The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities
An elusive adversary is attacking high-value targets with impunity using novel malware frameworks and custom-built backdoors.
Read More
Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years
Targeting organizations in SE Asia and Australia, Aoqin Dragon uses pornographic-themed lures and custom backdoors to conduct espionage operations.
Read More
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine
A new malware is attacking Ukrainian organizations and erasing Windows devices. In this early analysis, we provide technical details, IOCS and hunting rules.
Read More
Hacktivism and State-Sponsored Knock-Offs | Attributing Deceptive Hack-and-Leak Operations
Are there still real hacktivists out there or are they all a cover for state-sponsored operations?
Read More
Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor
MuddyWater APT's updated toolkit: an evolution of PowGoop malware, abuse of tunneling tools, and targeting of Exchange servers. MuddyWater's activities are attributed to the Iranian Ministry of Intelligence by U.S. Cyber Command.
Read More
EGoManiac | An Unscrupulous Turkish-Nexus Threat Actor
EGoManiac is a threat actor willing to spy on friend and foe and entrap journalists without compunction. Read our groundbreaking research.
Read More
ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage
Supplying a custom backdoor to a cluster of APT groups, the personas behind ShadowPad have maintained a cloak of secrecy, until now.
Read More
NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks
Nobelium – the new face of APT29 – deploys poisoned installers against Ukrainian government targets in a possible supply chain attack.
Read More
SolarWinds | Understanding & Detecting the SUPERNOVA Webshell Trojan
Our analysis of the SUPERNOVA trojan reveals the differences between the legitimate DLL and the attacker’s implant, along with some new IoCs for detection.
Read More
SolarWinds SUNBURST Backdoor: Inside the APT Campaign
A technical analysis of the SUNBURST stealthy APT including processes, services, and drivers. SentinelOne customers protected with no updates or configuration changes.
Read More