2022-12-09 16:07   APT Cloud Atlas: Unbroken Threat    #PT ESC Threat Intelligence #威胁情报 Specialists at the PT Expert Security Center have been monitoring the Cloud Atlas group since May 2019.The goals of the group are espionage and theft of confidential information.The group typically uses phishing emails with malicious attachments as the initial vector for their attacks.In the third q

2022-12-06 00:00   TgRAT    #PT ESC Threat Intelligence #威胁情报 During an investigation, Positive Technologies Expert Security Center (PT ESC) discovered a hacking toolkit that used the Telegram messaging app to manage backdoors. To penetrate the network and move laterally within it, attackers used both known malware, such as I

2022-08-04 00:00   Flying in the clouds: APT31 renews its attacks on Russian companies through cloud storage    #PT ESC Threat Intelligence #威胁情报 In April 2022, PT Expert Security Center detected an attack on a number of Russian media and energy companies that used a malicious document called «list.docx» to extract a malicious payload packed with VMProtect. Having analyzed the network packet, we found it to be identical to the one we studied

2022-05-17 00:00   Space Pirates: analyzing the tools and connections of a new hacker group    #PT ESC Threat Intelligence #威胁情报 At the end of 2019, Positive Technologies Expert Security Center (PT ESC) found a phishing email aimed at a Russian aerospace enterprise. It contained a link to previously unknown malware. Our experts discovered the same malware in 2020 when investigating an information security incident at a Russia

2021-09-30 05:00   Masters of Mimicry: new APT group ChamelGang and its arsenal    #PT ESC Threat Intelligence #威胁情报  In Q2 2021, the PT Expert Security Center incident response team conducted an investigation in an e

2021-08-03 00:00   APT31 new dropper. Target destinations: Mongolia, Russia, the U.S., and elsewhere    #PT ESC Threat Intelligence #威胁情报 PT Expert Security Center (PT ESC) specialists regularly track the activity of hacker groups

2021-04-27 00:00   Lazarus Group Recruitment: Threat Hunters vs Head Hunters    #PT ESC Threat Intelligence #威胁情报  At the end of September 2020, Positive Technologies Expert Security Center (PT ESC ) was involved i

2021-04-12 00:00   PaaS, or how hackers evade antivirus software    #PT ESC Threat Intelligence #威胁情报  Malware is one of the main tools of any hacking group. Depending on the level of qualification and

2021-01-14 00:00   Higaisa or Winnti? APT41 backdoors, old and new    #PT ESC Threat Intelligence #威胁情报 The PT Expert Security Center regularly spots emerging threats to information security, including bo

2020-11-27 00:00   Investigation with a twist: an accidental APT attack and averted data destruction    #PT ESC Threat Intelligence #威胁情报 In late April 2020, a client invited the CSIRT incident response team at the Positive Technologies E

2020-09-29 00:00   ShadowPad: new activity from the Winnti group    #PT ESC Threat Intelligence #威胁情报 

2020-06-19 00:00   The eagle eye is back: old and new backdoors from APT30    #PT ESC Threat Intelligence #威胁情报 On April 8, 2020, our pros at the PT Expert Security Center detected signs of life from a well-known

2020-06-16 00:00   Cobalt: tactics and tools update    #PT ESC Threat Intelligence #威胁情报  Specialists from PT Expert Security Center has been monitoring the activity of the Cobalt group sin

2020-06-04 00:00   COVID-19 and New Year greetings: an investigation into the tools and methods used by the Higaisa group    #PT ESC Threat Intelligence #威胁情报 In March 2020 specialists from the PT Expert Security Center conducted an analysis on the activities