Labs Archive

Black Basta operational TTPs are described here in full detail, revealing previously unknown tools and techniques and a link to FIN7.

PDF

Advanced Persistent Threat

WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware

Joey Chen / October 12, 2022

Precision targeting of critical infrastructure industries indicates espionage-related activity by an unattributed Chinese-speaking threat group.

PDF

Adversary

Void Balaur | The Sprawling Infrastructure of a Careless Mercenary

Tom Hegel / September 22, 2022

The Void Balaur cyber mercenary group has thrived throughout 2022, attacking targets on a global scale with new phishing campaigns.

PDF

Advanced Persistent Threat

The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities

Juan Andrés Guerrero-Saade /

An elusive adversary is attacking high-value targets with impunity using novel malware frameworks and custom-built backdoors.

PDF

Crimeware

Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection

Aleksandar Milenkoski / September 8, 2022

Partially encrypting victims' files improves ransomware speed and aids evasion. First seen in LockFile, the technique is now being widely adopted.

PDF

Crimeware

PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks

Amitai Ben Shushan Ehrlich / September 1, 2022

A new threat actor is spreading infostealer malware through targeted attacks on developers and fraudulent cryptotrading applications.

PDF

Crimeware

Who Needs Macros? | Threat Actors Pivot to Abusing Explorer and Other LOLBins via Windows Shortcuts

Aleksandar Milenkoski / August 4, 2022

Crimeware vendors say 'macros are dead', but they have a new weapon to help threat actors successfully deploy malware.

PDF

Crimeware

LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques

Jim Walter / July 21, 2022

The self-proclaimed 'oldest ransomware affiliate on the planet' has new tricks and new features and continues to beat enterprise defenses.

PDF

Security Research

Inside Malicious Windows Apps for Malware Deployment

Aleksandar Milenkoski / July 14, 2022

Learn how threat actors manipulate Windows to install malicious apps that are trusted by the system, and how to defend against them.

PDF

Adversary

Targets of Interest | Russian Organizations Increasingly Under Attack By Chinese APTs

Tom Hegel / July 7, 2022

Chinese-linked phishing campaign seeks to compromise Russian targets with custom malware designed for espionage.

PDF

Category

Labs

Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor

WIP19 Espionage | New Chinese APT Targets IT Service Providers and Telcos With Signed Malware

Void Balaur | The Sprawling Infrastructure of a Careless Mercenary

The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities

Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection

PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks

Who Needs Macros? | Threat Actors Pivot to Abusing Explorer and Other LOLBins via Windows Shortcuts

LockBit 3.0 Update | Unpicking the Ransomware’s Latest Anti-Analysis and Evasion Techniques

Inside Malicious Windows Apps for Malware Deployment

Targets of Interest | Russian Organizations Increasingly Under Attack By Chinese APTs