Home Tags Actor

Tag: actor

Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT.

From their high volume 0day deployment to their innovative and broad malware set, Sofacy is one of the top groups that we monitor, report, and protect against. 2017 was not any different in this regard.
Dated for Memorial Day 2018; now with longer, dialogue-filled version.
Lazarus, believed to operate out of North Korea, and Fancy Bear, believed to operate out of Russia, were most referenced threat actor groups in last year's cyberattacks.
Google removes four extensions that used infected computers in click fraud scheme.
At the end of September, Palo Alto released a report on Unit42 activity where they – among other things – talked about PYLOT malware. We have been detecting attacks that have employed the use of this backdoor since at least 2015 and refer to it as Travle.

Coincidentally, KL was recently involved in an investigation of a successful attack where Travle was detected, during which we conducted a deep analysis of this malware.
The end of the year is a good time to take stock of the main cyberthreat incidents that took place over the preceding 12 months or so.

To reflect on the impact these events had on organizations and individuals, and consider what they could mean for the overall evolution of the threat landscape.
Net neutrality support is just "fear-mongering and hysteria," FCC chair says.
Welcome to ransomware in 2017 – the year global enterprises and industrial systems were added to the ever-growing list of victims, and targeted attackers started taking a serious interest in the threat. It was also a year of consistently high attack numbers, but limited innovation.
In early October, a story was published by the Wall Street Journal alleging Kaspersky Lab software was used to siphon classified data from an NSA employeersquo;s home computer system.

To assist any independent investigators and all the people who have been asking us questions whether those allegations were true, we decided to conduct an internal investigation to attempt to answer a few questions we had related to the article and some others
Forever 21 learned an unauthorized actor may have accessed payment card data at certain retail stores.
Looking back at a year like 2017 brings the internal conflict of being a security researcher into full view: on the one hand, each new event is an exciting new research avenue for us, as what were once theoretical problems find palpable expression in reality. On the other hand, as people with a heightened concern for the security posture of users at large, each event is a bigger catastrophe.

APT Trends report Q3 2017

Beginning in the second quarter of 2017, Kaspersky's Global Research and Analysis Team (GReAT) began publishing summaries of the quarter's private threat intelligence reports in an effort to make the public aware of what research we have been conducting.  This report serves as the next installment, focusing on important reports produced during Q3 of 2017.