European Interests | Local
- Jul 07 - UNVEILING PATCHWORK: THE COPY-PASTE APT | Local
- Jul 03 - From HummingBad to Worse | Local
- Jul 01 - Pacifier APT | Local
- Jul 01 - Espionage toolkit targeting Central and Eastern Europe uncovered | Local
- Jun 30 - Asruex: Malware Infecting through Shortcut Files | Local
- Jun 29 - MONSOON – ANALYSIS OF AN APT CAMPAIGN | Local
- Jun 28 - Prince of Persia – Game Over | Local
- Jun 28 - (Japan)Attack Tool Investigation | Local
- Jun 26 - The State of the ESILE/Lotus Blossom Campaign | Local
- Jun 26 - Nigerian Cybercriminals Target High-Impact Industries in India via Pony | Local
- Jun 23 - Tracking Elirks Variants in Japan: Similarities to Previous Attacks | Local
- Jun 21 - The Curious Case of an Unknown Trojan Targeting German-Speaking Users | Local
- Jun 21 - Redline Drawn: China Recalculates Its Use of Cyber Espionage | Local
- Jun 21 - Visiting The Bear Den | Local
- Jun 16 - Threat Group-4127 Targets Hillary Clinton Presidential Campaign | Local
- Jun 15 - Bears in the Midst: Intrusion into the Democratic National Committee | Local
- Jun 09 - Operation DustySky Part 2 | Local
- Jun 02 - FastPOS: Quick and Easy Credit Card Theft | Local
- May 27 - IXESHE Derivative IHEATE Targets Users in America | Local
- May 26 - The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor | Local
- May 25 - CVE-2015-2545: overview of current threats | Local
- May 24 - New Wekby Attacks Use DNS Requests As Command and Control Mechanism | Local
- May 23 - APT Case RUAG Technical Report | Local
- May 22 - TARGETED ATTACKS AGAINST BANKS IN THE MIDDLE EAST | Local
- May 22 - Operation Ke3chang Resurfaces With New TidePool Malware | Local
- May 18 - Operation Groundbait: Analysis of a surveillance toolkit | Local
- May 17 - Mofang: A politically motivated information stealing adversary | Local
- May 17 - Indian organizations targeted in Suckfly attacks | Local
- May 10 - Backdoor as a Software Suite: How TinyLoader Distributes and Upgrades PoS Threats | paper | Local
- May 09 - Using Honeynets and the Diamond Model for ICS Threat Analysis | Local
- May 06 - Exploring CVE-2015-2545 and its users | Local
- May 05 - Jaku: an on-going botnet campaign | Local
- May 02 - GOZNYM MALWARE target US, AT, DE | Local
- May 02 - Prince of Persia: Infy Malware Active In Decade of Targeted Attacks | Local
- Apr 27 - Repackaging Open Source BeEF for Tracking and More | Local
- Apr 26 - Cyber warfare: Iran opens a new front | Local
- Apr 26 - New Poison Ivy Activity Targeting Myanmar, Asian Countries | Local
- Apr 22 - The Ghost Dragon - Cylance | Local
- Apr 21 - Teaching an old RAT new tricks | Local
- Apr 21 - New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists | Local
- Apr 18 - Between Hong Kong and Burma: Tracking UP007 and SLServer Espionage Campaigns | Local
- Apr 15 - Detecting and Responding Pandas and Bears | Local
- Apr 12 - PLATINUM: Targeted attacks in South and Southeast Asia | Local
- Mar 25 - ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe | Local
- Mar 23 - Operation C-Major: Information Theft Campaign Targets Military Personnel in India | Local
- Mar 18 - Analysis of the Cyber Attack on the Ukrainian Power Grid: Defense Use Case | Local
- Mar 17 - Taiwan Presidential Election: A Case Study on Thematic Targeting | Local
- Mar 15 - Suckfly: Revealing the secret life of your code signing certificates | Local
- Mar 14 - Bank robbery in progress: New attacks from Carbanak group target banks in Middle East and US | Local
- Mar 10 - Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans | Local
- Mar 09 - LESSONS FROM OPERATION RUSSIANDOLL | Local
- Mar 08 - Onion Dog, A 3 Year Old APT Focused On the Energy and Transportation Industries in Korean-language Countries | Local
- Mar 03 - Shedding Light on BlackEnergy With Open Source Intelligence | Local
- Mar 01 - Operation Transparent Tribe - APT Targeting Indian Diplomatic and Military Interests | Local
- Feb 29 - The Turbo Campaign, Featuring Derusbi for 64-bit Linux | Local
- Feb 24 - Operation Blockbuster | Local
- Feb 23 - OPERATION DUST STORM | Local
- Feb 12 - A Look Into Fysbis: Sofacy’s Linux Backdoor | Local
- Feb 11 - Hacktivism: India vs. Pakistan | Local
- Feb 09 - Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage | Local
- Feb 08 - Know Your Enemies 2.0: A Primer on Advanced Persistent Threat Groups | Local
- Feb 04 - T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques | Local
- Feb 03 - Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve? | Local
- Feb 01 - Massive Admedia/Adverting iFrame Infection | Local
- Feb 01 - Organized Cybercrime Big in Japan: URLZone Now on the Scene | Local
- Jan 29 - Tinbapore: Millions of Dollars at Risk | Local
- Jan 29 - Malicious Office files dropping Kasidet and Dridex | Local
- Jan 28 - BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents | Local
- Jan 27 - Dissecting the Malware Involved in the INOCNATION Campaign | Local
- Jan 26 - Analyzing a New Variant of BlackEnergy 3 | Local
- Jan 24 - Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists | Local
- Jan 21 - NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan | Local
- Jan 19 - 360 SkyEye 2015 APT Annual Report | Local
- Jan 14 - RESEARCH SPOTLIGHT: NEEDLES IN A HAYSTACK | Local
- Jan 14 - The Waterbug attack group | Local
- Jan 07 - Operation DustySky | Local
- Jan 07 - RIGGING COMPROMISE - RIG EXPLOIT KIT | Local
- Jan 03 - BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry | Local
2015
- Dec 23 - ELISE: Security Through Obesity | Local
- Dec 22 - BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger | Local
- Dec 20 - The EPS Awakens - Part 2 | Local
- Dec 18 - Attack on French Diplomat Linked to Operation Lotus Blossom | Local
- Dec 16 - APT28 Under the Scope - A Journey into Exfiltrating Intelligence and Government Information | Local APT
- Dec 16 - Operation Black Atlas, Part 2: Tools and Malware Used and How to Detect Them | Local Financial
- Dec 16 - Dissecting the Malware Involved in the INOCNATION Campaign | Local
- Dec 15 - Newcomers in the Derusbi family | Local
- Dec 08 - Packrat: Seven Years of a South American Threat Actor | Local
- Dec 07 - Financial Threat Group Targets Volume Boot Record | Local
- Dec 07 - Iran-based attackers use back door threats to spy on Middle Eastern targets | Local
- Dec 04 - Sofacy APT hits high profile targets with updated toolset | Local
- Dec 01 - China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets | Local
- Nov 30 - Ponmocup A giant hiding in the shadows | Local
- Nov 24 - Attack Campaign on the Government of Thailand Delivers Bookworm Trojan | Local
- Nov 23 - CopyKittens Attack Group | Local
- Nov 23 - PEERING INTO GLASSRAT | Local
- Nov 23 - Prototype Nation: The Chinese Cybercriminal Underground in 2015 | Local
- Nov 19 - Russian financial cybercrime: how it works | Local
- Nov 19 - Decrypting Strings in Emdivi | Local
- Nov 18 - TDrop2 Attacks Suggest Dark Seoul Attackers Return | Local
- Nov 18 - Sakula Reloaded | Local
- Nov 18 - Damballa discovers new toolset linked to Destover Attacker’s arsenal helps them to broaden attack surface | Local
- Nov 16 - WitchCoven: Exploiting Web Analytics to Ensnare Victims | Local
- Nov 10 - Bookworm Trojan: A Model of Modular Architecture | Local
- Nov 09 - Rocket Kitten: A Campaign With 9 Lives | Local
- Nov 04 - Evolving Threats:dissection of a CyberEspionage attack | Local
- Oct 16 - [Targeted Malware Attacks against NGO Linked to Attacks on Burmese Government Websites](https://citizenlab.org/2015/10/targeted-attacks-ngo-burma/, https://otx.alienvault.com/pulse/5621208f4637f21ecf2aac36/) | Local
- Oct 15 - Pay No Attention to the Server Behind the Proxy: Mapping FinFisher’s Continuing Proliferation | Local
- Oct 05 - Proactive Threat Identification Neutralizes Remote Access Trojan Efficacy | Local
- Oct 03 - Webmail Server APT: A New Persistent Attack Methodology Targeting Microsoft Outlook Web Application (OWA) | Local
- Sep 23 - PROJECT CAMERASHY: CLOSING THE APERTURE ON CHINA’S UNIT 78020 | PDF | local
- Sep 17 - The Dukes 7 Years of Russian Cyber Espionage - PDF | Local
- Sep 16 - The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK | Local
- Sep 16 - Operation Iron Tiger: How China-Based Actors Shifted Attacks from APAC to US Targets | IOC | Local
- Sep 15 - In Pursuit of Optical Fibers and Troop Intel: Targeted Attack Distributes PlugX in Russia | Local
- Sep 09 - Satellite Turla: APT Command and Control in the Sky | Local
- Sep 08 - Musical Chairs: Multi-Year Campaign Involving New Variant of Gh0st Malware | Local
- Sep 01 - The Spy Kittens Are Back: Rocket Kitten 2 | PDF
- Aug 20 - PlugX Threat Activity in Myanmar | Local
- Aug 20 - New activity of the Blue Termite APT | Local
- Aug 19 - New Internet Explorer zero-day exploited in Hong Kong attacks | Local
- Aug 10 - The Italian Connection: An analysis of exploit supply chains and digital quartermasters | Local
- Aug 08 - Threat Analysis: Poison Ivy and Links to an Extended PlugX Campaign | Local
- Aug 05 - Threat Group-3390 Targets Organizations for Cyberespionage | Local
- Aug 04 - Terracotta VPN: Enabler of Advanced Threat Anonymity
- Jul 31 - Operation Potao Express | IOC
- Jul 28 - Black Vine: Formidable cyberespionage group targeted aerospace, healthcare since 2012
- Jul 27 - HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group
- Jul 22 - Duke APT group's latest tools: cloud services and Linux support
- Jul 20 - China Hacks the Peace Palace: All Your EEZ’s Are Belong to Us | Local
- Jul 20 - Watering Hole Attack on Aerospace Firm Exploits CVE-2015-5122 to Install IsSpace Backdoor
- Jul 14 - Tracking MiniDionis: CozyCar’s New Ride Is Related to Seaduke
- Jul 14 - An In-Depth Look at How Pawn Storm’s Java Zero-Day Was Used | Local
- Jul 13 - "Forkmeiamfamous": Seaduke, latest weapon in the Duke armory
- Jul 13 - Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak | [Local](../../blob/master//2015/Jul.13.Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability (CVE-2015-5119) Following Hacking Team Leak)
- Jul 10 - APT Group UPS Targets US Government with Hacking Team Flash Exploit | Local
- Jul 09 - Butterfly: Corporate spies out for financial gain
- Jul 08 - Wild Neutron – Economic espionage threat actor returns with new tricks
- Jul 08 - APT Group Wekby Leveraging Adobe Flash Exploit (CVE-2015-5119)
- Jun 30 - Dino – the latest spying malware from an allegedly French espionage group analyzed
- Jun 28 - APT on Taiwan - insight into advances of adversary TTPs | Local
- Jun 26 - Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign
- Jun 24 - UnFIN4ished Business (FIN4)
- Jun 22 - Winnti targeting pharmaceutical companies
- Jun 16 - Operation Lotus Bloom
- Jun 15 - Targeted Attacks against Tibetan and Hong Kong Groups Exploiting CVE-2014-4114
- Jun 12 - Afghan Government Compromise: Browser Beware
- Jun 10 - The_Mystery_of_Duqu_2_0 IOC Yara
- Jun 10 - Crysys Lab - Duqu 2.0
- Jun 09 - Duqu 2.0 Win32k Exploit Analysis
- Jun 04 - Blue Thermite targeting Japan (CloudyOmega)
- Jun 03 - Thamar Reservoir
- May 29 - OceanLotusReport
- May 28 - Grabit and the RATs
- May 27 - Analysis On Apt-To-Be Attack That Focusing On China's Government Agency'
- May 27 - BlackEnergy 3 – Exfiltration of Data in ICS Networks | Local
- May 26 - Dissecting-Linux/Moose
- May 21 - The Naikon APT and the MsnMM Campaigns
- May 19 - Operation 'Oil Tanker'
- May 18 - Cmstar Downloader: Lurid and Enfal’s New Cousin
- May 14 - Operation Tropic Trooper
- May 14 - The Naikon APT
- May 13 - SPEAR: A Threat Actor Resurfaces
- May 12 - root9B Uncovers Planned Sofacy Cyber Attack Targeting Several International and Domestic Financial Institutions
- May 07 - Dissecting the Kraken
- May 05 - Targeted attack on France’s TV5Monde | Local
- Apr 27 - Attacks against Israeli & Palestinian interests
- Apr 22 - CozyDuke
- Apr 21 - The CozyDuke APT
- Apr 20 - Sofacy II – Same Sofacy, Different Day
- Apr 18 - Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack
- Apr 16 - Operation Pawn Storm Ramps Up its Activities; Targets NATO, White House
- Apr 15 - The Chronicles of the Hellsing APT: the Empire Strikes Back
- Apr 12 - APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation
- Mar 31 - Volatile Cedar – Analysis of a Global Cyber Espionage Campaign
- Mar 19 - Rocket Kitten Showing Its Claws: Operation Woolen-GoldFish and the GHOLE campaign
- Mar 11 - Inside the EquationDrug Espionage Platform
- Mar 10 - Tibetan Uprising Day Malware Attacks
- Mar 06 - Is Babar a Bunny?
- Mar 06 - Animals in the APT Farm
- Mar 05 - Casper Malware: After Babar and Bunny, Another Espionage Cartoon
- Feb 24 - A deeper look into Scanbox
- Feb 27 - The Anthem Hack: All Roads Lead to China | Local
- Feb 25 - Southeast Asia: An Evolving Cyber Threat Landscape
- Feb 25 - PlugX goes to the registry (and India)
- Feb 18 - Babar: espionage software finally found and put under the microscope
- Feb 18 - Shooting Elephants
- Feb 17 - Desert Falcons APT
- Feb 17 - A Fanny Equation: "I am your father, Stuxnet"
- Feb 16 - Operation Arid Viper
- Feb 16 - The Carbanak APT
- Feb 16 - Equation: The Death Star of Malware Galaxy
- Feb 10 - CrowdStrike Global Threat Intel Report for 2014
- Feb 04 - Pawn Storm Update: iOS Espionage App Found
- Feb 02 - Behind the Syrian Conflict’s Digital Frontlines
- Jan 29 - Analysis of PlugX Variant - P2P PlugX
- Jan 29 - Backdoor.Winnti attackers and Trojan.Skelky
- Jan 27 - Comparing the Regin module 50251 and the "Qwerty" keylogger
- Jan 22 - Regin's Hopscotch and Legspin
- Jan 22 - Scarab attackers Russian targets | IOCs
- Jan 22 - The Waterbug attack group
- Jan 20 - Reversing the Inception APT malware
- Jan 20 - Analysis of Project Cobra
- Jan 15 - Evolution of Agent.BTZ to ComRAT
- Jan 12 - Skeleton Key Malware Analysis
- Jan 11 - Hong Kong SWC attack | Local
2014
- Dec 22 - Anunak: APT against financial institutions
- Dec 21 - Operation Poisoned Helmand
- Dec 19 - TA14-353A: Targeted Destructive Malware (wiper)
- Dec 18 - Malware Attack Targeting Syrian ISIS Critics
- Dec 17 - Wiper Malware – A Detection Deep Dive
- Dec 12 - Bots, Machines, and the Matrix
- Dec 12 - Vinself now with steganography
- Dec 10 - South Korea MBR Wiper
- Dec 10 - W64/Regin, Stage #1
- Dec 10 - W32/Regin, Stage #1
- Dec 10 - Cloud Atlas: RedOctober APT
- Dec 09 - The Inception Framework
- Dec 08 - The 'Penquin' Turla
- Dec 03 - Operation Cleaver: The Notepad Files | Local
- Dec 02 - Operation Cleaver | IOCs | Local
- Nov 30 - FIN4: Stealing Insider Information for an Advantage in Stock Trading?
- Nov 24 - Deep Panda Uses Sakula Malware | Local
- Nov 24 - TheIntercept's report on The Regin Platform
- Nov 24 - Kaspersky's report on The Regin Platform
- Nov 23 - Symantec's report on Regin
- Nov 21 - Operation Double Tap | IOCs
- Nov 20 - EvilBunny: Suspect #4
- Nov 14 - Roaming Tiger (Slides)
- Nov 14 - OnionDuke: APT Attacks Via the Tor Network
- Nov 13 - Operation CloudyOmega: Ichitaro 0-day targeting Japan
- Nov 12 - Korplug military targeted attacks: Afghanistan & Tajikistan
- Nov 11 - The Uroburos case- Agent.BTZ’s successor, ComRAT
- Nov 10 - The Darkhotel APT - A Story of Unusual Hospitality
- Nov 03 - Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kong’s Pro-Democracy Movement
- Nov 03 - New observations on BlackEnergy2 APT activity
- Oct 31 - Operation TooHash
- Oct 30 - The Rotten Tomato Campaign
- Oct 28 - Group 72, Opening the ZxShell
- Oct 28 - APT28 - A Window Into Russia's Cyber Espionage Operations
- Oct 27 - Micro-Targeted Malvertising via Real-time Ad Bidding
- Oct 27 - ScanBox framework – who’s affected, and who’s using it?
- Oct 27 - Full Disclosure of Havex Trojans - ICS Havex backdoors
- Oct 24 - LeoUncia and OrcaRat
- Oct 23 - Modified Tor Binaries
- Oct 22 - Sofacy Phishing by PWC
- Oct 22 - Operation Pawn Storm: The Red in SEDNIT
- Oct 20 - OrcaRAT - A whale of a tale
- Oct 14 - Sandworm - CVE-2104-4114
- Oct 14 - Group 72 (Axiom)
- Oct 14 - Derusbi Preliminary Analysis
- Oct 14 - Hikit Preliminary Analysis
- Oct 14 - ZoxPNG Preliminary Analysis
- Oct 09 - Democracy in Hong Kong Under Attack
- Oct 03 - New indicators for APT group Nitro
- Sep 26 - BlackEnergy & Quedagh
- Sep 26 - Aided Frame, Aided Direction (Sunshop Digital Quartermaster)
- Sep 23 - Ukraine and Poland Targeted by BlackEnergy (video)
- Sep 19 - Watering Hole Attacks using Poison Ivy by "th3bug" group
- Sep 18 - COSMICDUKE: Cosmu with a twist of MiniDuke
- Sep 17 - Chinese intrusions into key defense contractors
- Sep 10 - Operation Quantum Entanglement
- Sep 08 - When Governments Hack Opponents: A Look at Actors and Technology video
- Sep 08 - Targeted Threat Index: Characterizingand Quantifying Politically-MotivatedTargeted Malware video
- Sep 04 - Gholee – a “Protective Edge” themed spear phishing campaign | Local
- Sep 04 - Forced to Adapt: XSLCmd Backdoor Now on OS X
- Sep 03 - Darwin’s Favorite APT Group (APT12)
- Aug 29 - Syrian Malware Team Uses BlackWorm for Attacks
- Aug 28 - Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks
- Aug 27 - North Korea’s cyber threat landscape
- Aug 27 - NetTraveler APT Gets a Makeover for 10th Birthday
- Aug 25 - Vietnam APT Campaign
- Aug 20 - El Machete
- Aug 18 - The Syrian Malware House of Cards | Local
- Aug 13 - A Look at Targeted Attacks Through the Lense of an NGO | Local
- Aug 12 - New York Times Attackers Evolve Quickly (Aumlib/Ixeshe/APT12)
- Aug 07 - The Epic Turla Operation Appendix
- Aug 06 - Operation Poisoned Hurricane
- Aug 05 - Operation Arachnophobia
- Aug 04 - Sidewinder Targeted Attack Against Android
- Jul 31 - Energetic Bear/Crouching Yeti Appendix
- Jul 31 - Energetic Bear/Crouching Yeti
- Jul 20 - Sayad (Flying Kitten) Analysis & IOCs
- Jul 11 - Pitty Tiger | Local
- Jul 10 - TR-25 Analysis - Turla / Pfinet / Snake/ Uroburos
- Jul 07 - Deep Pandas, Deep in Thought: Chinese Targeting of National Security Think Tanks | Local
- Jun 10 - Anatomy of the Attack: Zombie Zero
- Jun 30 - Dragonfly: Cyberespionage Attacks Against Energy Suppliers
- Jun 20 - Embassy of Greece Beijing
- Jun 09 - Putter Panda
- Jun 06 - Illuminating The Etumbot APT Backdoor (APT12)
- May 28 - NewsCaster_An_Iranian_Threat_Within_Social_Networks | Local
- May 21 - RAT in jar: A phishing campaign using Unrecom
- May 20 - Miniduke Twitter C&C
- May 13 - CrowdStrike's report on Flying Kitten
- May 13 - Operation Saffron Rose (aka Flying Kitten)
- Apr 26 - CVE-2014-1776: Operation Clandestine Fox
- Mar 08 - Russian spyware Turla
- Mar 07 - Snake Campaign & Cyber Espionage Toolkit
- Mar 06 - The Siesta Campaign
- Feb 28 - Uroburos: Highly complex espionage software with Russian roots
- Feb 25 - The French Connection: French Aerospace-Focused CVE-2014-0322 Attack Shares Similarities with 2012 Capstone Turbine Activity | Local
- Feb 23 - Gathering in the Middle East, Operation STTEAM
- Feb 20 - Mo' Shells Mo' Problems - Deep Panda Web Shells | Local
- Feb 20 - Operation GreedyWonk: Multiple Economic and Foreign Policy Sites Compromised, Serving Up Flash Zero-Day Exploit
- Feb 19 - XtremeRAT: Nuisance or Threat?
- Feb 19 - The Monju Incident
- Feb 13 - Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website
- Feb 11 - Unveiling "Careto" - The Masked APT
- Jan 31 - Intruder File Report- Sneakernet Trojan
- Jan 21 - Shell_Crew (Deep Panda)
- Jan 15 - “New'CDTO:'A'Sneakernet'Trojan'Solution
- Jan 14 - The Icefog APT Hits US Targets With Java Backdoor
- Jan 13 - Targeted attacks against the Energy Sector
- Jan 06 - PlugX: some uncovered points
2013
- ??? ?? - THE LITTLE MALWARE THAT COULD: Detecting and Defeating the China Chopper Web Shell | Local
- ??? ?? - Deep Panda (OFFLINE) | Local
- Dec 20 - ETSO APT Attacks Analysis | Local
- Dec 11 - Operation "Ke3chang"
- Dec 02 - njRAT, The Saga Continues
- Nov 11 - Supply Chain Analysis
- Nov 10 - Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method
- Oct 24 - Terminator RAT or FakeM RAT | Local
- Sep 30 - World War C: State of affairs in the APT world
- Sep 25 - The 'ICEFROG' APT: A Tale of cloak and three daggers
- Sep 17 - Hidden Lynx - Professional Hackers for Hire
- Sep 13 - Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets
- Sep 11 - The "Kimsuky" Operation
- Sep 06 - Evasive Tactics: Taidoor | | Local
- Sep ?? - Feature: EvilGrab Campaign Targets Diplomatic Agencies
- Aug 23 - Operation Molerats: Middle East Cyber Attacks Using Poison Ivy
- Aug 21 - POISON IVY: Assessing Damage and Extracting Intelligence
- Aug 19 - ByeBye Shell and the targeting of Pakistan
- Aug 02 - Surtr: Malware Family Targeting the Tibetan Community
- Aug 02 - Where There is Smoke, There is Fire: South Asian Cyber Espionage Heats Up
- Aug ?? - APT Attacks on Indian Cyber Space
- Aug ?? - Operation Hangover - Unveiling an Indian Cyberattack Infrastructure
- Jul 31 - Blackhat: In-Depth Analysis of Escalated APT Attacks (Lstudio,Elirks), video
- Jul 31 - Secrets of the Comfoo Masters
- Jul 15 - PlugX revisited: "Smoaler"
- Jul 09 - Dark Seoul Cyber Attack: Could it be worse?
- Jun 30 - Targeted Campaign Steals Credentials in Gulf States and Caribbean
- Jun 28 - njRAT Uncovered
- Jun 21 - A Call to Harm: New Malware Attacks Target the Syrian Opposition
- Jun 18 - Trojan.APT.Seinup Hitting ASEAN
- Jun 07 - KeyBoy, Targeted Attacks against Vietnam and India
- Jun 04 - The NetTraveller (aka 'Travnet')
- Jun 01 - Crude Faux: An analysis of cyber conflict within the oil & gas industries
- Jun ?? - The Chinese Malware Complexes: The Maudi Surveillance Operation
- May 30 - TR-14 - Analysis of a stage 3 Miniduke malware sample
- May ?? - Operation Hangover
- Apr 24 - Operation Hangover
- Apr 21 - MiniDuke - The Final Cut
- Apr 13 - "Winnti" More than just a game
- Apr 01 - Trojan.APT.BaneChant
- Mar 28 - TR-12 - Analysis of a PlugX malware variant used for targeted attacks
- Mar 27 - APT1: technical backstage (Terminator/Fakem RAT)
- Mar 21 - Darkseoul/Jokra Analysis And Recovery
- Mar 20 - The TeamSpy Crew Attacks
- Mar 20 - Dissecting Operation Troy
- Mar 17 - Safe: A Targeted Threat
- Mar 13 - You Only Click Twice: FinFisher’s Global Proliferation
- Feb 27 - Miniduke: Indicators v1
- Feb 27 - The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor
- Feb 26 - Stuxnet 0.5: The Missing Link
- Feb 22 - Comment Crew: Indicators of Compromise
- Feb 18 - Mandiant APT1 Report
- Feb 12 - Targeted cyber attacks: examples and challenges ahead
- Jan 18 - Operation Red October
- Jan 14 - Red October Diplomatic Cyber Attacks Investigation
- Jan 14 - The Red October Campaign
2012
- Nov 03 - Systematic cyber attacks against Israeli and Palestinian targets going on for a year
- Nov 01 - RECOVERING FROM SHAMOON
- Oct 31 - CYBER ESPIONAGE Against Georgian Government (Georbot Botnet)
- Oct 27 - Trojan.Taidoor: Targeting Think Tanks
- Oct 08 - Matasano notes on DarkComet, Bandook, CyberGate and Xtreme RAT
- Sep 18 - The Mirage Campaign
- Sep 12 - The VOHO Campaign: An in depth analysis
- Sep 07 - IEXPLORE RAT
- Sep 06 - The Elderwood Project
- Aug 18 - The Taidoor Campaign AN IN-DEPTH ANALYSIS | Local
- Aug 09 - Gauss: Abnormal Distribution
- Jul 27 - The Madi Campaign
- Jul 25 - From Bahrain With Love: FinFisher’s Spy Kit Exposed?
- Jul 11 - Wired article on DarkComet creator
- Jul 10 - Advanced Social Engineering for the Distribution of LURK Malware
- May 31 - sKyWIper (Flame/Flamer)
- May 22 - IXESHE An APT Campaign
- May 18 - Analysis of Flamer C&C Server
- Apr 16 - OSX.SabPub & Confirmed Mac APT attacks
- Apr 10 - Anatomy of a Gh0st RAT
- Mar 26 - Luckycat Redux
- Mar 13 - Reversing DarkComet RAT's crypto
- Mar 12 - Crouching Tiger, Hidden Dragon, Stolen Data
- Feb 29 - The Sin Digoo Affair
- Feb 03 - Command and Control in the Fifth Domain
- Jan 03 - The HeartBeat APT
2011
- Dec 08 - Palebot trojan harvests Palestinian online credentials
- Oct 31 - The Nitro Attacks: Stealing Secrets from the Chemical Industry
- Oct 26 - Duqu Trojan Questions and Answers
- Oct 12 - Alleged APT Intrusion Set: "1.php" Group
- Sep 22 - The "LURID" Downloader
- Sep 11 - SK Hack by an Advanced Persistent Threat
- Sep 09 - The RSA Hack
- Aug 03 - HTran and the Advanced Persistent Threat
- Aug 02 - Operation Shady rat : Vanity
- Aug 04 - Operation Shady RAT
- Apr 20 - Stuxnet Under the Microscope
- Feb 18 - Night Dragon Specific Protection Measures for Consideration
- Feb 10 - Global Energy Cyberattacks: Night Dragon
2010
- Dec 09 - The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability
- Sep 30 - W32.Stuxnet Dossier
- Sep 03 - The "MSUpdater" Trojan And Ongoing Targeted Attacks
- Apr 06 - Shadows in the cloud: Investigating Cyber Espionage 2.0
- Mar 14 - In-depth Analysis of Hydraq (OFFLINE)
- Feb 24 - How Can I Tell if I Was Infected By Aurora? (IOCs) (OFFLINE)
- Feb 10 - HB Gary Threat Report: Operation Aurora
- Jan ?? - Case Study: Operation Aurora - Triumfant (OFFLINE)
- Jan 27 - Operation Aurora Detect, Diagnose, Respond (OFFLINE)
- Jan 20 - McAfee Labs: Combating Aurora
- Jan 13 - The Command Structure of the Aurora Botnet - Damballa
- Jan 12 - Operation Aurora
2009
- Mar 29 - Tracking GhostNet
- Jan 18 - Impact of Alleged Russian Cyber Attacks
2008
- Nov 19 - Agent.BTZ
- Nov 04 - China's Electronic Long-Range Reconnaissance
- Oct 02 - How China will use cyber warfare to leapfrog in military competitiveness
- Aug 10 - Russian Invasion of Georgia Russian Cyberwar on Georgia (OFFLINE)