Adversary - SentinelOne
Category

Adversary

Operation Magalenha | Long-Running Campaign Pursues Portuguese Credentials and PII

A Brazilian threat actor is targeting users of over 30 Portuguese financial institutions with custom backdoors.

Read More

Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit

North Korean APT group focuses on file reconnaissance and information exfiltration with latest variant of RandomQuery malware.

Read More

Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife

A sophisticated new toolset is being used to harvest credentials from multiple cloud service providers, including AWS SES and Microsoft Office 365.

Read More

WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks

A new threat cluster has been targeting telecommunication providers in the Middle East and abusing Microsoft, Google and Dropbox cloud services.

Read More

DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation

A cluster of attacks SentinelLabs tracks as DragonSpark uses a novel technique, Golang source code interpretation, to avoid detection while also deploying a little-known tool called SparkRAT.

Read More

NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO

In the name of Russia's war in Ukraine, NoName057(16) abuses GitHub and Telegram in an ongoing campaign to disrupt NATO's critical infrastructure.

Read More

Driving Through Defenses | Targeted Attacks Leverage Signed Malicious Microsoft Drivers

Threat actors are abusing legitimately signed Microsoft drivers in active intrusions into telecommunication, BPO, MSSP, and financial services businesses.

Read More

Void Balaur | The Sprawling Infrastructure of a Careless Mercenary

The Void Balaur cyber mercenary group has thrived throughout 2022, attacking targets on a global scale with new phishing campaigns.

Read More

Targets of Interest | Russian Organizations Increasingly Under Attack By Chinese APTs

Chinese-linked phishing campaign seeks to compromise Russian targets with custom malware designed for espionage.

Read More

Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad

Chinese-aligned APT group Moshen Dragon caught sideloading malware through multiple AV products to infect telecoms sector.

Read More