While tracking DeathStalker’s Powersing-based activities in May 2020, we detected a previously unknown implant that leveraged DNS over HTTPS as a C2 channel, as well as parts of its delivery chain. We named this new malware “PowerPepper”.
For more than three years, GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat activity. This is our latest installment, focusing on activities that we observed during Q3 2020.
The DHS CISA agency released information about a malware family called SlothfulMedia, which they attribute to a sophisticated threat actor. We have been tracking this set of activity through our private reporting service, and we would like to provide the community with additional context.
In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. The malware authors named the toolset “MT3”; following this abbreviation we have named the toolset “MontysThree”.