Aleksandar Milenkoski, Author at SentinelOne

Sandman APT A Mystery Group Targeting Telcos With A LuaJIT Toolkit 4

Sophisticated threat actor deploys high-end malware utilizing the LuaJIT platform to backdoor telcos in Europe, Middle East and South Asia.

PDF

Chinese Entanglement DLL Hijacking In The Asian Gambling Sector By Aleksandar Milenkoski And Tom Hegel 5

labs

Adversary

Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector

Aleksandar Milenkoski / August 17, 2023

Threat actors abuse Adobe Creative Cloud, Edge, and other executables vulnerable to DLL hijacking in campaign targeting the Southeast Asian gambling sector.

PDF

Kimsuky Strikes Again New Social Engineering Campaign Aims To Steal Credentials And Gather Strategic Intelligence 5

labs

Advanced Persistent Threat

Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence

Aleksandar Milenkoski / June 6, 2023

Threat actor targets experts in North Korean affairs with spoofed URLs and weaponized Office documents to steal Google and other credentials.

PDF

Operation Magalenha Long Running Campaign Pursues Portuguese Credentials And PII 3

labs

Adversary

Operation Magalenha | Long-Running Campaign Pursues Portuguese Credentials and PII

Aleksandar Milenkoski / May 25, 2023

A Brazilian threat actor is targeting users of over 30 Portuguese financial institutions with custom backdoors.

PDF

Kimsuky Ongoing Campaign Using Tailored Reconnaissance Toolkit 1

labs

Adversary

Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit

Aleksandar Milenkoski / May 23, 2023

North Korean APT group focuses on file reconnaissance and information exfiltration with latest variant of RandomQuery malware.

PDF

labs

Advanced Persistent Threat

Transparent Tribe (APT36) | Pakistan-Aligned Threat Actor Expands Interest in Indian Education Sector

Aleksandar Milenkoski / April 13, 2023

SentinelLabs has been tracking a cluster of malicious documents that stage the Crimson RAT malware distributed by APT36 (Transparent Tribe).

PDF

Operation Tainted Love Chinese APTs Target Telcos In New Attacks 4

labs

Advanced Persistent Threat

Operation Tainted Love | Chinese APTs Target Telcos in New Attacks

Aleksandar Milenkoski / March 23, 2023

Cyber espionage actor deploys custom credential theft malware in new campaign targeting the telecoms sector.

PDF

sentinelone

DBatLoader and Remcos RAT Sweep Eastern Europe

From the Front Lines | 7 minute read

WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks

Aleksandar Milenkoski / February 16, 2023

A new threat cluster has been targeting telecommunication providers in the Middle East and abusing Microsoft, Google and Dropbox cloud services.

PDF

MalVirt .NET Virtualization Thrives In New Malvertising Attacks 3

labs

Crimeware

MalVirt | .NET Virtualization Thrives in Malvertising Attacks

Aleksandar Milenkoski / February 2, 2023

.NET malware loaders distributed through malvertising are using obfuscated virtualization for anti-analysis and evasion in an ongoing campaign.

PDF

Aleksandar Milenkoski

Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit

Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector

Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence

Operation Magalenha | Long-Running Campaign Pursues Portuguese Credentials and PII

Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit

Transparent Tribe (APT36) | Pakistan-Aligned Threat Actor Expands Interest in Indian Education Sector

Operation Tainted Love | Chinese APTs Target Telcos in New Attacks

WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks

MalVirt | .NET Virtualization Thrives in Malvertising Attacks