Advanced Persistent Threat - SentinelOne
Category

Advanced Persistent Threat

The Mystery of Metador | Unpicking Mafalda’s Anti-Analysis Techniques

Discover the anti-analysis techniques of the Mafalda implant, a unique, feature-rich backdoor used by the Metador threat actor.

Read More

WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware

Precision targeting of critical infrastructure industries indicates espionage-related activity by an unattributed Chinese-speaking threat group.

Read More

The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities

An elusive adversary is attacking high-value targets with impunity using novel malware frameworks and custom-built backdoors.

Read More

Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years

Targeting organizations in SE Asia and Australia, Aoqin Dragon uses pornographic-themed lures and custom backdoors to conduct espionage operations.

Read More

HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine

A new malware is attacking Ukrainian organizations and erasing Windows devices. In this early analysis, we provide technical details, IOCS and hunting rules.

Read More

Hacktivism and State-Sponsored Knock-Offs | Attributing Deceptive Hack-and-Leak Operations

Are there still real hacktivists out there or are they all a cover for state-sponsored operations?

Read More

Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor

MuddyWater APT's updated toolkit: an evolution of PowGoop malware, abuse of tunneling tools, and targeting of Exchange servers. MuddyWater's activities are attributed to the Iranian Ministry of Intelligence by U.S. Cyber Command.

Read More

EGoManiac | An Unscrupulous Turkish-Nexus Threat Actor

EGoManiac is a threat actor willing to spy on friend and foe and entrap journalists without compunction. Read our groundbreaking research.

Read More

ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage

Supplying a custom backdoor to a cluster of APT groups, the personas behind ShadowPad have maintained a cloak of secrecy, until now.

Read More

NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks

Nobelium – the new face of APT29 – deploys poisoned installers against Ukrainian government targets in a possible supply chain attack.

Read More