Online headquarters of Kaspersky Lab security experts.
533 followers 4 articles/week
Awaken Likho is awake: new techniques of an APT group

Introduction In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, we began tracking it, and published three reports in August and September 2024 through our threat research subscription on the threat actor we named Awaken Likho (also named by other vendors...

Mon Oct 7, 2024 13:07
Scam Information and Event Management

While trying to deliver malware on victims’ devices and stay on them as long as they can, sometimes attackers are using quite unusual techniques. In a recent campaign starting in 2022, unknown malicious actors have been trying to mine cryptocurrency on victims’ devices without user consent; they’ve used large amounts of resources for distribution, but...

Fri Oct 4, 2024 11:39
Finding a needle in a haystack: Machine learning at the forefront of threat hunting research

Introduction In the ever-evolving landscape of cybersecurity, logs, that is information collected from various sources like network devices, endpoints, and applications, plays a crucial role in identifying and responding to threats. By analyzing this data, organizations can detect anomalies, pinpoint malicious activity, and mitigate potential cyberattacks...

Wed Oct 2, 2024 13:16
Key Group: another ransomware group using leaked builders

Key Group, or keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group is known for negotiating with victims on Telegram and using the Chaos ransomware builder. The first public report on Key Group’s activity was released in 2023 by BI.ZONE, a cybersecurity solutions vendor: the attackers drew attention...

Tue Oct 1, 2024 13:02
Threat landscape for industrial automation systems, Q2 2024

Statistics across all threats In the second quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.9 pp from the previous quarter to 23.5%. The percentage has decreased by 3.3 pp compared to the second quarter of 2023, when the indicator reached its highest level since records began in 2022. Percentage...

Thu Sep 26, 2024 11:26
From 12 to 21: how we discovered connections between the Twelve and BlackJack groups

While analyzing attacks on Russian organizations, our team regularly encounters overlapping tactics, techniques, and procedures (TTPs) among different cybercrime groups, and sometimes even shared tools. We recently discovered one such overlap: similar tools and tactics between two hacktivist groups – BlackJack and Twelve, which likely belong to a single...

Wed Sep 25, 2024 13:08

Build your own newsfeed

Ready to give it a go?
Start a 14-day trial, no credit card required.

Create account