Principal Security Researcher, Global Research & Analysis Team
Kurt joined Kaspersky in 2010. He researches and reports on targeted attack activity, complex intrusions, and advanced malware. He focuses on privacy and cryptography technologies. Kurt contributes to working groups and shares his findings with other members of various online communities. He regularly gives presentations on malware issues at international conferences and offers his thoughts to a variety of journalists and media about current cybersecurity matters. Prior to joining Kaspersky, Kurt was VP of Behavioral Threat Research at Symantec for PC Tools’ ThreatFire. Originally joining ThreatFire when it was a startup in 2005, Kurt was as their sole researcher and led their research efforts through two successful acquisitions. Before Symantec, Kurt was Chief Threat Officer at Novatix and a Threat Analyst at SonicWALL.In this report we focus on tactics, techniques, and procedures (TTPs) of the DeftTorero (aka Lebanese Cedar or Volatile Cedar) threat actor, which targets Middle East countries.
Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.
VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies.
Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.