-
1 month ago | 
securelist.com | Igor Kuznetsov |Boris Larin |Kaspersky GERT |Kaspersky Security
In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected. All malicious links were personalized and had a very short lifespan.
-
Dec 9, 2024 | 
securelist.com | Alexander Liskin |Vladimir Kuskov |Igor Kuznetsov |Vitaly Kamluk
A faulty update by cybersecurity firm CrowdStrike triggered one of the largest IT outages in history, impacting approximately 8.5 million systems worldwide. This incident serves as a stark reminder of the critical risks posed by global IT disruptions and supply chain weaknesses.
-
Nov 28, 2024 | 
securelist.com | Igor Kuznetsov |Giampaolo Dedola |Georgy Kucherin |Maher Yamout
Kaspersky’s Global Research and Analysis Team (GReAT) has been releasing quarterly summaries of advanced persistent threat (APT) activity for over seven years now. Based on our threat intelligence research, these summaries offer a representative overview of what we’ve published and discussed in more detail in our private APT reports. They are intended to highlight the significant events and findings that we think are important for people to know about.
-
Nov 25, 2024 | 
securelist.com | Igor Kuznetsov |Giampaolo Dedola |Georgy Kucherin |Maher Yamout
We at Kaspersky’s Global Research and Analysis Team monitor over 900 APT (advanced persistent threat) groups and operations. At the end of each year, we take a step back to assess the most complex and sophisticated attacks that have shaped the threat landscape. These insights enable us to anticipate emerging trends and build a clearer picture of what the APT landscape may look like in the year ahead.
-
Oct 29, 2024 | 
securelist.com | Victor Sergeev |Ahmed Khlief |Igor Kuznetsov |Amged Wageh
IntroductionOrganizations often rely on a layered defense strategy, yet breaches still occur, slipping past multiple levels of protection unnoticed. This is where compromise assessment enters the game. The primary objective of these services is risk reduction.
-
Oct 22, 2024 | 
securelist.com | Igor Kuznetsov |Boris Larin |Giampaolo Dedola |Vasily Berdnikov
Grandoreiro is a well-known Brazilian banking trojan — part of the Tetrade umbrella — that enables threat actors to perform fraudulent banking operations by using the victim’s computer to bypass the security measures of banking institutions. It’s been active since at least 2016 and is now one of the most widespread banking trojans globally.
-
Oct 17, 2024 | 
securelist.com | Igor Kuznetsov |Boris Larin |Alexander Kryazhev |Denis Sitchikhin
On May 18, 2024, Kaspersky’s Global Research & Analysis Team (GReAT), with the help of its partners, held the qualifying stage of the SAS CTF, an international competition of cybersecurity experts held as part of the Security Analyst Summit conference. More than 800 teams from all over the world took part in the event, solving challenges based on real cases that Kaspersky GReAT encountered in its work, but a couple of challenges remained unsolved.
-
May 15, 2024 | 
mdpi.com | Ekaterina Lopukhova |Grigory S. Voronkov |Igor Kuznetsov |Vladislav S. Ivanov
All articles published by MDPI are made immediately available worldwide under an open access license. No specialpermission is required to reuse all or part of the article published by MDPI, including figures and tables. Forarticles published under an open access Creative Common CC BY license, any part of the article may be reused withoutpermission provided that the original article is clearly cited. For more information, please refer tohttps://www.mdpi.com/openaccess.
-
Dec 13, 2023 | 
securelist.com | Sergey Puzan |Anton Kivva |Igor Kuznetsov |Anna Pavlovskaya
IntroductionThe crimeware landscape is diverse. Cybercriminals try to capitalize on their victims in every possible way by distributing various types of malware designed for different platforms. In recent months, we have written private reports on a wide range of topics, such as new cross-platform ransomware, macOS stealers and malware distribution campaigns. In this article, we share excerpts from our reports on the FakeSG campaign, the Akira ransomware and the AMOS stealer.
-
Dec 1, 2023 | 
securelist.com | David Emm |Mert Degirmenci |Igor Kuznetsov |Marc Rivero
Targeted attacksEarlier this year, we reported on a new variant of SystemBC called DroxiDat that was deployed against a critical infrastructure target in South Africa. This proxy-capable backdoor was deployed alongside Cobalt Strike beacons. The incident occurred in the third and fourth week of March, as part of a small wave of attacks involving both DroxiDat and Cobalt Strike beacons around the world; and we believe this incident may have been the initial stage of a ransomware attack.
