Sherif Magdy

Sep 25, 2024 | securelist.com | Artem Ushkov |Sherif Magdy |Anna Pavlovskaya

While analyzing attacks on Russian organizations, our team regularly encounters overlapping tactics, techniques, and procedures (TTPs) among different cybercrime groups, and sometimes even shared tools. We recently discovered one such overlap: similar tools and tactics between two hacktivist groups – BlackJack and Twelve, which likely belong to a single cluster of activity.

Sep 24, 2024 | securelist.com | Anna Larkina |Flavio Negrini |Artem Ushkov |Sherif Magdy

Web tracking has become a pervasive aspect of our online experience. Whether we’re browsing social media, playing video games, shopping for products, or simply reading news articles, trackers are silently monitoring our online behavior, fueling the ceaseless hum of countless data centers worldwide. In this article, we’re going to explore various types of web trackers and present a detailed annual report that dissects their geographical distribution and organizational affiliations.

Sep 23, 2024 | securelist.com | Dmitry Kalinin |Artem Ushkov |Sherif Magdy |Fedor Sinitsyn

IntroductionWe sometimes come across modified applications when analyzing suspicious files. These are created in response to user requests for more customization options within the app or for new features that the official versions don’t have. Unfortunately, it’s not uncommon for popular mods to contain malware. This often happens because they’re distributed on unofficial websites that don’t have any moderation.

Sep 20, 2024 | securelist.com | Sherif Magdy |Fedor Sinitsyn |Yanis Zinchenko |Eduardo Ovalle

In the spring of 2024, posts with real people’s personal data began appearing on the -=TWELVE=- Telegram channel. Soon it was blocked for falling foul of the Telegram terms of service. The group stayed off the radar for several months, but as we investigated a late June 2024 attack, we found that it employed techniques identical to those of Twelve and relied on C2 servers linked to the threat actor. We are therefore confident that the group is still active and will probably soon resurface.

Sep 5, 2024 | securelist.com | Sherif Magdy |Anton Kivva |David Emm

Executive summaryTropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Our recent investigation has revealed that in 2024 they conducted persistent campaigns targeting a government entity in the Middle East, starting in June 2023.