Anna Pavlovskaya

Oct 31, 2024 | securelist.com | Vladislav Tushkanov |Boris Larin |Vasily Berdnikov |Anna Pavlovskaya

One topic being actively researched in connection with the breakout of LLMs is capability uplift – when employees with limited experience or resources in some area become able to perform at a much higher level thanks to LLM technology. This is especially important in information security, where cyberattacks are becoming increasingly cost-effective and larger-scale, causing headaches for security teams. Among other tools, attackers use LLMs to generate content for fake websites.

Oct 7, 2024 | securelist.com | Kaspersky ICS CERT |Anna Larkina |Flavio Negrini |Anna Pavlovskaya

IntroductionIn July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, we began tracking it, and published three reports in August and September 2024 through our threat research subscription on the threat actor we named Awaken Likho (also named by other vendors as Core Werewolf).

Oct 1, 2024 | securelist.com | Anna Larkina |Flavio Negrini |Dmitry Kalinin |Anna Pavlovskaya

Key Group, or keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group is known for negotiating with victims on Telegram and using the Chaos ransomware builder. The first public report on Key Group’s activity was released in 2023 by BI.ZONE, a cybersecurity solutions vendor: the attackers drew attention when they left an ideological note during an attack on a Russian user, in which they did not demand money.

Sep 26, 2024 | securelist.com | Kaspersky ICS CERT |Artem Ushkov |Anna Pavlovskaya

Statistics across all threatsIn the second quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.9 pp from the previous quarter to 23.5%. The percentage has decreased by 3.3 pp compared to the second quarter of 2023, when the indicator reached its highest level since records began in 2022. Regions rankingIn most regions, the percentage of ICS computers that blocked malicious objects decreased compared to the first quarter of 2024.

Sep 25, 2024 | securelist.com | Artem Ushkov |Sherif Magdy |Anna Pavlovskaya

While analyzing attacks on Russian organizations, our team regularly encounters overlapping tactics, techniques, and procedures (TTPs) among different cybercrime groups, and sometimes even shared tools. We recently discovered one such overlap: similar tools and tactics between two hacktivist groups – BlackJack and Twelve, which likely belong to a single cluster of activity.