Expert

Roman Dedenok

Reports

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q2 2022.

In this report, we present a UEFI firmware rootkit that we called CosmicStrand and attribute to an unknown Chinese-speaking threat actor.

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

Roman Dedenok

Email spoofing: how attackers impersonate legitimate senders

HTML attachments in phishing e-mails

Text-based fraud: from 419 scams to vishing

Publications

Text-based fraud: from 419 scams to vishing

HTML attachments in phishing e-mails

Email spoofing: how attackers impersonate legitimate senders

Doxing in the corporate sector

Reports

APT trends report Q2 2022

CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit

The SessionManager IIS backdoor

APT ToddyCat

Subscribe to our weekly e-mails