Juan Andrés Guerrero-Saade, Author at SentinelOne

The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities

An elusive adversary is attacking high-value targets with impunity using novel malware frameworks and custom-built backdoors.

Read More

CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware

Software developers using GitLab CI are being targeted with malware through a typosquatting attack, putting downstream users at risk.

Read More

AcidRain | A Modem Wiper Rains Down on Europe

As the most impactful cyber attack of the Ukrainian invasion gets downplayed, SentinelLabs uncovers a more plausible explanation.

Read More

HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine

A new malware is attacking Ukrainian organizations and erasing Windows devices. In this early analysis, we provide technical details, IOCS and hunting rules.

Read More

Hacktivism and State-Sponsored Knock-Offs | Attributing Deceptive Hack-and-Leak Operations

Are there still real hacktivists out there or are they all a cover for state-sponsored operations?

Read More

AlphaGolang | A Step-by-Step Go Malware Reversing Methodology for IDA Pro

SentinelLabs sets off to dispel the myth that Go malware is hard to reverse engineer. This suite of IDApython scripts will set you well on your way

Read More

EGoManiac | An Unscrupulous Turkish-Nexus Threat Actor

EGoManiac is a threat actor willing to spy on friend and foe and entrap journalists without compunction. Read our groundbreaking research.

Read More

MeteorExpress | Mysterious Wiper Paralyzes Iranian Trains with Epic Troll

In the midst of an epic troll on a country-wide railway system, we discovered a new threat actor and their reusable wiper called Meteor.

Read More

ThunderCats Hack the FSB | Your Taxes Didn’t Pay For This Op

Early fingerpointing at Western governments for a hack against the Russian government was misplaced. Our taxes didn’t pay for this one.

Read More

NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks

Nobelium – the new face of APT29 – deploys poisoned installers against Ukrainian government targets in a possible supply chain attack.

Read More