Sergey Lozhkin

Jul 8, 2024 | securelist.com | Sergey Lozhkin |Alexey Antonov |Kaspersky ICS CERT |Georgy Kiguradze

In May 2024, we discovered a new advanced persistent threat (APT) targeting Russian government entities that we dubbed CloudSorcerer. It’s a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure. The malware leverages cloud resources as its command and control (C2) servers, accessing them through APIs using authentication tokens.

Jan 17, 2024 | securelist.com | Sergey Lozhkin |Anna Pavlovskaya |Kaspersky Security |Boris Larin

An overview of last year’s predictionsA data leakage is a broad term encompassing various types of information that become publicly available, or published for sale on the dark web or other shadow web sites. Leaked information may include internal corporate documents, databases, personal and work login credentials, and other types of data. Last year, we predicted that personal data and corporate email would increasingly be at risk, and the prediction proved largely accurate.

Dec 27, 2023 | securelist.com | Boris Larin |Sergey Puzan |Sergey Lozhkin |Anna Pavlovskaya

Today, on December 27, 2023, we (Boris Larin, Leonid Bezvershenko, and Georgy Kucherin) delivered a presentation, titled, “Operation Triangulation: What You Get When Attack iPhones of Researchers”, at the 37th Chaos Communication Congress (37C3), held at Congress Center Hamburg. The presentation summarized the results of our long-term research into Operation Triangulation, conducted with our colleagues, Igor Kuznetsov, Valentin Pashkov, and Mikhail Vinogradov.

Oct 26, 2023 | securelist.com | Sergey Belov |Vilen Kamalov |Sergey Lozhkin |Vasily Kolesnikov

IntroductionIt’s just another cryptocurrency miner… Nobody would even suspect the mining malware was merely a mask, masquerading behind an intricate modular framework that supports both Linux and Windows. It comes equipped with a built-in TOR network tunnel for communication with command servers, along with update and delivery functionality through trusted services such as GitLab, GitHub, and Bitbucket, all using custom encrypted archives.

Aug 14, 2023 | securelist.lat | Olga Svistunova |Kaspersky ICS CERT |Sergey Lozhkin |Tatyana Machneva

Los autores de las páginas de phishing buscan crearlas con el mínimo esfuerzo y quieren que, al mismo tiempo, les reporten el mayor lucro posible. Por lo tanto, están deseosos de utilizar diversas herramientas y técnicas para impedir que las detecten y así ahorrarse tiempo y esfuerzo. En particular, los estafadores usan phish-kits o bots de Telegram para automatizar el phishing.