News • Insights • Analysis
GOFFEE is a threat actor that first came to our attention in early 2022. Since then, Kaspersky researchers have observed malicious activities targeting exclusively entities located in the Russian Federation, leveraging spear phishing emails with a malicious attachment. Starting in Read More …
To hide their activity in infected systems, APT groups resort to various techniques to bypass defenses. Most of these techniques are well known and detectable by both EPP solutions and EDR threat-monitoring and response tools. In early 2024, while investigating Read More …
The Earth Alux APT group’s schemes and tactics have been uncloaked through our relentless monitoring and investigation efforts. The China-linked intrusion set is actively launching cyberespionage attacks against the government, technology, logistics, manufacturing, telecommunications, IT services, and retail sectors. The Read More …
Water Gamayun, a suspected Russian threat actor also known as EncryptHub and Larva-208, has been exploiting the MSC EvilTwin (CVE-2025-26633), a zero-day vulnerability that was patched on March 11. In the first installment of this two-part series, Trend Research discussed Read More …
In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened Read More …
The Trend Zero Day Initiative threat hunting team identified significant instances of the exploitation of ZDI-CAN-25373 across a variety of campaigns dating back to 2017. The researchers analysis revealed that 11 state-sponsored groups from North Korea, Iran, Russia, and China Read More …
Espionage activity clusters may pose as recruiters to distribute phishing emails, targeting key employees in organizations of interest. In December 2024, the BI.ZONE Threat Intelligence team uncovered a peculiar phishing campaign aimed at luring victims with fake job opportunities at an Read More …
Last year, Kaspersky researchers published an article about SideWinder, a highly prolific APT group whose primary targets have been military and government entities in Pakistan, Sri Lanka, China, and Nepal. In the article, they described activities that had mostly happened Read More …
In fall 2024, UNK_CraftyCamel leveraged a compromised Indian electronics company to target fewer than five organizations in the United Arab Emirates with a malicious ZIP file that leveraged multiple polyglot files to eventually install a custom Go backdoor dubbed Sosano. Read More …
Operation Sea Elephant aims to spy on Chinese scientific research achievements in the field of ocean to ensure the dominance of a certain country in South Asia in the Indian Ocean. In mid-2024 QiAnXin Threat Intelligence Center researchers discovered the South Read More …