Security Affairs

NOVEMBER 25, 2020

Group-IB supported an INTERPOL-led operation Falcon targeting business email compromise cybercrime gang from Nigeria, dubbed TMT. Group-IB , a global threat hunting and intelligence company, supported an INTERPOL-led operation Falcon targeting business email compromise (BEC) cybercrime gang from Nigeria, dubbed TMT by Group-IB.

Cybercrime 127

Cybercrime Phishing Social Engineering Spyware 127

SecureList

NOVEMBER 17, 2021

Last year, we foresaw the APT and cybercrime worlds becoming more porous on an operational level. The Israeli Defense Forces (IDF) have claimed that threat actors have been using catfishing to lure Israeli soldiers into installing spyware. Let’s start by looking at the predictions we made for 2021.

Mobile 127

Mobile Surveillance Ransomware Government 127

SecureList

NOVEMBER 1, 2022

In June, we identified a previously unknown Android spyware app that targets Persian-speaking individuals. The spyware itself collects various data from the victims’ devices, such as call logs or lists of contacts. Where CVE-2017-0261 was used before, CVE-2017-11228 replaces it. í religion that are banned in Iran.

Malware 138

Malware Ransomware Spyware Encryption 138

Security Affairs

AUGUST 1, 2022

An Australian national has been charged for the creation and sale of the Imminent Monitor (IM) spyware, which was also used for criminal purposes. The 24-year-old Australian national Jacob Wayne John Keen has been charged for his alleged role in the development and sale of spyware known as Imminent Monitor (IM).

Spyware 103

Spyware Malware Cybercrime Hacking 103

SecureList

APRIL 27, 2021

Further investigation of the Sunburst backdoor revealed several features that overlap with a previously identified backdoor known as Kazuar , a.NET backdoor first reported in 2017 and tentatively linked to the Turla APT group. webshells and Exaramel implants. Final thoughts.

Malware 137

Malware Spyware Government Social Engineering 137

SecureList

JULY 27, 2023

Following this, we released the first of a series of additional reports describing the final payload in the infection chain: a highly sophisticated spyware implant that we dubbed “TriangleDB” Operating in memory, this implant periodically communicates with the C2 (command and control) infrastructure to receive commands.

Malware 82

Malware Government Phishing Social Engineering 82

SecureList

OCTOBER 26, 2021

ShadowPad is a highly sophisticated, modular cyberattack platform that APT groups have used since 2017. Historically, Lazarus used MATA to attack various industries for cybercrime-like intentions: stealing customer databases and spreading ransomware. Historically, its Windows implant was represented by a single-stage spyware installer.

Malware 139

Malware Government Surveillance Spyware 139