The Mystery of Metador | Unpicking Mafalda’s Anti-Analysis Techniques
Discover the anti-analysis techniques of the Mafalda implant, a unique, feature-rich backdoor used by the Metador threat actor.
Read More
WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware
Precision targeting of critical infrastructure industries indicates espionage-related activity by an unattributed Chinese-speaking threat group.
Read More
The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities
An elusive adversary is attacking high-value targets with impunity using novel malware frameworks and custom-built backdoors.
Read More
Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years
Targeting organizations in SE Asia and Australia, Aoqin Dragon uses pornographic-themed lures and custom backdoors to conduct espionage operations.
Read More
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine
A new malware is attacking Ukrainian organizations and erasing Windows devices. In this early analysis, we provide technical details, IOCS and hunting rules.
Read More
Hacktivism and State-Sponsored Knock-Offs | Attributing Deceptive Hack-and-Leak Operations
Are there still real hacktivists out there or are they all a cover for state-sponsored operations?
Read More
Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor
MuddyWater APT's updated toolkit: an evolution of PowGoop malware, abuse of tunneling tools, and targeting of Exchange servers. MuddyWater's activities are attributed to the Iranian Ministry of Intelligence by U.S. Cyber Command.
Read More
EGoManiac | An Unscrupulous Turkish-Nexus Threat Actor
EGoManiac is a threat actor willing to spy on friend and foe and entrap journalists without compunction. Read our groundbreaking research.
Read More
ShadowPad | A Masterpiece of Privately Sold Malware in Chinese Espionage
Supplying a custom backdoor to a cluster of APT groups, the personas behind ShadowPad have maintained a cloak of secrecy, until now.
Read More
NobleBaron | New Poisoned Installers Could Be Used In Supply Chain Attacks
Nobelium – the new face of APT29 – deploys poisoned installers against Ukrainian government targets in a possible supply chain attack.
Read More