We track the ongoing activities of more than 900 advanced threat actors. Here we try to focus on what we consider to be the most interesting trends and developments of the last 12 months.
As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that the Lazarus group is going after intelligence that could help these efforts by attacking entities related to COVID-19 research.
We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs.
While tracking DeathStalker’s Powersing-based activities in May 2020, we detected a previously unknown implant that leveraged DNS over HTTPS as a C2 channel, as well as parts of its delivery chain. We named this new malware “PowerPepper”.
For more than three years, GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat activity. This is our latest installment, focusing on activities that we observed during Q3 2020.
The hottest research right in your inbox
