Juan Andrés Guerrero-Saade, Author at SentinelOne

An elusive adversary is attacking high-value targets with impunity using novel malware frameworks and custom-built backdoors.

Adversary

AcidRain | A Modem Wiper Rains Down on Europe

Juan Andrés Guerrero-Saade / March 31, 2022

As the most impactful cyber attack of the Ukrainian invasion gets downplayed, SentinelLabs uncovers a more plausible explanation.

Advanced Persistent Threat

HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine

Juan Andrés Guerrero-Saade / February 23, 2022

A new malware is attacking Ukrainian organizations and erasing Windows devices. In this early analysis, we provide technical details, IOCS and hunting rules.

Advanced Persistent Threat

Hacktivism and State-Sponsored Knock-Offs | Attributing Deceptive Hack-and-Leak Operations

Juan Andrés Guerrero-Saade / January 27, 2022

Are there still real hacktivists out there or are they all a cover for state-sponsored operations?

Security Research

AlphaGolang | A Step-by-Step Go Malware Reversing Methodology for IDA Pro

Juan Andrés Guerrero-Saade / October 21, 2021

SentinelLabs sets off to dispel the myth that Go malware is hard to reverse engineer. This suite of IDApython scripts will set you well on your way

Advanced Persistent Threat

EGoManiac | An Unscrupulous Turkish-Nexus Threat Actor

Juan Andrés Guerrero-Saade / September 8, 2021

EGoManiac is a threat actor willing to spy on friend and foe and entrap journalists without compunction. Read our groundbreaking research.

Adversary

MeteorExpress | Mysterious Wiper Paralyzes Iranian Trains with Epic Troll

Juan Andrés Guerrero-Saade / July 29, 2021

In the midst of an epic troll on a country-wide railway system, we discovered a new threat actor and their reusable wiper called Meteor.

Adversary

ThunderCats Hack the FSB | Your Taxes Didn’t Pay For This Op

Juan Andrés Guerrero-Saade / June 8, 2021

Early fingerpointing at Western governments for a hack against the Russian government was misplaced. Our taxes didn’t pay for this one.

Advanced Persistent Threat

NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks

Juan Andrés Guerrero-Saade / June 1, 2021

Nobelium – the new face of APT29 – deploys poisoned installers against Ukrainian government targets in a possible supply chain attack.

Juan Andrés Guerrero-Saade

The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities

CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware

AcidRain | A Modem Wiper Rains Down on Europe

HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine

Hacktivism and State-Sponsored Knock-Offs | Attributing Deceptive Hack-and-Leak Operations

AlphaGolang | A Step-by-Step Go Malware Reversing Methodology for IDA Pro

EGoManiac | An Unscrupulous Turkish-Nexus Threat Actor

MeteorExpress | Mysterious Wiper Paralyzes Iranian Trains with Epic Troll

ThunderCats Hack the FSB | Your Taxes Didn’t Pay For This Op

NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks