Dmitry Bestuzhev

Director, Global Research & Analysis Team, Latin America

Dmitry Bestuzhev is Director of Kaspersky’s Global Research and Analysis Team in Latin America, where he oversees the company’s anti-malware and threat intelligence research by experts in the region. Dmitry joined Kaspersky in 2007 as a Malware Analyst, monitoring the local threat landscape and providing preliminary analysis. By 2008, he had become Senior Regional Researcher for the Latin American region and was appointed to his current role in 2010. In addition to overseeing anti-malware research and analysis work, Dmitry produces intelligence reports and forecasts for the region and is frequently sought out by international media and organizations for his expert commentary on IT security. Dmitry’s wide field of expertise covers everything from high profile attacks on financial institutions to traditional cybercrime underground activity. Dmitry is also an expert in corporate security, cyber-espionage and complex targeted attacks and participates in various educational initiatives throughout the Americas. Dmitry has more than two decades of experience in IT security across a wide variety of roles and is fluent in English, Spanish and Russian.

@dimitribest

Reports

The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021.

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

We discovered a campaign delivering the Tomiris backdoor that shows a number of similarities with the Sunshuttle malware distributed by DarkHalo APT and target overlaps with Kazuar.

Dmitry Bestuzhev

Android NFC hack allow users to have free rides in public transportation

Targeted ransomware: it’s not just about encrypting your data!

AZORult spreads as a fake ProtonVPN installer

Cybercriminals target early IRS 2018 refunds now

A Phishing Trampoline – embedding redirects in PDF documents

Publications

Targeted ransomware: it’s not just about encrypting your data!

AZORult spreads as a fake ProtonVPN installer

Cyberthreats to financial institutions 2020: Overview and predictions

The world’s southernmost security conference

Cyberthreats to financial institutions 2019: overview and predictions

Cybercriminals target early IRS 2018 refunds now

Cybercriminals vs financial institutions in 2018: what to expect

IT threats during the 2016 Olympic Games in Brazil

First step in cross-platform Trojan bankers from Brazil done

The return of HackingTeam with new implants for OS X

Targeted mobile implants in the age of cyber-espionage

Wake up! You’ve been p0wned

Reports

APT trends report Q3 2021

Lyceum group reborn

GhostEmperor: From ProxyLogon to kernel mode

DarkHalo after SolarWinds: the Tomiris connection

Subscribe to our weekly e-mails