APT
울진 산불 피해 기부 영수증으로 위장한 워드 문서 APT 공격 (Kimsuky)
지난 3월 초 울진, 삼척 일대에 큰 산불이 발생하여 피해 복구 및 이재민을 돕기 위해 전국 각지에서 기부 행렬이 이어졌다. 이러한 상황에서 ASEC 분석팀은 ...
Bahamut碎碎念
去年写了一篇Bahamut's cyber espionage campaign in Kashmir。为什么再次更新Bahamut?公众号在积灰 因为国内研究这个组织的人少,一些情报不准或者没...
Chinese Threat Actor Scarab Targeting Ukraine
Executive Summary Ukraine CERT (CERT-UA) has released new details on UAC-0026, which SentinelLabs confirms is associated with the suspected Chin...
Operation Dragon Castling: APT group targeting betting companies
Introduction We recently discovered an campaign we are calling . The campaign is targeting what appears to be betting companies in , more specifica...
每周高级威胁情报解读(2022.03.17~03.24)
2022.03.17~03.24 攻击团伙情报PROMETHIUM伪装为WinRar.exe的攻击活动分析“APT-C-40”Quantum(量子)攻击系统分析报告APT35 使用 ProxyShell 自动化初始访问I...
Suspected DarkHotel APT activity update
Introduction: Our advanced threat research team has discovered a first-stage malicious campaign targeting luxury hotels in Macao, China since the l...
Pandora勒索软件分析报告
点击上方'蓝字'关注我们吧!01概述近期,安天CERT(CCTGA勒索软件防范应对工作组成员)发现多起针对汽车行业的勒索软件攻击事件,包括:Bridgestone(轮胎供...
What is Arid Gopher? An Analysis of a New, Never-Before-Seen Malware Variant
Executive Summary Deep Instinct’s Threat Research team has found a new, undocumented malware developed in Golang The malware is attributed to ...
Quantum(量子)攻击系统 – 美国国家安全局“APT-C-40”黑客组织高端网络攻击武器技术分析报告(一)
“APT”(高级持续性攻击)是一种针对性、隐蔽性、持续性极强的网络攻击行为。现已发现的绝大多数APT组织都具有国家或政府背景,相关攻击行为通常由某个与特定...
APT35 Automates Initial Access Using ProxyShell
In December 2021, we observed an adversary exploiting the Microsoft Exchange ProxyShell vulnerabilities to gain initial access and execute code via...