Pierre Delcher

Senior Security Researcher at Kaspersky`s GReAT

As a computer-sciences engineer, Pierre walked his first miles on the cybersecurity road pentesting industrial systems and designing security architectures, applications and operating systems for critical infrastructures. He then worked for eight years within French government (ANSSI, MoD), where he notably designed national cybersecurity crisis plans, conducted large-scale incident-response operations on critical infrastructures, managed a threat-intelligence team, and drove international partnerships. Pierre also worked as CISO for a multinational corporation. Pierre is an organized and creative thinker, who likes tuning all the knobs to get actionable results – from embedded microcontrollers development to policies. He joined Kaspersky GReAT in 2020 to get his hands back on threat-intelligence operations.

@securechicken

Pierre Delcher

Reports

In this report we focus on tactics, techniques, and procedures (TTPs) of the DeftTorero (aka Lebanese Cedar or Volatile Cedar) threat actor, which targets Middle East countries.

Kimsuky (also known as Thallium, Black Banshee and Velvet Chollima) is a prolific and active threat actor primarily targeting Korea-related entities. In early 2022, we observed this group was attacking the media and a think-tank in South Korea.

VileRAT is a Python implant, part of an evasive and highly intricate attack campaign against foreign exchange and cryptocurrency trading companies.

Earlier, the CISA published an alert related to a Stairwell report, “Maui Ransomware.” Our data should openly help solidify the attribution of the Maui ransomware incident to the Korean-speaking APT Andariel, also known as Silent Chollima and Stonefly.

Pierre Delcher

What did DeathStalker hide between two ferns?

The SessionManager IIS backdoor

Researchers call for a determined path to cybersecurity

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

Publications

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

The SessionManager IIS backdoor

Owowa: the add-on that turns your OWA into a credential stealer and remote access panel

DarkHalo after SolarWinds: the Tomiris connection

The leap of a Cycldek-related threat actor

Researchers call for a determined path to cybersecurity

What did DeathStalker hide between two ferns?

IAmTheKing and the SlothfulMedia malware family

Lifting the veil on DeathStalker, a mercenary triumvirate

Lazarus on the hunt for big game

Holy water: ongoing targeted water-holing attack in Asia

External Publications

GReAT Ideas. Powered by Croissant. Baguette edition.

Multi-stakeholder Community Talks on Cyber Diplomacy

GReAT Ideas. Powered by SAS: threat hunting and new techniques

GReAT Ideas. Powered by SAS: threat actors advance on new fronts

Reports

DeftTorero: tactics, techniques and procedures of intrusions revealed

Kimsuky’s GoldDragon cluster and its C2 operations

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

Andariel deploys DTrack and Maui ransomware

Subscribe to our weekly e-mails