SentinelLabs - We are hunters, reversers, exploit developers, and tinkerers shedding light on the world of malware, exploits, APTs, and cybercrime across all platforms.
Category

Labs

Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years

Targeting organizations in SE Asia and Australia, Aoqin Dragon uses pornographic-themed lures and custom backdoors to conduct espionage operations.

Read More

Use of Obfuscated Beacons in ‘pymafka’ Supply Chain Attack Signals a New Trend in macOS Attack TTPs

A new typosquatting attack against the PyPI repository targets enterprise Macs with a distinctive obfuscation method.

Read More

CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware

Software developers using GitLab CI are being targeted with malware through a typosquatting attack, putting downstream users at risk.

Read More

Putting Things in Context | Timelining Threat Campaigns

Visualizing data is integral to threat research. See how we used this timeline analysis tool to track activity in the Ukrainian cyber conflict.

Read More

Vulnerabilities in Avast And AVG Put Millions At Risk

Two high-severity flaws in popular end user security tools allow attackers to elevate privileges and compromise devices.

Read More

Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad

Chinese-aligned APT group Moshen Dragon caught sideloading malware through multiple AV products to infect telecoms sector.

Read More

LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility

Long-running LockBit ransomware attempts to evade Windows ETW, AMSI and EDR by leveraging legitimate VMware logging command line utility.

Read More

Nokoyawa Ransomware | New Karma/Nemty Variant Wears Thin Disguise

Nemty developers have created a new, flawed update to the Karma ransomware variant in a bid to avoid detection and mislead attribution.

Read More

Inside the Black Box | How We Fuzzed Microsoft Defender for IoT and Found Multiple Vulnerabilities

A must-read for fuzzing fans, this post gives a detailed look at the advanced techniques used in our recent discovery of multiple bugs in Defender for IoT.

Read More

AcidRain | A Modem Wiper Rains Down on Europe

As the most impactful cyber attack of the Ukrainian invasion gets downplayed, SentinelLabs uncovers a more plausible explanation.

Read More