David Emm

Nov 29, 2024 | securelist.com | David Emm |Anna Larkina |Vladislav Tushkanov |Roman Dedenok

IT threat evolution in Q3 2024IT threat evolution in Q3 2024. Non-mobile statisticsIT threat evolution in Q3 2024. Mobile statisticsTargeted attacksIn May 2024, we discovered a new APT targeting Russian government organizations. CloudSorcerer is a sophisticated cyber-espionage tool used for stealth monitoring, data collection and exfiltration via Microsoft, Yandex and Dropbox cloud infrastructures.

Sep 9, 2024 | securelist.com | Artem Ushkov |Anton Kivva |David Emm

In July 2024, we discovered the previously unknown Loki backdoor, which was used in a series of targeted attacks. By analyzing the malicious file and open sources, we determined that Loki is a private version of an agent for the open-source Mythic framework. Our solutions detect this threat as Backdoor.Win64.MLoki to differentiate it from other malware families with the same name, such as Loki Bot, Loki Locker, and others.

Sep 5, 2024 | securelist.com | Sherif Magdy |Anton Kivva |David Emm

Executive summaryTropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Our recent investigation has revealed that in 2024 they conducted persistent campaigns targeting a government entity in the Middle East, starting in June 2023.

Sep 4, 2024 | securelist.com | Fedor Sinitsyn |Yanis Zinchenko |Anton Kivva |David Emm

Mallox is a sophisticated and dangerous family of malicious software that has been causing significant damage to organizations worldwide. In 2023, this ransomware strain demonstrated an uptick in attacks, the overall number of discovered Mallox samples exceeding 700. In the first half of 2024, the malware was still being actively developed, with new versions being released several times a month, while the Mallox RaaS affiliate program advertised on dark web forums was seeking new partners.

Jun 24, 2024 | securelist.lat | Sergey Belov |Anderson G. Leite |Anton Kivva |David Emm

Parte 1: Historia del backdoor XZ: Análisis inicialParte 2: Evaluar el porqué y el cómo del incidente ocurrido con XZ UtilsEn nuestro primer artículo sobre el backdoor XZ, hicimos un análisis de su código, desde la infección inicial hasta el hooking de funciones que realiza. Como mencionamos entonces, su objetivo inicial era hacer el hooking de una de las funciones relacionadas con la manipulación de claves RSA.