IT threat evolution in Q2 2022 IT threat evolution in Q2 2022. Non-mobile statistics IT threat evolution in Q2 2022. Mobile statistics Targeted attacks New technique for installing fileless malware Earlier this year, we discovered a malicious campaign that employed a new technique for installing fileless malware on target machines by injecting a shellcode

In January 2022, Kaspersky ICS CERT experts detected a wave of targeted attacks on military industrial complex enterprises and public institutions in several countries. In the course of our research, we were able to identify over a dozen of attacked organizations. The attack targeted industrial plants, design bureaus and research institutes, government agenc

China-linked threat actors have breached telecommunications companies and network service providers to spy on the traffic and steal data. US NSA, CISA, and the FBI published a joint cybersecurity advisory to warn that China-linked threat actors have breached telecommunications companies and network service providers. The nation-state actors exploit pub

The Verizon 2022 Data Breach Investigations Report is out. We are proud to collaborate as a supporting contributor to this year’s data efforts once again and to have contributed for the past 8 years. The report provides interesting analysis of a full amount of global incident data. Several things stand out in the 2022 report: Ransomware challenges co

For more than four years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They

In an advisory released on October 24, Microsoft announced ongoing campaigns it has attributed to the Nobelium state-sponsored threat group. IBM X-Force tracks this group as Hive099. If the name sounds familiar, that’s because it is the same group that targeted SolarWinds in 2020. The U.S. government has identified Nobelium as part of Russia’s f

North Korea-linked APT group Kimsuky allegedly breached South Korea’s atomic research agency KAERI by exploiting a VPN vulnerability. South Korean representatives declared on Friday that North Korea-linked APT group Kimsuky is believed to have breached the internal network of the South Korean Atomic Energy Research Institute (KAERI). The Korea Atomic E

Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets’ devices. Researchers from Kaspersky reported that Iran-linked threat actors, tracked as Ferocious Kitten, used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RA

Ferocious Kitten is an APT group that since at least 2015 has been targeting Persian-speaking individuals who appear to be based in Iran. Although it has been active for a long time, the group has mostly operated under the radar and has not been covered by security researchers to the best of our knowledge. It is only recently that it drew attention when a lu

Ukraine warned of a “massive” spear-phishing campaign carried out by Russia-linked threat actors against its government and private businesses. Three Ukrainian cybersecurity agencies (Ukrainian Secret Service, Ukrainian Cyber Police, and CERT Ukraine), including the Ukrainian Secret Service, warned last week of a “massive” spear-phishing campaign conducte

Alleged Pakistan-Linked cyber espionage group, tracked as Transparent Tribe, targets Indian entities with a new Windows malware. Researchers from Cisco Talos warn that the Pakistan-linked APT group Transparent Tribe expanded its Windows malware arsenal. The group used the new malware dubbed ObliqueRAT in cyberespionage attacks against Indian targets. T

The ever-increasing role of technology in every aspect of our society has turned cybersecurity into a major sovereignty issue for all states. Due to their asymmetrical nature, offensive cyber-capabilities have been embraced by many countries that wouldn’t otherwise have the resources to compete on a military or economic level with the most powerful nat

We present our vision of what challenges industrial cybersecurity will soon be (or already is) facing, and what to expect from cybercriminals in 2021. Random infections Infections will tend to be less random or have non-random follow-ups, as cybercriminals have spent the past several years profiling randomly infected computers that are connected to industri

Canada Centre for Cyber Security warns of risks related to state-sponsored programs from China, Russia, Iran, and North Korea. A report published by the Canadian Centre for Cyber Security, titled “National Cyber Threat Assessment 2020,” warns of risks associated with state-sponsored operations from China, Russia, Iran, and North Korea. The

For more than three years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They