Mirrors/APT_CyberCriminal_Campagin_Collections

mirror of https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections synced 2024-06-25 16:30:04 +00:00

Go to file

CyberMonitor 82ea64dae0 2019.08.22.Operation_TaskMasters		2020-03-31 13:48:52 +08:00
2006/2006.Wicked_Rose	update 2011	2019-01-02 16:45:27 +08:00
2008	old update	2018-08-12 07:45:39 +08:00
2009	move some history data into order	2019-08-14 18:05:03 +08:00
2010	update old stuff	2019-01-02 16:12:09 +08:00
2011	fix 2012	2019-11-27 16:31:48 +08:00
2012	fix 2012	2019-11-27 16:31:48 +08:00
2013	fixedd	2019-11-27 17:14:23 +08:00
2014	fix 2014	2019-08-16 10:24:05 +08:00
2015	fix 2015	2019-02-12 14:17:06 +08:00
2016	2019.05.29.TA505	2019-05-29 17:04:39 +08:00
2017	2017.04.10_Longhorn	2020-03-04 16:12:10 +08:00
2018	2018.09.07.indian-ministry_crimson-rat	2020-03-02 14:08:37 +08:00
2019	2019.08.22.Operation_TaskMasters	2020-03-31 13:48:52 +08:00
2020	2020.03.30_Spy_Cloud_Operation	2020-03-31 10:39:41 +08:00
historical	move some history data into order	2019-08-14 18:05:03 +08:00
other	2020.01.13.APT27_ZxShell_RootKit	2020-01-14 14:29:22 +08:00
Report	2020.03.12_Tracking_Turla	2020-03-13 13:52:34 +08:00
README.md	2019.08.22.Operation_TaskMasters	2020-03-31 13:48:52 +08:00

README.md

APT & Cybercriminals Campaign Collection

This is collections of APT and cybercriminals campaign. Please fire issue to me if any lost APT/Malware events/campaigns.

🤷The password of malware samples could be 'virus' or 'infected'

URL to PDF Tool

Print Friendly & PDF

Reference Resources

🔹 kbandla
🔹 APTnotes
🔹 Florian Roth - APT Groups
🔹 Attack Wiki
🔹 threat-INTel
🔹 targetedthreats
🔹 Raw Threat Intelligence
🔹 APT search
🔹 APT Sample by 0xffff0800 (https://iec56w4ibovnb4wc.onion.si/)
🔹 APT Map
🔹 sapphirex00 - Threat-Hunting
🔹 APTSimulator
🔹 MITRE Att&CK: Group
🔹 APT_REPORT collected by @blackorbird
🔹 Analysis of malware and Cyber Threat Intel of APT and cybercriminals groups
🔹 APT_Digital_Weapon

2020

Mar 30 - [Alyac] The 'Spy Cloud' Operation: Geumseong121 group carries out the APT attack disguising the evidence of North Korean defection | 📕
Mar 26 - [Kaspersky] iOS exploit chain deploys LightSpy feature-rich malware | 📕
Mar 25 - [FireEye] This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits | 📕
Mar 24 - [Kaspersky] WildPressure targets industrial-related entities in the Middle East | 📕
Mar 24 - [Trend Micro] Operation Poisoned News: Hong Kong Users Targeted With Mobile Malware via Local News Links | 📕
Mar 19 - [Trend Micro] Probing Pawn Storm : Cyberespionage Campaign Through Scanning, Credential Phishing and More | 📕
Mar 15 - [MalwareBytes] APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT | 📕
Mar 12 - [Checkpoint] Vicious Panda: The COVID Campaign | 📕
Mar 12 - [SecPulse] Two-tailed scorpion APT-C-23 | 📕
Mar 12 - [ESET] Tracking Turla: New backdoor delivered via Armenian watering holes | 📕
Mar 11 - [Trend Micro] Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan | 📕
Mar 10 - [Cybereason] WHO'S HACKING THE HACKERS: NO HONOR AMONG THIEVES | 📕
Mar 05 - [Trend Micro] Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks | 📕
Mar 05 - [ESET] Guildma: The Devil drives electric | 📕
Mar 03 - [F5] New Perl Botnet (Tuyul) Found with Possible Indonesian Attribution | 📕
Mar 03 - [Yoroi] The North Korean Kimsuky APT keeps threatening South Korea evolving its TTPs | 📕
Mar 02 - [Telsy] APT34 (AKA OILRIG, AKA HELIX KITTEN) ATTACKS LEBANON GOVERNMENT ENTITIES WITH MAILDROPPER IMPLANTS | 📕
Feb 28 - [Qianxin] Nortrom_Lion_APT | 📕
Feb 25 - [Sophos] ‘Cloud Snooper’ Attack Bypasses Firewall Security Measures | 📕
Feb 22 - [Objective-See] Weaponizing a Lazarus Group Implant | 📕
Feb 21 - [AhnLab] MyKings Botnet | 📕
Feb 18 - [Trend Micro] Operation DRBControl | 📕
Feb 17 - [Yoroi] Cyberwarfare: A deep dive into the latest Gamaredon Espionage Campaign | 📕
Feb 17 - [Talent-Jump] CLAMBLING - A New Backdoor Base On Dropbox (EN) | 📕
Feb 17 - [ClearSky] Fox Kitten Campaign | 📕
Feb 13 - [Cybereason] NEW CYBER ESPIONAGE CAMPAIGNS TARGETING PALESTINIANS - PART 2: THE DISCOVERY OF THE NEW, MYSTERIOUS PIEROGI BACKDOOR | 📕
Feb 10 - [Trend Micro] Outlaw Updates Kit to Kill Older Miner Versions, Targets More Systems | 📕
Feb 03 - [PaloAlto Networks] Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations | 📕
Jan 31 - [ESET] Winnti Group targeting universities in Hong Kong | 📕
Jan 16 - [CISCO] JhoneRAT: Cloud based python RAT targeting Middle Eastern countries | 📕
Jan 13 - [ShellsSystems] Reviving MuddyC3 Used by MuddyWater (IRAN) APT | 📕
Jan 13 - [Lab52] APT27 ZxShell RootKit module updates | 📕
Jan 09 - [Dragos] The State of Threats to Electric Entities in North America | 📕
Jan 08 - [Kaspersky] Operation AppleJeus Sequel | 📕
Jan 07 - [Recorded Future] Iranian Cyber Response to Death of IRGC Head Would Likely Use Reported TTPs and Previous Access | 📕
Jan 07 - [NCA] Destructive Attack: DUSTMAN | 📕
Jan 06 - [Trend Micro] First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group | 📕
Jan 01 - [WeiXin] Pakistan Sidewinder APT Attack | 📕

2019

Dec 29 - [Dell] BRONZE PRESIDENT Targets NGOs | 📕
Dec 26 - [Pedro Tavares] Targeting Portugal: A new trojan ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax | 📕
Dec 19 - [FoxIT] Operation Wocao | 📕
Dec 17 - [PaloAlto] Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia | 📕
Dec 17 - [360] Dacls, the Dual platform RAT | 📕
Dec 12 - [Trend Micro] Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry | 📕
Dec 12 - [Microsoft] GALLIUM: Targeting global telecom | 📕
Dec 12 - [Recorded Future] Operation Gamework: Infrastructure Overlaps Found Between BlueAlpha and Iranian APTs | 📕
Dec 11 - [Trend Micro] Waterbear is Back, Uses API Hooking to Evade Security Product Detection | 📕
Dec 06 - [SCILabs] Cosmic Banker campaign is still active revealing link with Banload malware | 📕
Dec 04 - [IBM] New Destructive Wiper “ZeroCleare” Targets Energy Sector in the Middle East | 📕
Dec 04 - [Trend Micro] Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign | 📕
Dec 03 - [NSHC] Threat Actor Targeting Hong Kong Pro-Democracy Figures | 📕
Nov 29 - [Trend Micro] Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK | 📕
Nov 28 - [Kaspersky] RevengeHotels: cybercrime targeting hotel front desks worldwide | 📕
Nov 26 - [Microsoft] Insights from one year of tracking a polymorphic threat: Dexphot | 📕
Nov 25 - [Positive] Studying Donot Team | 📕
Nov 21 - [ESET] Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon | 📕
Nov 20 - [360] Golden Eagle (APT-C-34) | 📕
Nov 20 - [Trend Micro] Mac Backdoor Linked to Lazarus Targets Korean Users | 📕
Nov 13 - [Trend Micro] More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting | 📕
Nov 12 - [Marco Ramilli] TA-505 Cybercrime on System Integrator Companies | 📕
Nov 08 - [Kapsersky] Titanium: the Platinum group strikes again | 📕
Nov 05 - [Telsy] THE LAZARUS’ GAZE TO THE WORLD: WHAT IS BEHIND THE FIRST STONE ? | 📕
Nov 04 - [Tencent] Higaisa APT | 📕
Nov 04 - [Marcoramilli] Is Lazarus/APT38 Targeting Critical Infrastructures | 📕
Nov 01 - [Kaspersky] Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium | 📕
Oct 31 - [Fireeye] MESSAGETAP: Who’s Reading Your Text Messages? | 📕
Oct 28 - [Marco Ramilli] SWEED Targeting Precision Engineering Companies in Italy | 📕
Oct 21 - [ESET] Winnti Group’s skip‑2.0: A Microsoft SQL Server backdoor | 📕
Oct 21 - [VB] Geost botnet. The story of the discovery of a new Android banking trojan from an OpSec error | 📕
Oct 17 - [ESET] Operation Ghost: The Dukes aren’t back – they never left | 📕
Oct 15 - [Fireeye] LOWKEY: Hunting for the Missing Volume Serial ID | 📕
Oct 14 - [Marco Ramilli] Is Emotet gang targeting companies with external SOC? | 📕
Oct 14 - [Exatrack] From tweet to rootkit | 📕
Oct 14 - [Crowdstrike] HUGE FAN OF YOUR WORK: TURBINE PANDA | 📕
Oct 10 - [Fireeye] Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques | 📕
Oct 10 - [ESET] CONNECTING THE DOTS Exposing the arsenal and methods of the Winnti Group | 📕
Oct 10 - [ESET] Attor, a spy platform with curious GSM fingerprinting | 📕
Oct 09 - [Trend Micro] FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops | 📕
Oct 07 - [CERT-FR] Supply chain attacks: threats targeting service providers and design offices | 📕
Oct 07 - [Clearsky] The Kittens Are Back in Town 2 – Charming Kitten Campaign Keeps Going on, Using New Impersonation Methods | 📕
Oct 07 - [Anomali] China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations | 📕
Oct 04 - [Avest] GEOST BOTNET. THE STORY OF THE DISCOVERY OF A NEW ANDROID BANKING TROJAN FROM AN OPSEC ERROR | 📕
Oct 03 - [Palo Alto Networks] PKPLUG: Chinese Cyber Espionage Group Attacking Asia | 📕
Oct 01 - [Netskope] New Adwind Campaign targets US Petroleum Industry | 📕
Oct 01 - [Trend Micro] New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign | 📕
Sep 30 - [Lastline] HELO Winnti: Attack or Scan? | 📕
Sep 26 - [GBHackers] Chinese APT Hackers Attack Windows Users via FakeNarrator Malware to Implant PcShare Backdoor | 📕
Sep 24 - [Telsy] DeadlyKiss APT | 📕
Sep 24 - [CISCO] How Tortoiseshell created a fake veteran hiring website to host malware | 📕
Sep 24 - [CheckPoint] Mapping the connections inside Russia’s APT Ecosystem | 📕
Sep 18 - [Symantec] Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks | 📕
Sep 18 - [Trend Micro] Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites | 📕
Sep 15 - [Clearsky] The Kittens Are Back in Town Charming Kitten Campaign Against Academic Researchers | 📕
Sep 11 - [MeltX0R Security] RANCOR APT: Suspected targeted attacks against South East Asia | 📕
Sep 09 - [Symantec] Thrip: Ambitious Attacks Against High Level Targets Continue | 📕
Sep 06 - [MeltX0R Security] BITTER APT: Not So Sweet | 📕
Sep 05 - [CheckPoint] UPSynergy: Chinese-American Spy vs. Spy Story | 📕
Sep 04 - [Trend Micro] Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions | 📕
Aug 31 - [StrangerealIntel] Malware analysis on Bitter APT campaign | 📕
Aug 29 - [AhnLab] Tick Tock - Activities of the Tick Cyber Espionage Group in East Asia Over the Last 10 Years | 📕
Aug 29 - [Trend Micro] ‘Heatstroke’ Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information | 📕
Aug 29 - [IBM] More_eggs, Anyone? Threat Actor ITG08 Strikes Again | 📕
Aug 29 - [NSHC] SectorJ04 Group’s Increased Activity in 2019 | 📕
Aug 27 - [StrangerealIntel] Malware analysis about sample of APT Patchwork | 📕
Aug 27 - [Dell] LYCEUM Takes Center Stage in Middle East Campaign | 📕
Aug 27 - [CISCO] China Chopper still active 9 years later | 📕
Aug 27 - [Trend Micro] TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy | 📕
Aug 26 - [QianXin] APT-C-09 Reappeared as Conflict Intensified Between India and Pakistan | 📕
Aug 22 - [PTsecurity] Operation TaskMasters: Cyberespionage in the digital economy age | 📕
Aug 21 - [Fortinet] The Gamaredon Group: A TTP Profile Analysis | 📕
Aug 21 - [Group-IB] Silence 2.0 | 📕
Aug 20 - [StrangerealIntel] Malware analysis about unknown Chinese APT campaign | 📕
Aug 14 - [ESET] In the Balkans, businesses are under fire from a double‑barreled weapon | 📕
Aug 12 - [Kaspersky] Recent Cloud Atlas activity| 📕
Aug 08 - [Anomali] Suspected BITTER APT Continues Targeting Government of China and Chinese Organizations | 📕
Aug 07 - [FireEye] APT41: A Dual Espionage and Cyber Crime Operation | 📕
Aug 05 - [Trend Micro] Latest Trickbot Campaign Delivered via Highly Obfuscated JS File | 📕
Aug 05 - [ESET] Sharpening the Machete | 📕
Aug 01 - [Anity] Analysis of the Attack of Mobile Devices by OceanLotus | 📕
Jul 24 - [Dell] Resurgent Iron Liberty Targeting Energy Sector | 📕
Jul 24 - [] Attacking the Heart of the German Industry | 📕
Jul 24 - [Proofpoint] Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia | 📕
Jul 18 - [FireEye] Hard Pass: Declining APT34’s Invite to Join Their Professional Network | 📕
Jul 18 - [Trend Micro] Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C | 📕
Jul 18 - [ESET] OKRUM AND KETRICAN: AN OVERVIEW OF RECENT KE3CHANG GROUP ACTIVITY | 📕
Jul 17 - [Intezer] EvilGnome: Rare Malware Spying on Linux Desktop Users | 📕
Jul 16 - [Trend Micro] SLUB Gets Rid of GitHub, Intensifies Slack Use | 📕
Jul 15 - [CISCO] SWEED: Exposing years of Agent Tesla campaigns | 📕
Jul 11 - [ESET] Buhtrap group uses zero‑day in latest espionage campaigns | 📕
Jul 09 - [CISCO] Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques | 📕
Jul 04 - [Kaspersky] Twas the night before | 📕
Jul 04 - [Trend Micro] Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi | 📕
Jul 03 - [Anomali] Multiple Chinese Threat Groups Exploiting CVE-2018-0798 Equation Editor Vulnerability Since Late 2018 | 📕
Jul 01 - [Check Point] Operation Tripoli | 📕
Jul 01 - [Cylance] Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus | 📕
Jun 27 - [Trend Micro] ShadowGate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit | 📕
Jun 26 - [Recorded Future] Iranian Threat Actor Amasses Large Cyber Operations Infrastructure Network to Target Saudi Organizations | 📕
Jun 25 - [QianXin] Analysis of MuddyC3, a New Weapon Used by MuddyWater | 📕
Jun 25 - [Cybereason] OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS | 📕
Jun 21 - [Symantec] Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments | 📕
Jun 20 - [QianXin] New Approaches Utilized by OceanLotus to Target An Environmental Group in Vietnam | 📕
Jun 12 - [ThaiCERT] Threat Group Cards: A Threat Actor Encyclopedia | 📕
Jun 11 - [Recorded Future] The Discovery of Fishwrap: A New Social Media Information Operation Methodology | 📕
Jun 10 - [Trend Micro] MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools | 📕
Jun 05 - [Agari] Scattered Canary The Evolution and Inner Workings of a West African Cybercriminal Startup Turned BEC Enterprise | 📕
Jun 04 - [Bitdefender] An APT Blueprint: Gaining New Visibility into Financial Threats | 📕
Jun 03 - [Kaspersky] Zebrocy’s Multilanguage Malware Salad | 📕
May 30 - [CISCO] 10 years of virtual dynamite: A high-level retrospective of ATM malware | 📕
May 29 - [ESET] A dive into Turla PowerShell usage | 📕
May 29 - [Yoroi] TA505 is Expanding its Operations | 📕
May 28 - [Palo Alto Networks] Emissary Panda Attacks Middle East Government Sharepoint Servers | 📕
May 27 - [360] APT-C-38 | 📕
May 24 - [ENSILO] UNCOVERING NEW ACTIVITY BY APT10 | 📕
May 22 - [ESET] A journey to Zebrocy land | 📕
May 19 - [Intezer] HiddenWasp Malware Stings Targeted Linux Systems | 📕
May 18 - [ADLab] Operation_BlackLion | 📕
May 15 - [Chronicle] Winnti: More than just Windows and Gates | 📕
May 13 - [Kaspersky] ScarCruft continues to evolve, introduces Bluetooth harvester | 📕
May 11 - [Sebdraven] Chinese Actor APT target Ministry of Justice Vietnamese | 📕
May 09 - [Clearsky] Iranian Nation-State APT Groups – “Black Box” Leak | 📕
May 08 - [Kaspersky] FIN7.5: the infamous cybercrime rig “FIN7” continues its activities | 📕
May 08 - [QianXin] OceanLotus’ Attacks to Indochinese Peninsula: Evolution of Targets, Techniques and Procedure | 📕
May 07 - [Yoroi] ATMitch: New Evidence Spotted In The Wild | 📕
May 07 - [ESET] Turla LightNeuron: An email too far | 📕
May 07 - [Symantec] Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak | 📕
May 03 - [Kaspersky] Who’s who in the Zoo Cyberespionage operation targets Android users in the Middle East | 📕
Apr 30 - [ThreatRecon] SectorB06 using Mongolian language in lure document | 📕
Apr 24 - [CyberInt] legit remote admin tools turn into threat actors' tools | 📕
Apr 23 - [Kaspersky] Operation ShadowHammer: a high-profile supply chain attack | 📕
Apr 22 - [CheckPoint] FINTEAM: Trojanized TeamViewer Against Government Targets | 📕
Apr 19 - [MalwareBytes] “Funky malware format” found in Ocean Lotus sample | 📕
Apr 17 - [Palo Alto Networks] Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign | 📕
Apr 17 - [CISCO] DNS Hijacking Abuses Trust In Core Internet Service | 📕
Apr 10 - [CheckPoint] The Muddy Waters of APT Attacks | 📕
Apr 10 - [Kaspersky] Project TajMahal – a sophisticated new APT framework | 📕
Apr 10 - [Kaspersky] Gaza Cybergang Group1, operation SneakyPastes | 📕
Apr 02 - [Cylance] OceanLotus Steganography | 📕
Mar 28 - [Trend Micro] Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole | 📕
Mar 28 - [C4ADS] Above Us Only Stars: Exposing GPS Spoofing in Russia and Syria | 📕
Mar 28 - [ThreatRecon] Threat Actor Group using UAC Bypass Module to run BAT File | 📕
Mar 27 - [Symantec] Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S. | 📕
Mar 25 - [Kaspersky] Operation ShadowHammer | 📕
Mar 22 - [Netscout] LUCKY ELEPHANT CAMPAIGN MASQUERADING | 📕
Mar 13 - [CISCO] GlitchPOS: New PoS malware for sale | 📕
Mar 13 - [FlashPoint] ‘DMSniff’ POS Malware Actively Leveraged to Target Small-, Medium-Sized Businesses | 📕
Mar 13 - [CheckPoint] Operation Sheep: Pilfer-Analytics SDK in Action | 📕
Mar 12 - [Pala Alto Network] Operation Comando: How to Run a Cheap and Effective Credit Card Business | 📕
Mar 11 - [ESET] Gaming industry still in the scope of attackers in Asia | 📕
Mar 08 - [Resecurity] Supply Chain – The Major Target of Cyberespionage Groups | 📕
Mar 07 - [Trend Micro] New SLUB Backdoor Uses GitHub, Communicates via Slack | 📕
Mar 06 - [Cybaze-Yoroi Z-LAB] Operation Pistacchietto | 📕
Mar 06 - [NTT] Targeted attack using Taidoor Analysis report | 📕
Mar 06 - [Symantec] Whitefly: Espionage Group has Singapore in Its Sights | 📕
Mar 04 - [FireEye] APT40: Examining a China-Nexus Espionage Actor | 📕
Feb 28 - [Marco Ramilli] Ransomware, Trojan and Miner together against “PIK-Group” | 📕
Feb 27 - [Dell] A Peek into BRONZE UNION’s Toolbox | 📕
Feb 26 - [Cybaze-Yoroi Z-LAB] The Arsenal Behind the Australian Parliament Hack | 📕
Feb 25 - [CarbonBlack] Defeating Compiler Level Obfuscations Used in APT10 Malware | 📕
Feb 20 - [SecureSoft] IT IS IDENTIFIED ATTACKS OF THE CIBERCRIMINAL LAZARUS GROUP DIRECTED TO ORGANIZATIONS IN RUSSIA | 📕
Feb 18 - [360] APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations | 📕
Feb 14 - [360] Suspected Molerats' New Attack in the Middle East | 📕
Feb 06 - [Recorded Future] APT10 Targeted Norwegian MSP and US Companies in Sustained Campaign | 📕
Feb 05 - [Anomali] Analyzing Digital Quartermasters in Asia – Do Chinese and Indian APTs Have a Shared Supply Chain? | 📕
Feb 01 - [Palo Alto Networks] Tracking OceanLotus’ new Downloader, KerrDown | 📕
Jan 30 - [Kaspersky] Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities | 📕
Jan 30 - [NSHC] The Double Life of SectorA05 Nesting in Agora (Operation Kitty Phishing | 📕
Jan 30 - [Morphisec] NEW CAMPAIGN DELIVERS ORCUS RAT | 📕
Jan 24 - [Carbon Black] GandCrab and Ursnif Campaign | 📕
Jan 18 - [Palo Alto Networks] DarkHydrus delivers new Trojan that can use Google Drive for C2 communications | 📕
Jan 17 - [Palo Alto Networks] Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security Products | 📕
Jan 16 - [360] Latest Target Attack of DarkHydruns Group Against Middle East | 📕

2018

Dec 28 - [Medium] Goblin Panda changes the dropper and reuses the old infrastructure | 📕
Dec 27 - [Cybaze-Yoroi Z-LAB] The Enigmatic “Roma225” Campaign | 📕
Dec 20 - [Objective-See] Middle East Cyber-Espionage: analyzing WindShift's implant: OSX.WindTail| 📕
Dec 18 - [Trend Micro] URSNIF, EMOTET, DRIDEX and BitPaymer Gangs Linked by a Similar Loader | 📕
Dec 13 - [Certfa] The Return of The Charming Kitten | 📕
Dec 13 - [Trend Micro] Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak | 📕
Dec 13 - [Palo Alto Networks] Shamoon 3 Targets Oil and Gas Organization | 📕
Dec 12 - [McAfee] ‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure | 📕
Dec 12 - [360] Donot (APT-C-35) Group Is Targeting Pakistani Businessman Working In China | 📕
Dec 11 - [Cylance] Poking the Bear: Three-Year Campaign Targets Russian Critical Infrastructure | 📕
Nov ?? - [Google] The Hunt for 3ve | 📕
Nov 30 - [Trend Micro] New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools | 📕
Nov 29 - [360] Analysis Of Targeted Attack Against Pakistan By Exploiting InPage Vulnerability And Related APT Groups | 📕
Nov 28 - [Microsoft] Windows Defender ATP device risk score exposes new cyberattack, drives Conditional access to protect networks | 📕
Nov 28 - [Clearsky] MuddyWater Operations in Lebanon and Oman | 📕
Nov 27 - [CISCO] DNSpionage Campaign Targets Middle East | 📕
Nov 20 - [Trend Micro] Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America | 📕
Nov 19 - [FireEye] Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign | 📕
Nov 13 - [Recorded Future] Chinese Threat Actor TEMP.Periscope Targets UK-Based Engineering Company Using Russian APT Techniques | 📕
Nov 08 - [Symantec] FASTCash: How the Lazarus Group is Emptying Millions from ATMs | 📕
Nov 05 - [Palo Alto Networks] Inception Attackers Target Europe with Year-old Office Vulnerability | 📕
Oct 19 - [Kaspersky] DarkPulsar | 📕
Oct 18 - [Medium] APT Sidewinder changes theirs TTPs to install their backdoor | 📕
Oct 18 - [CISCO] Tracking Tick Through Recent Campaigns Targeting East Asia | 📕
Oct 18 - [McAfee] Operation Oceansalt Attacks South Korea, U.S. and Canada with Source Code from Chinese Hacker Group | 📕
Oct 17 - [Marco Ramilli] MartyMcFly Malware: Targeting Naval Industry | 📕
Oct 17 - [Cylance] The SpyRATs of OceanLotus: Malware Analysis White Paper | 📕
Oct 17 - [ESET] GreyEnergy: Updated arsenal of one of the most dangerous threat actors | 📕
Oct 17 - [Yoroi] Cyber-Espionage Campaign Targeting the Naval Industry (“MartyMcFly”) | 📕
Oct 15 - [Kaspersky] Octopus-infested seas of Central Asia | 📕
Oct 11 - [Symantec] Gallmaker: New Attack Group Eschews Malware to Live off the Land | 📕
Oct 10 - [Kaspersky] MuddyWater expands operations | 📕
Oct 03 - [FireEye] APT38: Details on New North Korean Regime-Backed Threat Group | 📕
Sep 27 - [ESET] LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group | 📕
Sep 20 - [360] (Non-English) (CN) PoisonVine | 📕
Sep 13 - [FireEye] APT10 Targeting Japanese Corporations Using Updated TTPs | 📕
Sep 10 - [Kaspersky] LuckyMouse signs malicious NDISProxy driver with certificate of Chinese IT company | 📕
Sep 07 - [Volon] Targeted Attack on Indian Ministry of External Affairs using Crimson RAT | 📕
Sep 07 - [CheckPoint] Domestic Kitten: An Iranian Surveillance Operation | 📕
Sep 07 - [Medium] Goblin Panda targets Cambodia sharing capacities with another Chinese group hackers Temp Periscope | 📕
Sep 04 - [Palo Alto Networks] OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE | 📕
Sep 04 - [Group-IB] Silence: Moving into the darkside | 📕
Aug 30 - [MalwareBytes] Reversing malware in a custom format: Hidden Bee elements | 📕
Aug 30 - [CrowdStrike] Two Birds, One STONE PANDA | 📕
Aug 30 - [Arbor] Double the Infection, Double the Fun | 📕
Aug 30 - [Dark Matter] COMMSEC: The Trails of WINDSHIFT APT | 📕
Aug 29 - [Trend Micro] The Urpage Connection to Bahamut, Confucius and Patchwork | 📕
Aug 28 - [CheckPoint] CeidPageLock: A Chinese RootKit | 📕
Aug 23 - [Kaspersky] Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware | 📕
Aug 21 - [ESET] TURLA OUTLOOK BACKDOOR | 📕
Aug 21 - [Trend Micro] Supply Chain Attack Operation Red Signature Targets South Korean Organizations | 📕
Aug 16 - [Recorded Future] Chinese Cyberespionage Originating From Tsinghua University Infrastructure | 📕
Aug 09 - [McAfee] Examining Code Reuse Reveals Undiscovered Links Among North Korea’s Malware Families | 📕
Aug 02 - [Accenture] Goldfin Security Alert | 📕
Aug 02 - [Palo Alto Networks] The Gorgon Group: Slithering Between Nation State and Cybercrime | 📕
Aug 02 - [Medium] Goblin Panda against the Bears | 📕
Aug 01 - [Medium] Malicious document targets Vietnamese officials | 📕
Jul 31 - [Palo Alto Networks] Bisonal Malware Used in Attacks Against Russia and South Korea | 📕
Jul 31 - [Medium] Malicious document targets Vietnamese officials | 📕
Jul 27 - [Palo Alto Networks] New Threat Actor Group DarkHydrus Targets Middle East Government | 📕
Jul 23 - [CSE] APT27: A long-term espionage campaign in Syria | 📕
Jul 16 - [Trend Micro] New Andariel Reconnaissance Tactics Hint At Next Targets | 📕
Jul 13 - [CSE] Operation Roman Holiday – Hunting the Russian APT28 group | 📕
Jul 12 - [CISCO] Advanced Mobile Malware Campaign in India uses Malicious MDM | 📕
Jul 09 - [ESET] Certificates stolen from Taiwanese tech-companies misused in Plead malware campaign | 📕
Jul 08 - [CheckPoint] APT Attack In the Middle East: The Big Bang | 📕
Jul 08 - [Fortinet] Hussarini – Targeted Cyber Attack in the Philippines | 📕
Jun XX - [Ahnlab] Operation Red Gambler | 📕
Jun 26 - [Palo Alto Networks] RANCOR: Targeted Attacks in South East Asia Using PLAINTEE and DDKONG Malware Families | 📕
Jun 23 - [Ahnlab] Full Discloser of Andariel,A Subgroup of Lazarus Threat Group | 📕
Jun 22 - [Palo Alto networks] Tick Group Weaponized Secure USB Drives to Target Air-Gapped Critical Systems | 📕
Jun 20 - [Symantec] Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies | 📕
Jun 19 - [Kaspersky] Olympic Destroyer is still alive | 📕
Jun 14 - [Trend Micro] Another Potential MuddyWater Campaign uses Powershell-based PRB-Backdoor | 📕
Jun 14 - [intezer] MirageFox: APT15 Resurfaces With New Tools Based On Old Ones | 📕
Jun 13 - [Kaspersky] LuckyMouse hits national data center to organize country-level waterholing campaign | 📕
Jun 07 - [Volexity] Patchwork APT Group Targets US Think Tanks | 📕
Jun 07 - [ICEBRG] ADOBE FLASH ZERO-DAY LEVERAGED FOR TARGETED ATTACK IN MIDDLE EAST | 📕
Jun 07 - [FireEye] A Totally Tubular Treatise on TRITON and TriStation | 📕
Jun 06 - [CISCO] VPNFilter Update - VPNFilter exploits endpoints, targets new devices | 📕
Jun 06 - [GuardiCore] OPERATION PROWLI: MONETIZING 40,000 VICTIM MACHINES | 📕
Jun 06 - [Palo Alto Networks] Sofacy Group’s Parallel Attacks | 📕
May 31 - [CISCO] NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea | 📕
May 29 - [intezer] Iron Cybercrime Group Under The Scope | 📕
May 23 - [CISCO] New VPNFilter malware targets at least 500K networking devices worldwide | 📕
May 23 - [Ahnlab] Andariel Group Trend Report | 📕
May 23 - [Trend Micro] Confucius Update: New Tools and Techniques, Further Connections with Patchwork | 📕
May 22 - [Intrusiontruth] The destruction of APT3 | 📕
May 22 - [ESET] Turla Mosquito: A shift towards more generic tools | 📕
May 09 - [Recorded Future] Iran’s Hacker Hierarchy Exposed | 📕
May 09 - [360] Analysis of CVE-2018-8174 VBScript 0day and APT actor related to Office targeted attack | 📕
May 03 - [ProtectWise] Burning Umbrella | 📕
May 03 - [Kaspersky] Who’s who in the Zoo: Cyberespionage operation targets Android users in the Middle East | 📕
May 03 - [Ahnlab] Detailed Analysis of Red Eyes Hacking Group | 📕
Apr 27 - [Tencent] OceanLotus new malware analysis | 📕
Apr 26 - [CISCO] GravityRAT - The Two-Year Evolution Of An APT Targeting India | 📕
Apr 24 - [FireEye] Metamorfo Campaigns Targeting Brazilian Users | 📕
Apr 24 - [McAfee] Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide | 📕
Apr 24 - [ESET] Sednit update: Analysis of Zebrocy | 📕
Apr 23 - [Accenture] HOGFISH REDLEAVES CAMPAIGN | 📕
Apr 23 - [Symantec] New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia | 📕
Apr 23 - [Kaspersky] Energetic Bear/Crouching Yeti: attacks on servers | 📕
Apr 17 - [NCCGroup] Decoding network data from a Gh0st RAT variant | 📕
Apr 12 - [Kaspersky] Operation Parliament, who is doing what? | 📕
Apr 04 - [Trend Micro] New MacOS Backdoor Linked to OceanLotus Found | 📕
Mar 29 - [Trend Micro] ChessMaster Adds Updated Tools to Its Arsenal | 📕
Mar 27 - [Arbor] Panda Banker Zeros in on Japanese Targets | 📕
Mar 23 - [Ahnlab] Targeted Attacks on South Korean Organizations | 📕
Mar 15 - [US-CERT] Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors | 📕
Mar 14 - [Symantec] Inception Framework: Alive and Well, and Hiding Behind Proxies | 📕
Mar 14 - [Trend Micro] Tropic Trooper’s New Strategy | 📕
Mar 13 - [FireEye] Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign | 📕
Mar 13 - [Kaspersky] Time of death? A therapeutic postmortem of connected medicine | 📕
Mar 13 - [Proofpoint] Drive-by as a service: BlackTDS | 📕
Mar 13 - [ESET] OceanLotus: Old techniques, new backdoor | 📕
Mar 12 - [Trend Micro] Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia | 📕
Mar 09 - [Kaspersky] Masha and these Bears 2018 Sofacy Activity | 📕
Mar 09 - [NCC] APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS | 📕
Mar 09 - [ESET] New traces of Hacking Team in the wild | 📕
Mar 08 - [McAfee] Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant | 📕
Mar 08 - [Kaspersky] OlympicDestroyer is here to trick the industry | 📕
Mar 08 - [Arbor] Donot Team Leverages New Modular Malware Framework in South Asia | 📕
Mar 08 - [Crysys] Territorial Dispute – NSA’s perspective on APT landscape | 📕
Mar 07 - [Palo Alto Networks] Patchwork Continues to Deliver BADNEWS to the Indian Subcontinent | 📕
Mar 06 - [Kaspersky] The Slingshot APT | 📕
Mar 05 - [Palo Alto Networks] Sure, I’ll take that! New ComboJack Malware Alters Clipboards to Steal Cryptocurrency | 📕
Mar 02 - [McAfee] McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups | 📕
Mar 01 - [Security 0wnage] A Quick Dip into MuddyWater's Recent Activity | 📕
Feb 28 - [Palo Alto Networks] Sofacy Attacks Multiple Government Entities | 📕
Feb 28 - [Symantec] Chafer: Latest Attacks Reveal Heightened Ambitions | 📕
Feb 21 - [Avast] Avast tracks down Tempting Cedar Spyware | 📕
Feb 20 - [Arbor] Musical Chairs Playing Tetris | 📕
Feb 20 - [Kaspersky] A Slice of 2017 Sofacy Activity | 📕
Feb 20 - [FireEye] APT37 (Reaper): The Overlooked North Korean Actor | 📕
Feb 13 - [Trend Micro] Deciphering Confucius’ Cyberespionage Operations | 📕
Feb 13 - [RSA] Lotus Blossom Continues ASEAN Targeting | 📕
Feb 07 - [CISCO] Targeted Attacks In The Middle East | 📕
Feb 02 - [McAfee] Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems | 📕
Feb 01 - [Bitdefender] Operation PZChao: a possible return of the Iron Tiger APT | 📕
Jan 30 - [Palo Alto Networks] Comnie Continues to Target Organizations in East Asia | 📕
Jan 30 - [RSA] APT32 Continues ASEAN Targeting | 📕
Jan 29 - [Trend Micro] Hacking Group Spies on Android Users in India Using PoriewSpy | 📕
Jan 29 - [Palo Alto Networks] VERMIN: Quasar RAT and Custom Malware Used In Ukraine | 📕
Jan 27 - [Accenture] DRAGONFISH DELIVERS NEW FORM OF ELISE MALWARE TARGETING ASEAN DEFENCE MINISTERS’ MEETING AND ASSOCIATES | 📕
Jan 26 - [Palo Alto Networks] The TopHat Campaign: Attacks Within The Middle East Region Using Popular Third-Party Services | 📕
Jan 25 - [Palo Alto Networks] OilRig uses RGDoor IIS Backdoor on Targets in the Middle East | 📕
Jan 24 - [Trend Micro] Lazarus Campaign Targeting Cryptocurrencies Reveals Remote Controller Tool, an Evolved RATANKBA, and More | 📕
Jan 18 - [NCSC] Turla group update Neuron malware | 📕
Jan 17 - [Lookout] Dark Caracal | 📕
Jan 16 - [Kaspersky] Skygofree: Following in the footsteps of HackingTeam | 📕
Jan 16 - [Recorded Future] North Korea Targeted South Korean Cryptocurrency Users and Exchange in Late 2017 Campaign | 📕
Jan 16 - [CISCO] Korea In The Crosshairs | 📕
Jan 15 - [Trend Micro] New KillDisk Variant Hits Financial Organizations in Latin America | 📕
Jan 12 - [Trend Micro] Update on Pawn Storm: New Targets and Politically Motivated Campaigns | 📕
Jan 11 - [McAfee] North Korean Defectors and Journalists Targeted Using Social Networks and KakaoTalk | 📕
Jan 09 - [ESET] Diplomats in Eastern Europe bitten by a Turla mosquito | 📕
Jan 07 - [Clearsky] Operation DustySky | 📕
Jan 06 - [McAfee] Malicious Document Targets Pyeongchang Olympics | 📕
Jan 04 - [Carnegie] Iran’s Cyber Threat: Espionage, Sabotage, and Revenge | 📕

2017

Dec 19 - [Proofpoint] North Korea Bitten by Bitcoin Bug: Financially motivated campaigns reveal new dimension of the Lazarus Group | 📕
Dec 17 - [McAfee] Operation Dragonfly Analysis Suggests Links to Earlier Attacks | 📕
Dec 14 - [FireEye] Attackers Deploy New ICS Attack Framework “TRITON” and Cause Operational Disruption to Critical Infrastructure | 📕
Dec 11 - [Group-IB] MoneyTaker, revealed after 1.5 years of silent operations. | 📕
Dec 11 - [Trend Micro] Untangling the Patchwork Cyberespionage Group | 📕
Dec 07 - [FireEye] New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit | 📕
Dec 05 - [ClearSky] Charming Kitten: Iranian Cyber Espionage Against Human Rights Activists, Academic Researchers and Media Outlets – And the HBO Hacker Connection | 📕
Dec 04 - [RSA] The Shadows of Ghosts: Inside the Response of a Unique Carbanak Intrusion | 📕
Nov 22 - [REAQTA] A dive into MuddyWater APT targeting Middle-East | 📕
Nov 14 - [Palo Alto Networks] Muddying the Water: Targeted Attacks in the Middle East | 📕
Nov 10 - [Palo Alto Networks] New Malware with Ties to SunOrcal Discovered | 📕
Nov 07 - [McAfee] Threat Group APT28 Slips Office Malware into Doc Citing NYC Terror Attack | 📕
Nov 07 - [Symantec] Sowbug: Cyber espionage group targets South American and Southeast Asian governments | 📕
Nov 06 - [Trend Micro] ChessMaster’s New Strategy: Evolving Tools and Tactics | 📕
Nov 06 - [Volexity] OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society | 📕
Nov 02 - [Palo Alto Networks] Recent InPage Exploits Lead to Multiple Malware Families | 📕
Nov 02 - [PwC] The KeyBoys are back in town | 📕
Nov 02 - [Clearsky] LeetMX – a Yearlong Cyber-Attack Campaign Against Targets in Latin America | 📕
Nov 02 - [RISKIQ] New Insights into Energetic Bear’s Watering Hole Attacks on Turkish Critical Infrastructure | 📕
Oct 31 - [Cybereason] Night of the Devil: Ransomware or wiper? A look into targeted attacks in Japan using MBR-ONI | 📕
Oct 30 - [Kaspersky] Gaza Cybergang – updated activity in 2017 | 📕
Oct 27 - [Bellingcat] Bahamut Revisited, More Cyber Espionage in the Middle East and South Asia | 📕
Oct 24 - [ClearSky] Iranian Threat Agent Greenbug Impersonates Israeli High-Tech and Cyber Security Companies | 📕
Oct 19 - [Bitdefender] Operation PZCHAO | 📕
Oct 16 - [BAE Systems] Taiwan Heist: Lazarus Tools And Ransomware | 📕
Oct 16 - [Kaspersky] BlackOasis APT and new targeted attacks leveraging zero-day exploit | 📕
OCt 16 - [Proofpoint] Leviathan: Espionage actor spearphishes maritime and defense targets | 📕
Oct 12 - [Dell] BRONZE BUTLER Targets Japanese Enterprises | 📕
Oct 10 - [Trustwave] Post Soviet Bank Heists | 📕
Oct 02 - [intezer] Evidence Aurora Operation Still Active Part 2: More Ties Uncovered Between CCleaner Hack & Chinese Hackers | 📕
Sep XX - [MITRE] APT3 Adversary Emulation Plan | 📕
Sep 28 - [Palo Alto Networks] Threat Actors Target Government of Belarus Using CMSTAR Trojan | 📕
Sep 20 - [intezer] Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner | 📕
Sep 20 - [FireEye] Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware | 📕
Sep 20 - [CISCO] CCleaner Command and Control Causes Concern | 📕
Sep 18 - [CISCO] CCleanup: A Vast Number of Machines at Risk | 📕
Sep 18 - [Kaspersky] An (un)documented Word feature abused by attackers| 📕
Sep 12 - [FireEye] FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY | 📕
Sep 06 - [Symantec] Dragonfly: Western energy sector targeted by sophisticated attack group | 📕
Sep 06 - [Treadstone 71] Intelligence Games in the Power Grid | 📕
Aug 30 - [ESET] Gazing at Gazer: Turla’s new second stage backdoor | 📕
Aug 30 - [Kaspersky] Introducing WhiteBear | 📕
Aug 25 - [Proofpoint] Operation RAT Cook: Chinese APT actors use fake Game of Thrones leaks as lures | 📕
Aug 18 - [RSA] Russian Bank Offices Hit with Broad Phishing Wave | 📕
Aug 17 - [Proofpoint] Turla APT actor refreshes KopiLuwak JavaScript backdoor for use in G20-themed attack | 📕
Aug 15 - [Palo Alto Networks] The Curious Case of Notepad and Chthonic: Exposing a Malicious Infrastructure | 📕
Aug 11 - [FireEye] APT28 Targets Hospitality Sector, Presents Threat to Travelers | 📕
Aug 08 - [Kaspersky] APT Trends report Q2 2017 | 📕
Aug 01 - [Positive Research] Cobalt strikes back: an evolving multinational threat to finance | 📕
Jul 27 - [Trend Micro] ChessMaster Makes its Move: A Look into the Campaign’s Cyberespionage Arsenal | 📕
Jul 27 - [Palo Alto Networks] OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group | 📕
Jul 27 - [Clearsky, Trend Micro] Operation Wilted Tulip | 📕
Jul 24 - [Palo Alto Networks] “Tick” Group Continues Attacks | 📕
Jul 18 - [Clearsky] Recent Winnti Infrastructure and Samples | 📕
Jul 18 - [Bitdefender] Inexsmar: An unusual DarkHotel campaign | 📕
Jul 11 - [ProtectWise] Winnti Evolution - Going Open Source | 📕
Jul 10 - [Trend Micro] OSX Malware Linked to Operation Emmental Hijacks User Network Traffic | 📕
Jul 06 - [Malware Party] Operation Desert Eagle | 📕
Jul 05 - [Citizen Lab] Insider Information: An intrusion campaign targeting Chinese language news sites | 📕
Jun 30 - [ESET] TeleBots are back: supply-chain attacks against Ukraine | 📕
Jun 30 - [Kaspersky] From BlackEnergy to ExPetr | 📕
Jun 26 - [Dell] Threat Group-4127 Targets Google Accounts | 📕
Jun 22 - [Palo Alto Networks] The New and Improved macOS Backdoor from OceanLotus | 📕
Jun 22 - [Trend Micro] Following the Trail of BlackTech’s Cyber Espionage Campaigns | 📕
Jun 19 - [root9B] SHELLTEA + POSLURP MALWARE: memory resident point-of-sale malware attacks industry | 📕
Jun 18 - [Palo Alto Networks] APT3 Uncovered: The code evolution of Pirpi | 📕
Jun 15 - [Recorded Future] North Korea Is Not Crazy | 📕
Jun 14 - [ThreatConnect] KASPERAGENT Malware Campaign resurfaces in the run up to May Palestinian Authority Elections | 📕
Jun 13 - [US-CERT] HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure | 📕
Jun 12 - [Dragos] CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations | 📕
Jun 12 - [ESET] WIN32/INDUSTROYER A new threat for industrial control systems | 📕
May 30 - [Group-IB] Lazarus Arisen: Architecture, Techniques and Attribution | 📕
May 24 - [Cybereason] OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP | 📕
May 14 - [FireEye] Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations | 📕
May 03 - [Palo Alto Networks] Kazuar: Multiplatform Espionage Backdoor with API Access | 📕
May 03 - [CISCO] KONNI: A Malware Under The Radar For Years | 📕
Apr 27 - [Morphisec] Iranian Fileless Attack Infiltrates Israeli Organizations | 📕
Apr 13 - [F-SECURE] Callisto Group | 📕
Apr 11 - [Kaspersky] Unraveling the Lamberts Toolkit | 📕
Apr 10 - [Symantec] Longhorn: Tools used by cyberespionage group linked to Vault 7 | 📕
Apr 06 - [PwC] Operation Cloud Hopper | 📕
Apr 05 - [Palo Alto Networks, Clearsky] Targeted Attacks in the Middle East Using KASPERAGENT and MICROPSIA | 📕
Mar 15 - [JPCERT] FHAPPI Campaign | 📕
Mar 14 - [Clearsky] Operation Electric Powder – Who is targeting Israel Electric Company? | 📕
Mar 08 - [Netskope] Targeted Attack Campaigns with Multi-Variate Malware Observed in the Cloud | 📕
Mar 06 - [Kaspersky] From Shamoon to StoneDrill | 📕
Feb 28 - [IBM] Dridex’s Cold War: Enter AtomBombing | 📕
Feb 27 - [Palo Alto Networks] The Gamaredon Group Toolset Evolution | 📕
Feb 23 - [Bitdefender] Dissecting the APT28 Mac OS X Payload | 📕
Feb 22 - [FireEye] Spear Phishing Techniques Used in Attacks Targeting the Mongolian Government | 📕
Feb 21 - [Arbor] Additional Insights on Shamoon2 | 📕
Feb 20 - [BAE Systems] azarus' False Flag Malware | 📕
Feb 17 - [JPCERT] ChChes - Malware that Communicates with C&C Servers Using Cookie Headers | 📕
Feb 16 - [BadCyber] Technical analysis of recent attacks against Polish banks | 📕
Feb 15 - [Morphick] Deep Dive On The DragonOK Rambo Backdoor | 📕
Feb 15 - [IBM] The Full Shamoon: How the Devastating Malware Was Inserted Into Networks | 📕
Feb 15 - [Dell] Iranian PupyRAT Bites Middle Eastern Organizations | 📕
Feb 15 - [Palo Alto Networks] Magic Hound Campaign Attacks Saudi Targets | 📕
Feb 14 - [Medium] Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal | 📕
Feb 12 - [BAE Systems] Lazarus & Watering-Hole Attacks | 📕
Feb 10 - [Cysinfo] Cyber Attack Targeting Indian Navy's Submarine And Warship Manufacturer | 📕
Feb 10 - [DHS] Enhanced Analysis of GRIZZLY STEPPE Activity | 📕
Feb 03 - [RSA] KingSlayer A Supply chain attack | 📕
Feb 03 - [BadCyber] Several Polish banks hacked, information stolen by unknown attackers | 📕
Feb 02 - [Proofpoint] Oops, they did it again: APT Targets Russia and Belarus with ZeroT and PlugX | 📕
Jan 30 - [Palo Alto Networks] Downeks and Quasar RAT Used in Recent Targeted Attacks Against Governments | 📕
Jan 25 - [Microsoft] Detecting threat actors in recent German industrial attacks with Windows Defender ATP | 📕
Jan 19 - [Cysinfo] URI Terror Attack & Kashmir Protest Themed Spear Phishing Emails Targeting Indian Embassies And Indian Ministry Of External Affairs | 📕
Jan 18 - [Trustwave] Operation Grand Mars: Defending Against Carbanak Cyber Attacks | 📕
Jan 15 - [tr1adx] Bear Spotting Vol. 1: Russian Nation State Targeting of Government and Military Interests | 📕
Jan 12 - [Kaspersky] The “EyePyramid” attacks | 📕
Jan 11 - [FireEye] APT28: AT THE CENTER OF THE STORM | 📕
Jan 09 - [Palo Alto Networks] Second Wave of Shamoon 2 Attacks Identified | 📕
Jan 05 - [Clearsky] Iranian Threat Agent OilRig Delivers Digitally Signed Malware, Impersonates University of Oxford | 📕

2016

Dec 15 - [Microsoft] PROMETHIUM and NEODYMIUM APT groups on Turkish citizens living in Turkey and various other European countries. | 📕
Dec 13 - [ESET] The rise of TeleBots: Analyzing disruptive KillDisk attacks | 📕
Nov 30 - [Cysinfo] MALWARE ACTORS USING NIC CYBER SECURITY THEMED SPEAR PHISHING TO TARGET INDIAN GOVERNMENT ORGANIZATIONS | 📕
Nov 22 - [Palo Alto Networks] Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy | 📕
Nov 09 - [Fidelis] Down the H-W0rm Hole with Houdini's RAT | 📕
Nov 03 - [Booz Allen] When The Lights Went Out: Ukraine Cybersecurity Threat Briefing | 📕
Oct 31 - [Palo Alto Networks] Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve? | 📕
Oct 27 - [ESET] En Route with Sednit Part 3: A Mysterious Downloader | 📕
Oct 27 - [Trend Micro] BLACKGEAR Espionage Campaign Evolves, Adds Japan To Target List | 📕
Oct 26 - [Vectra Networks] Moonlight – Targeted attacks in the Middle East | 📕
Oct 25 - [Palo Alto Networks] Houdini’s Magic Reappearance | 📕
Oct 25 - [ESET] En Route with Sednit Part 2: Lifting the lid on Sednit: A closer look at the software it uses | 📕
Oct 20 - [ESET] En Route with Sednit Part 1: Approaching the Target | 📕
Oct 17 - [ThreatConnect] ThreatConnect identifies Chinese targeting of two companies. Economic espionage or military intelligence? | 📕
Oct 05 - [Kaspersky] Wave your false flags | 📕
Oct 03 - [Kaspersky] On the StrongPity Waterhole Attacks Targeting Italian and Belgian Encryption Users | 📕
Sep 29 - [NATO CCD COE] China and Cyber: Attitudes, Strategies, Organisation | 📕
Sep 28 - [Palo Alto Networks] Confucius Says…Malware Families Get Further By Abusing Legitimate Websites | 📕
Sep 28 - [ThreatConnect] Belling the BEAR: russia-hacks-bellingcat-mh17-investigation | 📕
Sep 26 - [Palo Alto Networks] Sofacy’s ‘Komplex’ OS X Trojan | 📕
Sep 18 - [Cyberkov] Hunting Libyan Scorpions | 📕
Sep 14 - [Palo Alto Networks] MILE TEA: Cyber Espionage Campaign Targets Asia Pacific Businesses and Government Agencies | 📕
Sep 06 - [Symantec] Buckeye cyberespionage group shifts gaze from US to Hong Kong | 📕
Sep 01 - [IRAN THREATS] MALWARE POSING AS HUMAN RIGHTS ORGANIZATIONS AND COMMERCIAL SOFTWARE TARGETING IRANIANS, FOREIGN POLICY INSTITUTIONS AND MIDDLE EASTERN COUNTRIES | 📕
Aug 25 - [Lookout] Technical Analysis of Pegasus Spyware | 📕
Aug 24 - [Citizen Lab] The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender | 📕
Aug 19 - [ThreatConnect] Russian Cyber Operations on Steroids | 📕
Aug 17 - [Kaspersky] Operation Ghoul: targeted attacks on industrial and engineering organizations | 📕
Aug 16 - [Palo Alto Networks] Aveo Malware Family Targets Japanese Speaking Users | 📕
Aug 11 - [IRAN THREATS] Iran and the Soft War for Internet Dominance | 📕
Aug 08 - [Forcepoint] MONSOON | 📕
Aug 08 - [Kaspersky] ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms | 📕
Aug 07 - [Symantec] Strider: Cyberespionage group turns eye of Sauron on targets | 📕
Aug 06 - [360] APT-C-09 | 📕
Aug 04 - [Recorded Future] Running for Office: Russian APT Toolkits Revealed | 📕
Aug 03 - [EFF] Operation Manul: I Got a Letter From the Government the Other Day...Unveiling a Campaign of Intimidation, Kidnapping, and Malware in Kazakhstan | 📕
Aug 02 - [Citizen Lab] Group5: Syria and the Iranian Connection | 📕
Jul 28 - [ICIT] China’s Espionage Dynasty | 📕
Jul 26 - [Palo Alto Networks] Attack Delivers ‘9002’ Trojan Through Google Drive | 📕
Jul 21 - [360] Sphinx (APT-C-15) Targeted cyber-attack in the Middle East | 📕
Jul 21 - [RSA] Hide and Seek: How Threat Actors Respond in the Face of Public Exposure | 📕
Jul 13 - [SentinelOne] State-Sponsored SCADA Malware targeting European Energy Companies | 📕
Jul 12 - [F-SECURE] NanHaiShu: RATing the South China Sea | 📕
Jul 08 - [Kaspersky] The Dropping Elephant – aggressive cyber-espionage in the Asian region | 📕
Jul 07 - [Proofpoint] NetTraveler APT Targets Russian, European Interests | 📕
Jul 07 - [Cymmetria] UNVEILING PATCHWORK: THE COPY-PASTE APT | 📕
Jul 03 - [Check Point] From HummingBad to Worse | 📕
Jul 01 - [Bitdefender] Pacifier APT | 📕
Jul 01 - [ESET] Espionage toolkit targeting Central and Eastern Europe uncovered | 📕
Jun 30 - [JPCERT] Asruex: Malware Infecting through Shortcut Files | 📕
Jun 29 - [Proofpoint] MONSOON – ANALYSIS OF AN APT CAMPAIGN | 📕
Jun 28 - [Palo Alto Networks] Prince of Persia – Game Over | 📕
Jun 28 - [JPCERT] (Japan)Attack Tool Investigation | 📕
Jun 26 - [Trend Micro] The State of the ESILE/Lotus Blossom Campaign | 📕
Jun 26 - [Cylance] Nigerian Cybercriminals Target High-Impact Industries in India via Pony | 📕
Jun 23 - [Palo Alto Networks] Tracking Elirks Variants in Japan: Similarities to Previous Attacks | 📕
Jun 21 - [Fortinet] The Curious Case of an Unknown Trojan Targeting German-Speaking Users | 📕
Jun 21 - [FireEye] Redline Drawn: China Recalculates Its Use of Cyber Espionage | 📕
Jun 21 - [ESET] Visiting The Bear Den | 📕
Jun 17 - [Kaspersky] Operation Daybreak | 📕
Jun 16 - [Dell] Threat Group-4127 Targets Hillary Clinton Presidential Campaign | 📕
Jun 15 - [CrowdStrike] Bears in the Midst: Intrusion into the Democratic National Committee | 📕
Jun 09 - [Clearsky] Operation DustySky Part 2 | 📕
Jun 02 - [Trend Micro] FastPOS: Quick and Easy Credit Card Theft | 📕
May 27 - [Trend Micro] IXESHE Derivative IHEATE Targets Users in America | 📕
May 26 - [Palo Alto Networks] The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor | 📕
May 25 - [Kaspersky] CVE-2015-2545: overview of current threats | 📕
May 24 - [Palo Alto Networks] New Wekby Attacks Use DNS Requests As Command and Control Mechanism | 📕
May 23 - [MELANI:GovCERT] APT Case RUAG Technical Report | 📕
May 22 - [FireEye] TARGETED ATTACKS AGAINST BANKS IN THE MIDDLE EAST | 📕
May 22 - [Palo Alto Networks] Operation Ke3chang Resurfaces With New TidePool Malware | 📕
May 18 - [ESET] Operation Groundbait: Analysis of a surveillance toolkit | 📕
May 17 - [FOX-IT] Mofang: A politically motivated information stealing adversary | 📕
May 17 - [Symantec] Indian organizations targeted in Suckfly attacks | 📕
May 10 - [Trend Micro] Backdoor as a Software Suite: How TinyLoader Distributes and Upgrades PoS Threats | paper | 📕
May 09 - [CMU SEI] Using Honeynets and the Diamond Model for ICS Threat Analysis | 📕
May 06 - [PwC] Exploring CVE-2015-2545 and its users | 📕
May 05 - [Forcepoint] Jaku: an on-going botnet campaign | 📕
May 02 - [Team Cymru] GOZNYM MALWARE target US, AT, DE | 📕
May 02 - [Palo Alto Networks] Prince of Persia: Infy Malware Active In Decade of Targeted Attacks | 📕
Apr 27 - [Kaspersky] Repackaging Open Source BeEF for Tracking and More | 📕
Apr 26 - [Financial Times] Cyber warfare: Iran opens a new front | 📕
Apr 26 - [Arbor] New Poison Ivy Activity Targeting Myanmar, Asian Countries | 📕
Apr 22 - [Cylance] The Ghost Dragon | 📕
Apr 21 - [SentinelOne] Teaching an old RAT new tricks | 📕
Apr 21 - [Palo Alto Networks] New Poison Ivy RAT Variant Targets Hong Kong Pro-Democracy Activists | 📕
Apr 18 - [Citizen Lab] Between Hong Kong and Burma: Tracking UP007 and SLServer Espionage Campaigns | 📕
Apr 15 - [SANS] Detecting and Responding Pandas and Bears | 📕
Apr 12 - [Microsoft] PLATINUM: Targeted attacks in South and Southeast Asia | 📕
Mar 25 - [Palo Alto Networks] ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe | 📕
Mar 23 - [Trend Micro] Operation C-Major: Information Theft Campaign Targets Military Personnel in India | 📕
Mar 18 - [SANS] Analysis of the Cyber Attack on the Ukrainian Power Grid: Defense Use Case | 📕
Mar 17 - [PwC] Taiwan Presidential Election: A Case Study on Thematic Targeting | 📕
Mar 15 - [Symantec] Suckfly: Revealing the secret life of your code signing certificates | 📕
Mar 14 - [Proofpoint] Bank robbery in progress: New attacks from Carbanak group target banks in Middle East and US | 📕
Mar 10 - [Citizen Lab] Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans | 📕
Mar 09 - [FireEye] LESSONS FROM OPERATION RUSSIANDOLL | 📕
Mar 08 - [360] Operation OnionDog: A 3 Year Old APT Focused On the Energy and Transportation Industries in Korean-language Countries | 📕
Mar 03 - [Recorded Future] Shedding Light on BlackEnergy With Open Source Intelligence | 📕
Mar 01 - [Proofpoint] Operation Transparent Tribe - APT Targeting Indian Diplomatic and Military Interests | 📕
Feb 29 - [Fidelis] The Turbo Campaign, Featuring Derusbi for 64-bit Linux | 📕
Feb 24 - [NOVETTA] Operation Blockbuster | 📕
Feb 23 - [Cylance] OPERATION DUST STORM | 📕
Feb 12 - [Palo Alto Networks] A Look Into Fysbis: Sofacy’s Linux Backdoor | 📕
Feb 11 - [Recorded Future] Hacktivism: India vs. Pakistan | 📕
Feb 09 - [Kaspersky] Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage | 📕
Feb 08 - [ICIT] Know Your Enemies 2.0: A Primer on Advanced Persistent Threat Groups | 📕
Feb 04 - [Palo Alto Networks] T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques | 📕
Feb 03 - [Palo Alto Networks] Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve? | 📕
Feb 01 - [Sucuri] Massive Admedia/Adverting iFrame Infection | 📕
Feb 01 - [IBM] Organized Cybercrime Big in Japan: URLZone Now on the Scene | 📕
Jan 29 - [F5] Tinbapore: Millions of Dollars at Risk | 📕
Jan 29 - [Zscaler] Malicious Office files dropping Kasidet and Dridex | 📕
Jan 28 - [Kaspersky] BlackEnergy APT Attacks in Ukraine employ spearphishing with Word documents | 📕
Jan 27 - [Fidelis] Dissecting the Malware Involved in the INOCNATION Campaign | 📕
Jan 26 - [SentinelOne] Analyzing a New Variant of BlackEnergy 3 | 📕
Jan 24 - [Palo Alto Networks] Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists | 📕
Jan 21 - [Palo Alto Networks] NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan | 📕
Jan 19 - [360] 2015 APT Annual Report | 📕
Jan 14 - [CISCO] RESEARCH SPOTLIGHT: NEEDLES IN A HAYSTACK | 📕
Jan 14 - [Symantec] The Waterbug attack group | 📕
Jan 07 - [Clearsky] Operation DustySky | 📕
Jan 07 - [CISCO] RIGGING COMPROMISE - RIG EXPLOIT KIT | 📕
Jan 03 - [ESET] BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry | 📕

2015

Dec 23 - [PwC] ELISE: Security Through Obesity | 📕
Dec 22 - [Palo Alto Networks] BBSRAT Attacks Targeting Russian Organizations Linked to Roaming Tiger | 📕
Dec 20 - [FireEye] The EPS Awakens - Part 2 | 📕
Dec 18 - [Palo Alto Networks] Attack on French Diplomat Linked to Operation Lotus Blossom | 📕
Dec 16 - [Bitdefender] APT28 Under the Scope - A Journey into Exfiltrating Intelligence and Government Information | 📕
Dec 16 - [Trend Micro] Operation Black Atlas, Part 2: Tools and Malware Used and How to Detect Them | 📕
Dec 16 - [Fidelis] Dissecting the Malware Involved in the INOCNATION Campaign | 📕
Dec 15 - [AirBus] Newcomers in the Derusbi family | 📕
Dec 08 - [Citizen Lab] Packrat: Seven Years of a South American Threat Actor | 📕
Dec 07 - [FireEye] Financial Threat Group Targets Volume Boot Record | 📕
Dec 07 - [Symantec] Iran-based attackers use back door threats to spy on Middle Eastern targets | 📕
Dec 04 - [Kaspersky] Sofacy APT hits high profile targets with updated toolset | 📕
Dec 01 - [FireEye] China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets | 📕
Nov 30 - [FOX-IT] Ponmocup A giant hiding in the shadows | 📕
Nov 24 - [Palo Alto Networks] Attack Campaign on the Government of Thailand Delivers Bookworm Trojan | 📕
Nov 23 - [Minerva Labs, ClearSky] CopyKittens Attack Group | 📕
Nov 23 - [RSA] PEERING INTO GLASSRAT | 📕
Nov 23 - [Trend Micro] Prototype Nation: The Chinese Cybercriminal Underground in 2015 | 📕
Nov 19 - [Kaspersky] Russian financial cybercrime: how it works | 📕
Nov 19 - [JPCERT] Decrypting Strings in Emdivi | 📕
Nov 18 - [Palo Alto Networks] TDrop2 Attacks Suggest Dark Seoul Attackers Return | 📕
Nov 18 - [CrowdStrike] Sakula Reloaded | 📕
Nov 18 - [Damballa] Damballa discovers new toolset linked to Destover Attacker’s arsenal helps them to broaden attack surface | 📕
Nov 16 - [FireEye] WitchCoven: Exploiting Web Analytics to Ensnare Victims | 📕
Nov 10 - [Palo Alto Networks] Bookworm Trojan: A Model of Modular Architecture | 📕
Nov 09 - [Check Point] Rocket Kitten: A Campaign With 9 Lives | 📕
Nov 04 - [RSA] Evolving Threats:dissection of a CyberEspionage attack | 📕
Oct 16 - [Citizen Lab] Targeted Malware Attacks against NGO Linked to Attacks on Burmese Government Websites(https://otx.alienvault.com/pulse/5621208f4637f21ecf2aac36/) | 📕
Oct 15 - [Citizen Lab] Pay No Attention to the Server Behind the Proxy: Mapping FinFisher’s Continuing Proliferation | 📕
Oct 05 - [Recorded Future] Proactive Threat Identification Neutralizes Remote Access Trojan Efficacy | 📕
Oct 03 - [Cybereason] Webmail Server APT: A New Persistent Attack Methodology Targeting Microsoft Outlook Web Application (OWA) | 📕
Sep 23 - [ThreatConnect] PROJECT CAMERASHY: CLOSING THE APERTURE ON CHINA’S UNIT 78020 | PDF | 📕
Sep 17 - [F-SECURE] The Dukes 7 Years of Russian Cyber Espionage - PDF | 📕
Sep 16 - [Proofpoint] The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK | 📕
Sep 16 - [Trend Micro] Operation Iron Tiger: How China-Based Actors Shifted Attacks from APAC to US Targets | IOC | 📕
Sep 15 - [Proofpoint] In Pursuit of Optical Fibers and Troop Intel: Targeted Attack Distributes PlugX in Russia | 📕
Sep 09 - [Kaspersky] Satellite Turla: APT Command and Control in the Sky | 📕
Sep 08 - [Palo Alto Networks] Musical Chairs: Multi-Year Campaign Involving New Variant of Gh0st Malware | 📕
Sep 01 - [Trend Micro, Clearsky] The Spy Kittens Are Back: Rocket Kitten 2 | PDF | 📕
Aug 20 - [Arbor] PlugX Threat Activity in Myanmar | 📕
Aug 20 - [Kaspersky] New activity of the Blue Termite APT | 📕
Aug 19 - [Symantec] New Internet Explorer zero-day exploited in Hong Kong attacks | 📕
Aug 10 - [ShadowServer] The Italian Connection: An analysis of exploit supply chains and digital quartermasters | 📕
Aug 08 - [Cyint] Threat Analysis: Poison Ivy and Links to an Extended PlugX Campaign | 📕
Aug 05 - [Dell] Threat Group-3390 Targets Organizations for Cyberespionage | 📕
Aug 04 - [RSA] Terracotta VPN: Enabler of Advanced Threat Anonymity | 📕
Jul 30 - [ESET] Operation Potao Express | IOC | 📕
Jul 28 - [Symantec] Black Vine: Formidable cyberespionage group targeted aerospace, healthcare since 2012 | 📕
Jul 27 - [FireEye] HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group | 📕
Jul 22 - [F-SECURE] Duke APT group's latest tools: cloud services and Linux support | 📕
Jul 20 - [ThreatConnect] China Hacks the Peace Palace: All Your EEZ’s Are Belong to Us | 📕
Jul 20 - [Palo Alto Networks] Watering Hole Attack on Aerospace Firm Exploits CVE-2015-5122 to Install IsSpace Backdoor | 📕
Jul 14 - [Palo Alto Networks] Tracking MiniDionis: CozyCar’s New Ride Is Related to Seaduke | 📕
Jul 14 - [Trend Micro] An In-Depth Look at How Pawn Storm’s Java Zero-Day Was Used | 📕
Jul 13 - [Symantec] "Forkmeiamfamous": Seaduke, latest weapon in the Duke armory | 📕
Jul 13 - [FireEye] Demonstrating Hustle, Chinese APT Groups Quickly Use Zero-Day Vulnerability CVE-2015-5119 Following Hacking Team Leak | 📕
Jul 10 - [Palo Alto Networks] APT Group UPS Targets US Government with Hacking Team Flash Exploit | 📕
Jul 09 - [Symantec] Butterfly: Corporate spies out for financial gain | 📕
Jul 08 - [Kaspersky] Wild Neutron – Economic espionage threat actor returns with new tricks | 📕
Jul 08 - [Volexity] APT Group Wekby Leveraging Adobe Flash Exploit (CVE-2015-5119) | 📕
Jun 30 - [ESET] Dino – the latest spying malware from an allegedly French espionage group analyzed | 📕
Jun 28 - [Dragon Threat Labs] APT on Taiwan - insight into advances of adversary TTPs | 📕
Jun 26 - [FireEye] Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign | 📕
Jun 24 - [PwC] UnFIN4ished Business (FIN4) | 📕
Jun 22 - [Kaspersky] Winnti targeting pharmaceutical companies | 📕
Jun 16 - [Palo Alto Networks] Operation Lotus Bloom | 📕
Jun 15 - [Citizen Lab] Targeted Attacks against Tibetan and Hong Kong Groups Exploiting CVE-2014-4114 | 📕
Jun 12 - [Volexity] Afghan Government Compromise: Browser Beware | 📕
Jun 10 - [Kaspersky] The_Mystery_of_Duqu_2_0 IOC Yara | 📕
Jun 10 - [Crysys] Duqu 2.0 | 📕
Jun 09 - [Microsoft] Duqu 2.0 Win32k Exploit Analysis | 📕
Jun 04 - [JP Internet Watch] Blue Thermite targeting Japan (CloudyOmega) | 📕
Jun 03 - [ClearSky] Thamar Reservoir | 📕
May 29 - [360] OceanLotusReport | 📕
May 28 - [Kaspersky] Grabit and the RATs | 📕
May 27 - [Antiy Labs] Analysis On Apt-To-Be Attack That Focusing On China's Government Agency' | 📕
May 27 - [CyberX] BlackEnergy 3 – Exfiltration of Data in ICS Networks | 📕
May 26 - [ESET] Dissecting-Linux/Moose | 📕
May 21 - [Kaspersky] The Naikon APT and the MsnMM Campaigns | 📕
May 19 - [Panda] Operation 'Oil Tanker' | 📕
May 18 - [Palo Alto Networks] Cmstar Downloader: Lurid and Enfal’s New Cousin | 📕
May 14 - [Trend Micro] Operation Tropic Trooper | 📕
May 14 - [Kaspersky] The Naikon APT | 📕
May 13 - [Cylance] SPEAR: A Threat Actor Resurfaces | 📕
May 12 - [PR Newswire] root9B Uncovers Planned Sofacy Cyber Attack Targeting Several International and Domestic Financial Institutions | 📕
May 07 - [G DATA] Dissecting the Kraken | 📕
May 05 - [Ahnlab] Targeted attack on France’s TV5Monde | 📕
Apr 27 - [PWC] Attacks against Israeli & Palestinian interests | 📕
Apr 22 - [F-SECURE] CozyDuke | 📕
Apr 21 - [Kaspersky] The CozyDuke APT | 📕
Apr 20 - [PWC] Sofacy II – Same Sofacy, Different Day | 📕
Apr 18 - [FireEye] Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack | 📕
Apr 16 - [Trend Micro] Operation Pawn Storm Ramps Up its Activities; Targets NATO, White House | 📕
Apr 15 - [Kaspersky] The Chronicles of the Hellsing APT: the Empire Strikes Back | 📕
Apr 12 - [FireEye] APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation | 📕
Mar 31 - [CheckPoint] Volatile Cedar – Analysis of a Global Cyber Espionage Campaign | 📕
Mar 19 - [Trend Micro] Rocket Kitten Showing Its Claws: Operation Woolen-GoldFish and the GHOLE campaign | 📕
Mar 11 - [Kaspersky] Inside the EquationDrug Espionage Platform | 📕
Mar 10 - [Citizen Lab] Tibetan Uprising Day Malware Attacks | 📕
Mar 06 - [F-SECURE] Is Babar a Bunny? | 📕
Mar 06 - [Kaspersky] Animals in the APT Farm | 📕
Mar 05 - [ESET] Casper Malware: After Babar and Bunny, Another Espionage Cartoon | 📕
Feb 24 - [PWC] A deeper look into Scanbox | 📕
Feb 27 - [ThreatConnect] The Anthem Hack: All Roads Lead to China | 📕
Feb 25 - [FireEye] Southeast Asia: An Evolving Cyber Threat Landscape | 📕
Feb 25 - [Sophos] PlugX goes to the registry (and India) | 📕
Feb 18 - [G DATA] Babar: espionage software finally found and put under the microscope | 📕
Feb 18 - [CIRCL Luxembourg] Shooting Elephants | 📕
Feb 17 - [Kaspersky] Desert Falcons APT | 📕
Feb 17 - [Kaspersky] A Fanny Equation: "I am your father, Stuxnet" | 📕
Feb 16 - [Trend Micro] Operation Arid Viper | 📕
Feb 16 - [Kaspersky] The Carbanak APT | 📕
Feb 16 - [Kaspersky] Equation: The Death Star of Malware Galaxy | 📕
Feb 10 - [CrowdStrike] CrowdStrike Global Threat Intel Report for 2014 | 📕
Feb 04 - [Trend Micro] Pawn Storm Update: iOS Espionage App Found | 📕
Feb 02 - [FireEye] Behind the Syrian Conflict’s Digital Frontlines | 📕
Jan 29 - [JPCERT] Analysis of PlugX Variant - P2P PlugX | 📕
Jan 29 - [Symantec] Backdoor.Winnti attackers and Trojan.Skelky | 📕
Jan 27 - [Kaspersky] Comparing the Regin module 50251 and the "Qwerty" keylogger | 📕
Jan 22 - [Kaspersky] Regin's Hopscotch and Legspin | 📕
Jan 22 - [Symantec] Scarab attackers Russian targets | IOCs | 📕
Jan 22 - [Symantec] The Waterbug attack group | 📕
Jan 20 - [BlueCoat] Reversing the Inception APT malware | 📕
Jan 20 - [G DATA] Analysis of Project Cobra | 📕
Jan 15 - [G DATA] Evolution of Agent.BTZ to ComRAT | 📕
Jan 12 - [Dell] Skeleton Key Malware Analysis | 📕
Jan 11 - [Dragon Threat Labs] Hong Kong SWC attack | 📕

2014

Dec 22 - [Group-IB] Anunak: APT against financial institutions | 📕
Dec 21 - [ThreatConnect] Operation Poisoned Helmand | 📕
Dec 19 - [US-CERT] TA14-353A: Targeted Destructive Malware (wiper) | 📕
Dec 18 - [Citizen Lab] Malware Attack Targeting Syrian ISIS Critics | 📕
Dec 17 - [CISCO] Wiper Malware – A Detection Deep Dive | 📕
Dec 12 - [Fidelis] Bots, Machines, and the Matrix | 📕
Dec 12 - [AirBus] Vinself now with steganography | 📕
Dec 10 - South Korea MBR Wiper
Dec 10 - [F-Secure] W64/Regin, Stage #1 | 📕
Dec 10 - [F-Secure] W32/Regin, Stage #1 | 📕
Dec 10 - Cloud Atlas: RedOctober APT
Dec 09 - [BlueCoat] The Inception Framework | 📕
Dec 08 - The 'Penquin' Turla
Dec 03 - Operation Cleaver: The Notepad Files | 📕
Dec 02 - Operation Cleaver | IOCs | 📕
Nov 30 - FIN4: Stealing Insider Information for an Advantage in Stock Trading?
Nov 24 - Deep Panda Uses Sakula Malware | 📕
Nov 24 - TheIntercept's report on The Regin Platform
Nov 24 - Kaspersky's report on The Regin Platform
Nov 23 - Symantec's report on Regin
Nov 21 - [FireEye] Operation Double Tap | IOCs | 📕
Nov 20 - [] EvilBunny: Suspect #4 | 📕
Nov 14 - [] Roaming Tiger (Slides) | 📕
Nov 14 - [F-Secure] OnionDuke: APT Attacks Via the Tor Network | 📕
Nov 13 - [Symantec] Operation CloudyOmega: Ichitaro 0-day targeting Japan | 📕
Nov 12 - [ESET] Korplug military targeted attacks: Afghanistan & Tajikistan
Nov 11 - The Uroburos case- Agent.BTZ’s successor, ComRAT
Nov 10 - [Kaspersky] The Darkhotel APT - A Story of Unusual Hospitality | 📕
Nov 03 - Operation Poisoned Handover: Unveiling Ties Between APT Activity in Hong Kong’s Pro-Democracy Movement
Nov 03 - New observations on BlackEnergy2 APT activity
Oct 31 - Operation TooHash
Oct 30 - The Rotten Tomato Campaign
Oct 28 - Group 72, Opening the ZxShell
Oct 28 - APT28 - A Window Into Russia's Cyber Espionage Operations
Oct 27 - Micro-Targeted Malvertising via Real-time Ad Bidding
Oct 27 - ScanBox framework – who’s affected, and who’s using it?
Oct 27 - Full Disclosure of Havex Trojans - ICS Havex backdoors
Oct 24 - LeoUncia and OrcaRat
Oct 23 - Modified Tor Binaries
Oct 22 - Sofacy Phishing by PWC
Oct 22 - [Trend Micro] Operation Pawn Storm: The Red in SEDNIT | 📕
Oct 20 - OrcaRAT - A whale of a tale
Oct 14 - Sandworm - CVE-2104-4114
Oct 14 - Group 72 (Axiom)
Oct 14 - Derusbi Preliminary Analysis
Oct 14 - Hikit Preliminary Analysis
Oct 14 - ZoxPNG Preliminary Analysis
Oct 09 - Democracy in Hong Kong Under Attack
Oct 03 - New indicators for APT group Nitro
Sep 26 - BlackEnergy & Quedagh
Sep 26 - Aided Frame, Aided Direction (Sunshop Digital Quartermaster)
Sep 23 - Ukraine and Poland Targeted by BlackEnergy (video)
Sep 19 - Watering Hole Attacks using Poison Ivy by "th3bug" group
Sep 18 - COSMICDUKE: Cosmu with a twist of MiniDuke
Sep 17 - Chinese intrusions into key defense contractors
Sep 10 - Operation Quantum Entanglement
Sep 08 - When Governments Hack Opponents: A Look at Actors and Technology video
Sep 08 - Targeted Threat Index: Characterizingand Quantifying Politically-MotivatedTargeted Malware video
Sep 04 - Gholee – a “Protective Edge” themed spear phishing campaign | 📕
Sep 04 - Forced to Adapt: XSLCmd Backdoor Now on OS X
Sep 03 - Darwin’s Favorite APT Group (APT12)
Aug 29 - Syrian Malware Team Uses BlackWorm for Attacks
Aug 28 - Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks
Aug 27 - North Korea’s cyber threat landscape
Aug 27 - NetTraveler APT Gets a Makeover for 10th Birthday
Aug 25 - Vietnam APT Campaign
Aug 20 - El Machete
Aug 18 - The Syrian Malware House of Cards | 📕
Aug 13 - A Look at Targeted Attacks Through the Lense of an NGO | 📕
Aug 12 - New York Times Attackers Evolve Quickly (Aumlib/Ixeshe/APT12)
Aug 07 - The Epic Turla Operation Appendix
Aug 06 - Operation Poisoned Hurricane
Aug 05 - Operation Arachnophobia
Aug 04 - Sidewinder Targeted Attack Against Android
Jul 31 - Energetic Bear/Crouching Yeti Appendix
Jul 31 - Energetic Bear/Crouching Yeti
Jul 29 - [Dell] Threat Group-3279 Targets the Video Game Industry | 📕
Jul 20 - [Vinsula] Sayad (Flying Kitten) Analysis & IOCs | 📕
Jul 11 - Pitty Tiger | 📕
Jul 10 - TR-25 Analysis - Turla / Pfinet / Snake/ Uroburos
Jul 07 - Deep Pandas, Deep in Thought: Chinese Targeting of National Security Think Tanks | 📕
Jun 10 - Anatomy of the Attack: Zombie Zero
Jun 30 - Dragonfly: Cyberespionage Attacks Against Energy Suppliers
Jun 20 - Embassy of Greece Beijing
Jun 09 - Putter Panda
Jun 06 - Illuminating The Etumbot APT Backdoor (APT12)
May 28 - NewsCaster_An_Iranian_Threat_Within_Social_Networks | 📕
May 21 - RAT in jar: A phishing campaign using Unrecom
May 20 - Miniduke Twitter C&C
May 13 - CrowdStrike's report on Flying Kitten
May 13 - Operation Saffron Rose (aka Flying Kitten)
Apr 26 - CVE-2014-1776: Operation Clandestine Fox
Mar 12 - [FireEye] A Detailed Examination of the Siesta Campaign| 📕
Mar 08 - Russian spyware Turla
Mar 07 - Snake Campaign & Cyber Espionage Toolkit
Mar 06 - [Trend Micro] The Siesta Campaign | 📕
Feb 28 - Uroburos: Highly complex espionage software with Russian roots
Feb 25 - The French Connection: French Aerospace-Focused CVE-2014-0322 Attack Shares Similarities with 2012 Capstone Turbine Activity | 📕
Feb 23 - Gathering in the Middle East, Operation STTEAM
Feb 20 - Mo' Shells Mo' Problems - Deep Panda Web Shells | 📕
Feb 20 - [FireEye] Operation GreedyWonk: Multiple Economic and Foreign Policy Sites Compromised, Serving Up Flash Zero-Day Exploit | 📕
Feb 19 - XtremeRAT: Nuisance or Threat?
Feb 19 - The Monju Incident
Feb 13 - [FireEye] Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website | 📕
Feb 11 - [Kaspersky] Unveiling "Careto" - The Masked APT | 📕
Jan 31 - Intruder File Report- Sneakernet Trojan
Jan 21 - [RSA] Shell_Crew (Deep Panda) | 📕
Jan 15 - “New'CDTO:'A'Sneakernet'Trojan'Solution
Jan 14 - The Icefog APT Hits US Targets With Java Backdoor
Jan 13 - Targeted attacks against the Energy Sector
Jan 06 - PlugX: some uncovered points

2013

??? ?? - THE LITTLE MALWARE THAT COULD: Detecting and Defeating the China Chopper Web Shell | 📕
??? ?? - Deep Panda (OFFLINE) | 📕
??? ?? - [Fireeye] OPERATION SAFFRON ROSE | 📕
Dec 20 - ETSO APT Attacks Analysis | 📕
Dec 11 - Operation "Ke3chang"
Dec 02 - njRAT, The Saga Continues
Nov 11 - [FireEye] Supply Chain Analysis
Nov 10 - [FireEye] Operation Ephemeral Hydra: IE Zero-Day Linked to DeputyDog Uses Diskless Method
Oct 24 - [FireEye] Terminator RAT or FakeM RAT | 📕
Sep 30 - [FireEye] World War C: State of affairs in the APT world
Sep 25 - The 'ICEFROG' APT: A Tale of cloak and three daggers
Sep 17 - Hidden Lynx - Professional Hackers for Hire
Sep 13 - Operation DeputyDog: Zero-Day (CVE-2013-3893) Attack Against Japanese Targets
Sep 11 - The "Kimsuky" Operation
Sep 06 - Evasive Tactics: Taidoor | 📕
Sep ?? - Feature: EvilGrab Campaign Targets Diplomatic Agencies
Aug 23 - Operation Molerats: Middle East Cyber Attacks Using Poison Ivy
Aug 21 - POISON IVY: Assessing Damage and Extracting Intelligence
Aug 19 - ByeBye Shell and the targeting of Pakistan
Aug 02 - Surtr: Malware Family Targeting the Tibetan Community
Aug 02 - Where There is Smoke, There is Fire: South Asian Cyber Espionage Heats Up
Aug ?? - APT Attacks on Indian Cyber Space
Aug ?? - Operation Hangover - Unveiling an Indian Cyberattack Infrastructure
Jul 31 - Blackhat: In-Depth Analysis of Escalated APT Attacks (Lstudio,Elirks), video
Jul 31 - Secrets of the Comfoo Masters
Jul 15 - PlugX revisited: "Smoaler"
Jul 09 - Dark Seoul Cyber Attack: Could it be worse?
Jun 30 - Targeted Campaign Steals Credentials in Gulf States and Caribbean
Jun 28 - njRAT Uncovered
Jun 21 - [Citizen Lab] A Call to Harm: New Malware Attacks Target the Syrian Opposition | 📕
Jun 18 - [FireEye] Trojan.APT.Seinup Hitting ASEAN | 📕
Jun 07 - [Rapid7] KeyBoy, Targeted Attacks against Vietnam and India | 📕
Jun 04 - [Kaspersky] The NetTraveller (aka 'Travnet') | 📕
Jun 01 - [Purdue] Crude Faux: An analysis of cyber conflict within the oil & gas industries | 📕
Jun ?? - [BlueCoat] The Chinese Malware Complexes: The Maudi Surveillance Operation | 📕
May 30 - [CIRCL] TR-14 - Analysis of a stage 3 Miniduke malware sample | 📕
May 20 - [Norman] OPERATION HANGOVER: Unveiling an Indian Cyberattack Infrastructure | 📕
May 16 - [ESET] Targeted information stealing attacks in South Asia use email, signed binaries | 📕
Apr 21 - [Bitdefender] MiniDuke - The Final Cut | 📕
Apr 13 - [Kaspersky] "Winnti" More than just a game | 📕
Apr 01 - [FireEye] Trojan.APT.BaneChant | 📕
Mar 28 - [Circl] TR-12 - Analysis of a PlugX malware variant used for targeted attacks | 📕
Mar 27 - [malware.lu] APT1: technical backstage (Terminator/Fakem RAT) | 📕
Mar 21 - [Fidelis] Darkseoul/Jokra Analysis And Recovery | 📕
Mar 20 - [Kaspersky] The TeamSpy Crew Attacks | 📕
Mar 20 - [McAfee] Dissecting Operation Troy | 📕
Mar 17 - [Trend Micro] Safe: A Targeted Threat | 📕
Mar 13 - [Citizen lab] You Only Click Twice: FinFisher’s Global Proliferation | 📕
Feb 27 - [Crysys] Miniduke: Indicators v1 | 📕
Feb 27 - [Kaspersky] The MiniDuke Mystery: PDF 0-day Government Spy Assembler 0x29A Micro Backdoor | 📕
Feb 26 - [Symantec] Stuxnet 0.5: The Missing Link | 📕
Feb 22 - [Symantec] Comment Crew: Indicators of Compromise | 📕
Feb 18 - [FireEye] Mandiant APT1 Report | 📕
Feb 12 - [AIT] Targeted cyber attacks: examples and challenges ahead | 📕
Jan 18 - [McAfee] Operation Red October | 📕
Jan 14 - [Kaspersky] The Red October Campaign | 📕

2012

Nov ?? - [KrebsonSecurity] "Wicked Rose" and the NCPH Hacking Group | 📕
Nov 03 - [CyberPeace] Systematic cyber attacks against Israeli and Palestinian targets going on for a year | 📕
Nov 01 - [Fidelis] RECOVERING FROM SHAMOON | 📕
Oct 31 - [DEA] CYBER ESPIONAGE Against Georgian Government (Georbot Botnet) | 📕
Oct 27 - [Symantec] Trojan.Taidoor: Targeting Think Tanks | 📕
Oct 08 - [Matasano] pest control: taming the rats | 📕
Sep 18 - [Dell] The Mirage Campaign | 📕
Sep 12 - [RSA] The VOHO Campaign: An in depth analysis | 📕
Sep 07 - [Citizen lab] IEXPLORE RAT | 📕
Sep 06 - [Symantec] The Elderwood Project | 📕
Aug 18 - [Trend Micro] The Taidoor Campaign AN IN-DEPTH ANALYSIS | 📕
Aug 09 - [Kaspersky] Gauss: Abnormal Distribution | 📕
Jul 27 - [Kaspersky] The Madi Campaign | 📕
Jul 25 - [Citizen lab] From Bahrain With Love: FinFisher’s Spy Kit Exposed? | 📕
Jul 11 - [Wired] Wired article on DarkComet creator | 📕
Jul 10 - [Citizenlab] Advanced Social Engineering for the Distribution of LURK Malware | 📕
May 31 - [Crysys] sKyWIper (Flame/Flamer) | 📕
May 22 - [Trend Micro] IXESHE An APT Campaign | 📕
May 18 - [Symantec] Analysis of Flamer C&C Server | 📕
Apr 16 - [Kaspersky] OSX.SabPub & Confirmed Mac APT attacks | 📕
Apr 10 - [McAfee] Anatomy of a Gh0st RAT | 📕
Mar 26 - [Trend Micro] Luckycat Redux | 📕
Mar 13 - [Arbor] Reversing DarkComet RAT's crypto | 📕
Mar 12 - [contextis] Crouching Tiger, Hidden Dragon, Stolen Data | 📕
Feb 29 - [Dell] The Sin Digoo Affair | 📕
Feb 03 - [CommandFive] Command and Control in the Fifth Domain | 📕
Jan 03 - [Trend Micro] The HeartBeat APT | 📕

2011

Dec 08 - [Norman] Palebot trojan harvests Palestinian online credentials | 📕
Nov 15 - [Norman] The many faces of Gh0st Rat | 📕
Oct 31 - [Symantec] The Nitro Attacks: Stealing Secrets from the Chemical Industry | 📕
Oct 26 - [Dell] Duqu Trojan Questions and Answers | 📕
Oct 12 - [Zscaler] Alleged APT Intrusion Set: "1.php" Group | 📕
Sep 22 - [Trend Micro] The "LURID" Downloader | 📕
Sep 11 - [CommandFive] SK Hack by an Advanced Persistent Threat | 📕
Sep 09 - [Fidelis] The RSA Hack | 📕
Aug 04 - [McAfee] Operation Shady RAT | 📕
Aug 03 - [Dell] HTran and the Advanced Persistent Threat | 📕
Aug 02 - [vanityfair] Operation Shady rat : Vanity | 📕
Jun ?? - [CommandFive] Advanced Persistent Threats:A Decade in Review | 📕
Apr 20 - [ESET] Stuxnet Under the Microscope | 📕
Feb 18 - [NERC] Night Dragon Specific Protection Measures for Consideration | 📕
Feb 10 - [McAfee] Global Energy Cyberattacks: Night Dragon | 📕

2010

Dec 09 - [CRS] The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability | 📕
Sep 30 - [Symantec] W32.Stuxnet Dossier | 📕
Sep 03 - [Seculert] The "MSUpdater" Trojan And Ongoing Targeted Attacks | 📕
Apr 06 - [ShadowServer] Shadows in the cloud: Investigating Cyber Espionage 2.0 | 📕
Mar 14 - [CA] In-depth Analysis of Hydraq | 📕
Feb 10 - [HB Gary] Threat Report: Operation Aurora | 📕
Jan ?? - [Triumfant] Case Study: Operation Aurora | 📕
Jan 27 - [Alberts] Operation Aurora Detect, Diagnose, Respond | 📕
Jan 26 - [McAfee] How Can I Tell if I Was Infected By Aurora? (IOCs) | 📕
Jan 20 - [McAfee] Combating Aurora| 📕
Jan 13 - [Damballa] The Command Structure of the Aurora Botnet | 📕
Jan 12 - [Google] Operation Aurora | 📕

2009

Oct 19 - [Northrop Grumman] Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation | 📕
Mar 29 - [TheSecDevGroup] Tracking GhostNet | 📕
Jan 18 - [Baltic] Impact of Alleged Russian Cyber Attacks | 📕

2008

??? - [Culture Mandala] HOW CHINA WILL USE CYBER WARFARE TO LEAPFROG IN MILITARY COMPETITIVENESS | 📕
??? - [Military Review]| 📕
Nov 19 - [Wired] Agent.BTZ | 📕
Nov 04 - [DTIC] China's Electronic Long-Range Reconnaissance | 📕
Oct 02 - [Culture Mandala] How China will use cyber warfare to leapfrog in military competitiveness | 📕
Aug 10 - [Georgia] Russian Invasion of Georgia Russian Cyberwar on Georgia | 📕

2006

[Krebs on Security] "Wicked Rose" and the NCPH Hacking Group | 📕

Report

🔸 2020 - [CrowdStrike] 2020 GLOBAL THREAT REPORT | 📕
🔸 2019 - [QianXin] APT threat report 2019 CN version | 📕
🔸 Q4 2019 - [GROUP-IB] HI– TECH CRIME TRENDS 2019/2020 | 📕
🔸 Q3 2019 - [PTSecurity] Cybersecurity threatscape Q3 2019 | 📕
🔸 Q2 2019 - [PTSecurity] Cybersecurity threatscape Q2 2019 | 📕
🔸 Q3 2019 - [AhnLab] ASEC Report Q3 2019 | 📕
🔸 Q2 2019 - [AhnLab] ASEC Report Q2 2019 | 📕
🔸 Q1 2019 - [AhnLab] ASEC Report Q1 2019 | 📕
🔸 Aug 01 2019 - [Kaspersky] APT trends report Q2 2019 | 📕
🔸 Apr 30 2019 - [Kaspersky] APT trends report Q1 2019 | 📕
🔸 Mar 04 2019 - [FireEye] M-Trends 2019 | 📕
🔸 Feb 02 2019 - [threatinte] Threat Intel Reads – January 2019 | 📕
🔸 Feb 2019 - [SWISSCOM] Targeted Attacks: Cyber Security Report 2019 | 📕
🔸 Jan 30 2019 - [Dragos] Webinar Summary: Uncovering ICS Threat Activity Groups | 📕
🔸 Jan 28 2019 - [ENISA] ENISA Threat Landscape Report 2018 | 📕
🔸 Jan 15 2019 - [Hackmageddon] 2018: A Year of Cyber Attacks | 📕
🔸 Jan 09 2019 - [360] [CN] 2018 APT Summary Report | 📕
🔸 Jan 07 2019 - [Medium] APT_chronicles_december_2018_edition | 📕
🔸 Jan 03 2019 - [Tencent] [CN] 2018 APT Summary Report | 📕