Destructive Attack 'DUSTMAN' |
Jan |
SA NCSC |
Caught in the Act: Running a Realistic Factory Honeypot to Capture Real Threats |
Jan |
Trend Micro |
North American Electric Cyber Threat Perspective |
Jan |
Dragos |
New Destructive Wiper "ZeroCleare" Targets Energy Sector in the Middle East |
Jan |
IBM |
APT10 Threat Analysis Report |
Jan |
Adeo |
Fox Kitten Campaign: Widespread Iranian Espionage-Offensive Campaign |
Feb |
ClearSky |
Crime Without Punishment: In-depth analysis of js-sniffers |
Feb |
Group IB |
International Security and Estonia |
Feb |
EFIS |
And then there were 6: A story of cyberspionage incident response by DART that uncovered five additional threat actors in one environment |
Feb |
Microsoft |
Cloud Snooper attack bypasses firewall security measures |
Feb |
Sophos |
Profiling of TA505 Threat Group That Continues to Attack the Financial Sector |
Feb |
FSI |
The Lazarus Constellation A study on North Korean malware |
Feb |
Lexfo |
Operation Poisoned News: Hong Kong Users Targeted with Mobile Malware via Local News Links |
Mar |
Trend Micro |
Bearing Witness: Uncovering the Logic Behind Russian Military Cyber Operations |
Mar |
Booz Allen |
Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan |
Mar |
Trend Micro |
Decade of the RATs: Novel APT Attacks Targeting Linux, Windows and Android |
Apr |
BlackBerry |
Revealing Targets of the Iranian MuddyWater Group, Extracted from their C2 |
Apr |
Clearsky |
New dark_nexus IoT Botnet Puts Others to Shame |
Apr |
Bitdefender |
Chinese Influence Operations Evolve in Campaigns Targeting Taiwanese Elections, Hong Kong Protests |
Apr |
RecordedFuture |
APTs and COVID-19: How advanced persistent threats use the coronavirus as a lure |
Apr |
MalwareBytes |
Craft for Resilence - APT Group Chimera - APT Operation Skeleton Key Targets Taiwan Semiconductor Vendors |
Apr |
CyCraft |
The 'Spy Cloud' Operation: Geumseong121 group carries out the APT attack disguising the evidence of North Korean defection |
Apr |
ESRC |
Threat landscape for industrial automation systems |
Apr |
Kaspersky |
Uncovering DRBControl Inside the Cyberespionage Campaign Targeting Gambling Operations |
Apr |
Trend Micro |
Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia |
May |
Bitdefender |
The "Silent Night" Zloader/Zbot |
May |
Malwarebytes & Hyas |
Tactics, Techniques and Procedures Used to Target Australian Networks |
May |
ACSC |
Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia |
May |
BitDefender |
Leery Turtle Threat Report |
May |
CyberStruggle |
AWS Shield Threat Landscape Report Q1 2020 |
May |
AWS |
Shifts in Underground Markets |
May |
Trend Micro |
From AGENT.BTZ to COMRAT V4. A ten-year journey |
May |
ESET |
Mobile APT Surveillance Campaigns Targeting Uyghurs |
Jun |
Lookout |
The Dark Overlord Cyber Investigation Report |
Jul |
Data Viper |
Study of the APT attacks on state institutions in Kazakhstan and Kyrgyzstan |
Jul |
Dr.Web |
The Hacker Infrastructure and Underground Hosting. An overview of the cybercriminal market |
Jul |
Trend Micro |
Worm War: The Botnet Battle for IoT Territory |
Jul |
Trend Micro |
APT29 targets COVID-19 vaccine development |
Jul |
NCSC |
Card Fraud in a PSD2 World: A Few Examples |
Jul |
Cyber R&D Lab |
THE FAKE CISCO: Hunting for backdoors in Counterfeit Cisco devices |
Jul |
F-Secure |
Cosmic Lynx: The Rise of Russian BEC |
Jul |
Agari |
Chinese state-sponsored group 'reddelta' targets the Vatican and Catholic organizations |
Jul |
Recorded Future |
Operation 'Dream Job'. Widespread North Korean Espionage Campaign |
Aug |
ClearSky |
Pillars of Russia's Desinformation and Propaganda Ecosystem |
Aug |
U.S. Department of State |
Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware |
Aug |
NSA and FBI |
No need to hack when it's leaking: GITHUB HEALTHCARE LEAKS |
Aug |
GitHub |
LAZARUS GROUP: Campaign Targetting The Cryptocurrenct Vertical |
Aug |
F-Secure |
Development of the activity of the TA505 Cybercriminal Group |
Aug |
ANSSI |
The Kittens Are Back in Town 3 Charming Kitten Campaign Evolved and Deploying Spear-Phishing link by WhatsApp |
Aug |
ClearSky |
FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks |
Aug |
USCYBERCOM |
ULTRARANK The unexpected twist of a JS-sniffer triple threat |
Aug |
Group IB |
CERBERUS Banking Trojan Analysis |
Aug |
Cyberwise |
REDCURL The pentest you didn't know about |
Aug |
Group IB |
The French Underground Under a Shroud of Extreme Caution |
NA |
Trend Micro |
Cybercrime in West Africa Poised for an Underground Market |
NA |
Trend Micro |
Lock Like a Pro: How QAKBOT Fuels Enterprise Ransomware Campaigns |
Sep |
Group IB |
SideCopy An insight into Transparent Tribe's sub-division which has been incorrectly attributed for years |
Sep |
Seqrite |
ShadowPad: new activity from the Winnti group |
NA |
PT |
LATAM Financial Cybercrime: Competitors-in-crime sharing TTPs |
NA |
ESET |
Threat landscape for industrial automation systems |
Sep |
Kaspersky |
AT commands, Tor-based communications: meet ATTOR, A fantasy creature and also a Spy platform |
NA |
ESET |
Operation Earth Kitsune Tracking SLUB's Current Operations |
Oct |
Trend Micro |
Study of the ShadowPad APT backdoor and its relation to PlugX |
Oct |
Dr.Web |
North Korean Advanced Persistent Threat Focus: Kimsuky |
Oct |
CISA/FBI/CNMF |
Le Malware-as-a-service EMOTET |
Oct |
ANSSI |
Supply Chain Attacks in the Age of Cloud Computing: Risks, Mitigations, and the Importance of Securing Back Ends |
Oct |
Trend Micro |
Operation Quicksand MuddyWater’s Offensive Attack Against Israeli Organizations |
Oct |
Clear Sky |
Banking Web Injects Are Top Cyber Threat for Financial Sector |
Oct |
Recorded Future |
CHAES: Novel Malware Targeting Latin American E-Commerce |
Nov |
Cybereason |
Threat Profile JUPYTER Infostealer |
Nov |
Morphisec |
Analysis of the Bookcodes RAT C2 framework starting with spear phishing |
Nov |
KR CERT |
Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions |
Nov |
BitDefender |
TTPs 2 Analysis of the Bookcodes RAT C2 framework starting with spear phishing |
Nov |
KrCERT |
TRICKBOT Now Offers 'TRICKBOOT': PERSIST, BRICK, PROFIT |
Dec |
Eclypsium |
MOLERATS in the Cloud: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign |
Dec |
Cybereason |
Adversary Tracking Report When a false flag doesn't work: Exploring the digital-crime underground at campaign preparation stage |
Dec |
Telsy |
EyeD4kRAT/ShirBiter Overview |
Dec |
Nyotron |
Egregor Ransomware: The Legacy of Maze Lives on |
Dec |
Group IB |
Finding APTX: Attributing attacks via MITRE TTPs |
Dec |
Trend Micro |
APT27 Turns to Ransomware |
Dec |
Profero |