2024 MID OF YEAR [1]https://mp.weixin.qq.com/s/Mflg1NZVrHC6JuVm0rW6GQ [2]https://asec.ahnlab.com/ko/62771/ [3]https://asec.ahnlab.com/ko/65495/ [4]https://mp.weixin.qq.com/s/84lUaNSGo4lhQlpnCVUHfQ [5]https://www.chainalysis.com/blog/2024-crypto-money-laundering/ [6]https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/ [7]https://decoded.avast.io/luiginocamastra/from-byovd-to-a-0-day-unveiling-advanced-exploits-in-cyber-recruiting-scams/ [8]https://mp.weixin.qq.com/s/kKNkTAlUpLL2skXq3TcBfw [9]https://asec.ahnlab.com/ko/61666/ [10]https://asec.ahnlab.com/ko/62117/ [11]https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/springtail-kimsuky-backdoor-espionage [12]https://mp.weixin.qq.com/s/Pog2WXQ8uZTTZKybJFy1Ow [13]https://mp.weixin.qq.com/s/YhaEq6ogz3p5OQO_PyI-OQ [14]https://www.securonix.com/blog/securonix-threat-research-security-advisory-new-deepgosu-attack-campaign/ [15]https://www.genians.co.kr/blog/threat_intelligence/dropbox [16]https://mp.weixin.qq.com/s/7vnxz8dYmWf7Z8Cmaa8sVg [17]https://www.kroll.com/en/insights/publications/cyber/screenconnect-vulnerability-exploited-to-deploy-babyshark [18]https://www.genians.co.kr/blog/threat_intelligence/webinar-apt [19]https://www.sentinelone.com/labs/a-glimpse-into-future-scarcruft-campaigns-attackers-gather-strategic-intelligence-and-target-cybersecurity-professionals/ [20]https://mp.weixin.qq.com/s/yzd0aVq2wzi-v-eB73F6lQ [21]https://mp.weixin.qq.com/s/BOTyH6YTmVzhVInhTlzXww [22]https://mp.weixin.qq.com/s/JBX6AGPPGEPzo4SqcN9n9A [23]https://mp.weixin.qq.com/s/3GhWv3wsiAIZTClDBJxG-g [24]https://mp.weixin.qq.com/s/K-FUaffQx4g6d_hweXxCTg [25]https://www.nextron-systems.com/2024/03/22/unveiling-kamikakabot-malware-analysis/ [26]https://www.group-ib.com/blog/dark-pink-apt/ [27]https://mp.weixin.qq.com/s/eFxoX3cwpPee5z2_3G3wXw [28]https://mp.weixin.qq.com/s/_gBnAlghd3gbP-PQ5M-7yQ [29]https://mp.weixin.qq.com/s/wR7IgBmEuqqGQ9SCAV39Uw [30]https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/ [31]https://mp.weixin.qq.com/s/SAt5NU-hCbS0D6jI8gkkFQ [32]https://mp.weixin.qq.com/s/I_s5HrRWdbTW99B99udl1w [33]https://mp.weixin.qq.com/s/ENDm2bVzw89TlkljZYFdbw [34]https://www.sentinelone.com/labs/capratube-remix-transparent-tribes-android-spyware-targeting-gamers-weapons-enthusiasts/ [35]https://mp.weixin.qq.com/s/NBFwjxnm2yIwPfMn87vbRQ [36]https://blogs.blackberry.com/en/2024/05/transparent-tribe-targets-indian-government-defense-and-aerospace-sectors [37]https://mp.weixin.qq.com/s/FT7xvyGdk-WaB9nfYWPMUg [38]https://www.seqrite.com/blog/pakistani-apts-escalate-attacks-on-indian-gov-seqrite-labs-unveils-threats-and-connections/ [39]https://cyble.com/blog/the-overlapping-cyber-strategies-of-transparent-tribe-and-sidecopy-against-india/ [40]https://mp.weixin.qq.com/s/Uf708Khax2rJaUhNo1Mz1Q [41]https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth.html [42]https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/ [43]https://go.recordedfuture.com/hubfs/reports/CTA-RU-2024-0530.pdf [44]https://www.trendmicro.com/en_us/research/24/e/router-roulette.html [45]https://www.ic3.gov/Media/News/2024/240227.pdf [46]https://www.clearskysec.com/wp-content/uploads/2024/02/DoppelgangerNG_ClearSky.pdf [47]https://securityintelligence.com/x-force/itg05-leverages-malware-arsenal/ [48]https://cert.pl/posts/2024/05/apt28-kampania/ [49]https://labs.withsecure.com/publications/kapeka [50]https://www.sentinelone.com/labs/acidpour-new-embedded-wiper-variant-of-acidrain-appears-in-ukraine/ [51]https://cert.gov.ua/article/6278706 [52]https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm [53]https://blog.talosintelligence.com/tinyturla-ng-tooling-and-c2/ [54]https://blog.talosintelligence.com/tinyturla-full-kill-chain/ [55]https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/ [56]https://www.mandiant.com/resources/blog/apt29-wineloader-german-political-parties [57]https://blogs.blackberry.com/en/2024/04/fin7-targets-the-united-states-automotive-industry [58]https://www.esentire.com/blog/fin7-uses-trusted-brands-and-sponsored-google-ads-to-distribute-msix-payloads [59]https://www.microsoft.com/en-us/security/blog/2024/01/17/new-ttps-observed-in-mint-sandstorm-campaign-targeting-high-profile-individuals-at-universities-and-research-orgs/ [60]https://www.deepinstinct.com/blog/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel [61]https://www.deepinstinct.com/blog/darkbeatc2-the-latest-muddywater-attack-framework [62]https://harfanglab.io/en/insidethelab/muddywater-rmm-campaign/ [63]https://x.com/MsftSecIntel/status/1737895717870440609 [64]https://www.nextron-systems.com/2024/01/29/analysis-of-falsefont-backdoor-used-by-peach-sandstorm-threat-actor/ [65]https://unit42.paloaltonetworks.com/curious-serpens-falsefont-backdoor/#post-133071-_re5lfhtpycch [66]https://www.welivesecurity.com/en/eset-research/arid-viper-poisons-android-apps-with-aridspy/ [67]https://www.esentire.com/blog/blind-eagles-north-american-journey [68]https://mp.weixin.qq.com/s/tPVw-fbu3pQvKTYMzxb4Bw [69]https://blog.talosintelligence.com/starry-addax/ [70]https://blog.eclecticiq.com/operation-flightnight-indian-government-entities-and-energy-sector-targeted-by-cyber-espionage-campaign [71]https://www.huntandhackett.com/blog/turkish-espionage-campaigns [72]https://arcticwolf.com/resources/blog/follow-on-extortion-campaign-targeting-victims-of-akira-and-royal-ransomware/ [73]https://www.securonix.com/blog/securonix-threat-research-security-advisory-new-returgence-attack-campaign-turkish-hackers-target-mssql-servers-to-deliver-domain-wide-mimic-ransomware/ [74]https://blog.talosintelligence.com/decryptor-babuk-tortilla/ [75]https://unit42.paloaltonetworks.com/medusa-ransomware-escalation-new-leak-site/ [76]https://asec.ahnlab.com/en/60440/ [77]https://mp.weixin.qq.com/s/Css8y2rPykyNPrLkJNq9ig [78]https://asec.ahnlab.com/ko/60744/ [79]https://mp.weixin.qq.com/s/XV0x10YV-Wrs1ZI6tNHjLA [80]https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html [81]https://www.fortinet.com/blog/threat-research/phobos-ransomware-variant-launches-attack-faust [82]https://www.fortinet.com/blog/threat-research/ransomware-roundup-albabat [83]https://blog.morphisec.com/akira-ransomware-prevention-and-analysis [84]https://www.fortinet.com/blog/threat-research/ransomware-roundup-abyss-locker [85]https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html [86]https://www.trendmicro.com/en_us/research/24/c/multistage-ra-world-ransomware.html [87]https://blog.talosintelligence.com/ghostsec-ghostlocker2-ransomware/ [88]https://www.facct.ru/blog/shadow-ransomware/ [89]https://medium.com/@Intel_Ops/phobos-ransomware-analysing-associated-infrastructure-used-by-8base-646560302a8d [90]https://mp.weixin.qq.com/s/8dIxwYN3v4U7y9IECPxa7g [91]https://mp.weixin.qq.com/s/fxYSDH9NrcRkE_QFgHVIiw [92]https://blog.sonicwall.com/en-us/2024/03/new-multi-stage-stopcrypt-ransomware/ [93]https://www.trendmicro.com/en_us/research/24/c/teamcity-vulnerability-exploits-lead-to-jasmin-ransomware.html [94]https://cert.360.cn/report/detail?id=65fceeb4c09f255b91b17f11 [95]https://www.trendmicro.com/en_us/research/24/c/agenda-ransomware-propagates-to-vcenters-and-esxi-via-custom-pow.html [96]https://mp.weixin.qq.com/s/_KuFPPs6XFOICNpRjzn5AA [97]https://www.stormshield.com/news/technical-analysis-of-ransomware-crypt888 [98]https://www.netskope.com/blog/netskope-threat-coverage-evil-ant-ransomware [99]https://asec.ahnlab.com/ko/64345/ [100]https://mp.weixin.qq.com/s/ewo2Lp5arhun3dM94Pcsrw [101]https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/ [102]https://cert.360.cn/report/detail?id=663c203cc09f255b91b17fd9 [103]https://cyble.com/blog/in-the-shadow-of-venus-trinity-ransomwares-covert-ties/ [104]https://blog.sekoia.io/mallox-ransomware-affiliate-leverages-purecrypter-in-microsoft-sql-exploitation-campaigns/ [105]https://www.proofpoint.com/us/blog/threat-insight/security-brief-millions-messages-distribute-lockbit-black-ransomware [106]https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/ [107]https://www.sentinelone.com/blog/ikaruz-red-team-hacktivist-group-leverages-ransomware-for-attention-not-profit/ [108]https://securelist.com/ransomware-abuses-bitlocker/112643/ [109]https://cyble.com/blog/ransomware-menace-amplifies-for-vulnerable-industrial-control-systems-heightened-threats-to-critical-infrastructure/ [110]https://arcticwolf.com/resources/blog/lost-in-the-fog-a-new-ransomware-threat/ [111]https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomhub-knight-ransomware [112]https://www.trendmicro.com/en_us/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html [113]https://www.fortinet.com/blog/threat-research/ransomware-roundup-shinra-and-limpopo-ransomware [114]https://www.cadosecurity.com/blog/from-dormant-to-dangerous-p2pinfect-evolves-to-deploy-new-ransomware-and-cryptominer [115]https://mp.weixin.qq.com/s/xXUBLE43ZZorfVd62FWm4g [116]https://mp.weixin.qq.com/s/-vvj2RHNNkCxruLlMpfyrA [117]https://mp.weixin.qq.com/s/vvvCl1yv3JF6FPXRXT5F3A [118]https://www.secrss.com/articles/52018 [119]https://www.antiy.cn/research/notice&report/research_report/TrojanControl_Analysis.html [120]https://mp.weixin.qq.com/s/hQhAVWEykfd2bP2vTRdwsw [121]https://mp.weixin.qq.com/s/UZ557zX-pr428e6d4jO5jw [122]https://mp.weixin.qq.com/s/rHGwLo6XBGHKSObSCD3u1Q [123]https://cert.360.cn/report/detail?id=6603e9fec09f255b91b17f3f [124]https://mp.weixin.qq.com/s/ui_BU1OhIP0--FXT-b6uLg [125]https://www.antiy.cn/research/notice&report/research_report/SwimSnake_Analysis_202404.html [126]https://mp.weixin.qq.com/s/XK_UE0uLS26SB_clMqFO4w [127]https://mp.weixin.qq.com/s/Qe_5k8US7nyZHEHLshmlBg [128]https://mp.weixin.qq.com/s/TbiOIATW-Qn2uWImGoEagw [129]https://mp.weixin.qq.com/s/tNofW88EQAIZXjkCrjp8kw [130]https://mp.weixin.qq.com/s/dIuE6sXutFQ5GS5l6yMqwA [131]https://www.antiy.cn/research/notice&report/research_report/SwimSnake_Analysis_202406.html [132]https://blog.xlab.qianxin.com/unveiling-the-mystery-of-bigpanzi/ [133]https://ti.qianxin.com/blog/articles/Analysis-of-Recent-OneinStack-Supply-Chain-Poisoning-Event-CN/ [134]https://mp.weixin.qq.com/s/R0kn5STsiwIUhIqVRwnNxw [135]https://www.antiy.cn/research/notice&report/research_report/DarkMozzie.html [136]https://mp.weixin.qq.com/s/7h5rMLnv16uh27RoVrDmCw [137]https://mp.weixin.qq.com/s/MEQp4I1Ilrxf91etb0yZyQ [138]https://mp.weixin.qq.com/s/OheNN_iR_ATCkOkyK8FLAg [139]https://mp.weixin.qq.com/s/yF48xZcWb4S5aMfMchrxwg Happy New Year! 2023 YEAR IN REVIEW https://www.cisa.gov/about/2023YIR Malware Trends Overview Report: 2023 https://any.run/cybersecurity-blog/malware-trends-2023/ Yearly Intel Trend Review: 2023 https://redsense.com/publications/yearly-intel-trend-review-2023/ Mobile Threat Landscape Report: 2023 in Review https://www.lookout.com/threat-intelligence/report/mobile-landscape-threat-report 2023 summary APT reports 1. https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services 2. https://unit42.paloaltonetworks.com/cloaked-ursa-phishing/ 3. https://lab52.io/blog/2344-2/ 4. https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware 5. https://cert.gov.ua/article/5105791 6. https://blog.sekoia.io/aridviper-an-intrusion-set-allegedly-associated-with-hamas/ 7. https://mp.weixin.qq.com/s/_WMljf41eTsBrQDa3BjFTQ 8. https://mp.weixin.qq.com/s/w--fSiFrHQUaIv80AuitZQ 9. https://mp.weixin.qq.com/s/fiXIrwaDikNrV4wLGhJ_Mw 10. https://mp.weixin.qq.com/s/jI37KhBYoT1sAJOF2T5hEg 11. https://mp.weixin.qq.com/s/bOJ88Zzk27ZaHShlYUCYgA 12. https://sentinelone.com/labs/comrades-in-arms-north-korea-compromises-sanctioned-russian-missile-engineering-company/ 13. https://mp.weixin.qq.com/s/kiwP2rKfllbRq2Afn8jKWw 14. https://www.seqrite.com/blog/double-action-triple-infection-and-a-new-rat-sidecopys-persistent-targeting-of-indian-defence/ 15. https://mp.weixin.qq.com/s/OZgDgmUDZSML_NX_Wa_C6A 16. https://mp.weixin.qq.com/s/g8oSytVgRSV2773kwZYUHA 17. https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/?web_view=true 18. https://mp.weixin.qq.com/s/MhyGLPqOthzG-H2RVeobAw 19. https://mp.weixin.qq.com/s/bSsmRQFQz-2Llhd3rOfRVw 20. https://blogs.blackberry.com/en/2023/02/newspenguin-a-previously-unknown-threat-actor-targets-pakistan-with-advanced-espionage-tool 21. https://mp.weixin.qq.com/s/BvfZ5yRiVBuorgoTznY65A 22. https://securityaffairs.com/149698/apt/kimsuky-war-simulation-centre.html 23. https://mp.weixin.qq.com/s/uYV4x-46dkKpX76uzqyTmg 24. https://securelist.com/the-lazarus-group-deathnote-campaign/109490/ 25. https://www.group-ib.com/blog/dark-pink-episode-2/ 26. https://mp.weixin.qq.com/s/w--fSiFrHQUaIv80AuitZQ 27. https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/ 28. https://www.mandiant.com/resources/blog/north-korea-supply-chain 29. https://medium.com/checkmarx-security/lazarus-group-launches-first-open-source-supply-chain-attacks-targeting-crypto-sector-cabc626e404e 30. https://www.reversinglabs.com/blog/vmconnect-supply-chain-campaign-continues 31. https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/ 32. https://mp.weixin.qq.com/s/f5YE12w3x3wad5EO0EB53Q 33. https://www.cisa.gov/sites/default/files/2023-12/aa23-347a-russian-foreign-intelligence-service-svr-exploiting-jetbrains-teamcity-cve-globally_0.pdf 34. https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/ 35. https://www.mandiant.com/resources/blog/apt43-north-korea-cybercrime-espionage 36. https://mp.weixin.qq.com/s/Nk2zml2d0HtK0hszyKW2Dw 37. https://mp.weixin.qq.com/s/yX8iKaPSr9VS3Z2wsgdisw 38. https://asec.ahnlab.com/ko/50851/ 39. https://mp.weixin.qq.com/s/sO2rJbYbqLcYb3AvAUMeGg 40. https://mp.weixin.qq.com/s/gH6cWCn8PswJ4d2ef7ZSeQ 41. https://mp.weixin.qq.com/s/lvSraGnMsl3a1jEUubuvyw 42. https://www.sentinelone.com/labs/transparent-tribe-apt36-pakistan-aligned-threat-actor-expands-interest-in-indian-education-sector/ 43. https://www.seqrite.com/blog/transparent-tribe-apt-actively-lures-indian-army-amidst-increased-targeting-of-educational-institutions 44. https://mp.weixin.qq.com/s/8zpPPl6JIXqa4QEpiKC5GQ 45. https://www.fbi.gov/news/press-releases/fbi-identifies-cryptocurrency-funds-stolen-by-dprk 46. https://securelist.com/unveiling-lazarus-new-campaign/110888/ 47. https://mp.weixin.qq.com/s/EQ8nrfE3tkfg4nB8F49VLA 48. https://mp.weixin.qq.com/s/W4hkBRJnwN1G32QCpaNNoA 49. https://www.proofpoint.com/us/blog/threat-insight/ta444-apt-startup-aimed-at-your-funds 50. https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Lazarus-No-Pineapple-Threat-Intelligence-Report-2023.pdf 51. https://asec.ahnlab.com/ko/47622/ 52. https://asec.ahnlab.com/ko/47820/ 53. https://www.welivesecurity.com/2023/02/23/winordll64-backdoor-vast-lazarus-arsenal/ 54. https://mp.weixin.qq.com/s/iAGUMG7UmDFcB96HYhqRDw 55. https://asec.ahnlab.com/en/49295/ 56. https://blog.alyac.co.kr/5102 57. https://blog.alyac.co.kr/5103 58. https://medium.com/s2wblog/kimsuky-group-appears-to-be-exploiting-onenote-like-the-cybercrime-group-3c96b0b85b9f 59. https://www.zscaler.com/blogs/security-research/unintentional-leak-glimpse-attack-vectors-apt37 60. https://threatmon.io/chinotto-backdoor-technical-analysis-of-the-apt-reapers-powerful/ 61. https://asec.ahnlab.com/en/50625/ 62. https://blog.google/threat-analysis-group/how-were-protecting-users-from-government-backed-attacks-from-north-korea/ 63. https://blog.virustotal.com/2023/04/apt43-investigation-into-north-korean.html 64. https://www.welivesecurity.com/2023/04/20/linux-malware-strengthens-links-lazarus-3cx-supply-chain-attack/ 65. https://www.jamf.com/blog/bluenoroff-apt-targets-macos-rustbucket-malware/# 66. https://mp.weixin.qq.com/s/iCFz9vhYGxz0cd8_0-PhDQ 67. https://research.checkpoint.com/2023/chain-reaction-rokrats-missing-link/ 68. https://www.sentinelone.com/labs/kimsuky-evolves-reconnaissance-capabilities-in-new-global-campaign/ 69. https://asec.ahnlab.com/ko/52662/ 70. https://mp.weixin.qq.com/s/RjvwKH6UBETzUVtXje_bIA 71. https://www.genians.co.kr/hubfs/blogfile/threat_intelligence_report_apt37.pdf?hsLang=ko 72. https://asec.ahnlab.com/en/53132/ 73. https://www.sentinelone.com/labs/kimsuky-ongoing-campaign-using-tailored-reconnaissance-toolkit/ 74. https://threatmon.io/reverse-engineering-rokrat-a-closer-look-at-apt37s-onedrive-based-attack-vector/ 75. https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3413621/us-rok-agencies-alert-dprk-cyber-actors-impersonating-targets-to-collect-intell/ 76. https://mp.weixin.qq.com/s/v5JGN15kVr4zGjPkCeuovQ 77. https://asec.ahnlab.com/en/53377/ 78. https://www.sentinelone.com/labs/kimsuky-new-social-engineering-campaign-aims-to-steal-credentials-and-gather-strategic-intelligence/ 79. https://www.genians.co.kr/hubfs/blogfile/20230620_threat_inteligence_report_apt37_macos.pdf?hsLang=EN 80. https://asec.ahnlab.com/en/54349/ 81. https://mp.weixin.qq.com/s/MLkYHLzKaMYGCF4Czw0Vag 82. https://securelist.com/lazarus-andariel-mistakes-and-easyrat/110119/ 83. https://www.elastic.co/cn/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket 84. https://asec.ahnlab.com/ko/54952/ 85. https://www.sentinelone.com/blog/bluenoroff-how-dprks-macos-rustbucket-seeks-to-evade-analysis-and-detection/ 86. https://asec.ahnlab.com/en/55145/ 87. https://ti.qianxin.com/blog/articles/Cloud-Spy-Analysis-of-Recent-Attack-Activities-by-Group123-CN/ 88. https://mp.weixin.qq.com/s/13bQDJCfnTBFVMUbhKgllw 89. https://mp.weixin.qq.com/s/GMgk6LG6pYSebf4y7f7g7w 90. https://asec.ahnlab.com/en/55369/ 91. https://mp.weixin.qq.com/s/8aoOtjXn3C5sVIaE08-_GQ 92. https://www.genians.co.kr/hubfs/blogfile/20230727_threat_inteligence_report_Konni.pdf?hsLang=ko 93. https://www.sentinelone.com/labs/comrades-in-arms-north-korea-compromises-sanctioned-russian-missile-engineering-company/ 94. https://asec.ahnlab.com/ko/56256/ 95. https://blog.talosintelligence.com/lazarus-quiterat/ 96. https://blog.talosintelligence.com/lazarus-collectionrat/ 97. https://mp.weixin.qq.com/s/2AnQICw1lII3j-IcKcUThw?poc_token=HAv7d2WjfLjxoUTf772bRE3Mbqcj17JNOI8X8hRz 98. https://asec.ahnlab.com/ko/56654/ 99. https://mp.weixin.qq.com/s/PZfBhtrz6jelWIBUjRZcyw 100. https://mp.weixin.qq.com/s/Qr8lJrz9d7rgj9XH9vPCTg 101. https://mp.weixin.qq.com/s/1J4JNqLVUST6PsAWwoQ1CQ 102. https://blog.alyac.co.kr/5251 103. https://mp.weixin.qq.com/s/hwvEqIB68AAdnpQvrKNAeQ 104. https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/ 105. https://asec.ahnlab.com/ko/57427/ 106. https://asec.ahnlab.com/ko/57748/ 107. https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/ 108. https://cyble.com/blog/higaisa-apt-resurfaces-via-phishing-website-targeting-chinese-users/ 109. https://medium.com/s2wblog/fastviewer-variant-merged-with-fastspy-and-disguised-as-a-legitimate-mobile-application-f3004588f95c 110. https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn 111. https://www.jamf.com/blog/bluenoroff-strikes-again-with-new-macos-malware/ 112. https://asec.ahnlab.com/ko/58215/ 113. https://asec.ahnlab.com/ko/59209/ 114. https://asec.ahnlab.com/en/59318/ 115. https://mp.weixin.qq.com/s/s3WVSPNjkfvhROufXrDtiQ 116. https://asec.ahnlab.com/ko/59460/ 117. https://securelist.com/bluenoroff-new-macos-malware/111290/ 118. https://mp.weixin.qq.com/s/2cxW68ION9Ch2Fg37_cDqw 119. https://ti.qianxin.com/blog/articles/Analysis-of-Suspected-Lazarus-APT-Q-1-Attack-Sample-Targeting-npm-Package-Supply-Chain-CN/ 120. https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/ 121. https://mp.weixin.qq.com/s/bdAb1Bbgtd3amuziu2_Tsw 122. https://mp.weixin.qq.com/s/G3gUjg9WC96NW4cRPww6gw 123. https://www.group-ib.com/blog/dark-pink-apt/ 124. https://mp.weixin.qq.com/s/7KOjLgeHsgEI7KuDhFOiKA 125. https://www.deepinstinct.com/blog/ducktail-threat-operation-re-emerges-with-new-lnk-powershell-and-other-custom-tactics-to-avoid-detection 126. https://mp.weixin.qq.com/s/_WMljf41eTsBrQDa3BjFTQ 127. https://yoroi.company/en/research/ducktail-dissecting-a-complex-infection-chain-started-from-social-engineering/ 128. https://www.trendmicro.com/en_us/research/23/e/managed-xdr-investigation-of-ducktail-in-trend-micro-vision-one.html 129. https://www.elastic.co/cn/security-labs/elastic-charms-spectralviper 130. https://www.zscaler.com/blogs/security-research/look-ducktail 131. https://labs.withsecure.com/publications/meet-the-ducks 132. https://blog.nsfocus.net/aptdarkpinkwinrar-0daycve-2023-38831/ 133. https://www.appgate.com/blog/vietnamese-information-stealer-campaigns-target-professionals-on-linkedin 134. https://securelist.com/ducktail-fashion-week/111017/ 135. https://mp.weixin.qq.com/s/IB2w86cXcpmGS8qrOnprKw 136. https://labs.withsecure.com/publications/darkgate-rises 137. https://labs.withsecure.com/publications/ducktail 138. https://www.zscaler.com/blogs/security-research/new-php-variant-ducktail-infostealer-targeting-facebook-business-accounts 139. https://labs.withsecure.com/publications/ducktail-returns 140. https://mp.weixin.qq.com/s/JbaEpcmvC80EoE8X0DnwKQ 141. https://mp.weixin.qq.com/s/P7VXmHIB5dJl9ZoE1OBDww 142. https://mp.weixin.qq.com/s/7Q2nulqLsofjSftbWQt2kA 143. https://mp.weixin.qq.com/s/rslBGQgTL_jZD73AJqI05Q 144. https://mp.weixin.qq.com/s/SR-m-RrqyT3V2zkOPBm-9g 145. https://mp.weixin.qq.com/s/xU7b3m-L2OlAi2bU7nBj0A 146. https://www.group-ib.com/media-center/press-releases/sidewinder-apt-report/ 147. https://threatmon.io/apt-sidecopy-targeting-indian-government-entities/ 148. https://mp.weixin.qq.com/s/RD03YH2ngRUbUmE80d18Uw 149. https://blog.cyble.com/2023/03/21/notorious-sidecopy-apt-group-sets-sights-on-indias-drdo/ 150. https://mp.weixin.qq.com/s/21kLaaPEzGBBAlguLgU9Cw 151. https://mp.weixin.qq.com/s/duZiNBDwPwJ3QbbaFrNzYg 152. https://www.intezer.com/blog/research/phishing-campaign-targets-nuclear-energy-industry/ 153. https://www.cyfirma.com/outofband/donot-apt-targets-individuals-in-south-asia-using-android-malware/ 154. https://mp.weixin.qq.com/s/ZJsZ5yqQzy5VnUNrB9ylxg 155. https://www.uptycs.com/blog/cyber_espionage_in_india_decoding_apt_36_new_linux_malware 156. https://mp.weixin.qq.com/s/Lb_NYxhi9iJgmvI2wjY9qg 157. https://www.fortinet.com/blog/threat-research/clean-rooms-nuclear-missiles-and-sidecopy 158. https://blogs.blackberry.com/en/2023/05/sidewinder-uses-server-side-polymorphism-to-target-pakistan 159. https://mp.weixin.qq.com/s/sYk4pTMJloRuogBMnD3hRg 160. https://www.group-ib.com/blog/hunting-sidewinder/ 161. https://mp.weixin.qq.com/s/QTSefcnpZ9AeG0v2SIpwuA 162. https://mp.weixin.qq.com/s/DhQj9-0QLwVSQYH_uGDw2g 163. https://mp.weixin.qq.com/s/WU0VnMCf-FQyXiBkZfZAEw 164. https://mp.weixin.qq.com/s/H-ZRvcofbzwZ8Ikyn5Vu4w 165. https://perception-point.io/blog/operation-red-deer/ 166. https://mp.weixin.qq.com/s/MZadlpXbpCfQAv41rtVm3A 167. https://www.seqrite.com/blog/double-action-triple-infection-and-a-new-rat-sidecopys-persistent-targeting-of-indian-defence 168. https://www.cyfirma.com/outofband/donot-apt-elevates-its-tactics-by-deploying-malicious-android-apps-on-google-play-store/ 169. https://www.rewterz.com/rewterz-news/rewterz-threat-alert-apt-c-35-aka-donot-team-active-iocs-14/ 170. https://www.rewterz.com/rewterz-news/rewterz-threat-alert-sidewinder-apt-group-launches-cyber-espionage-campaign-against-pakistan-government-active-iocs/ 171. https://asec.ahnlab.com/en/54916/ 172. https://mp.weixin.qq.com/s/ewGyvlmWUD45XTVsoxeVpg 173. https://threatmon.io/from-slides-to-threats-transparent-tribes-new-attack-on-indian-government-entities-using-malicious-ppt/ 174. https://threatmon.io/unraveling-the-complex-infection-chain-analysis-of-the-sidecopy-apts-attack/ 175. https://mp.weixin.qq.com/s/qkWD_X3aFPURThJqu7lbvg 176. https://mp.weixin.qq.com/s/HVhXyIB4sKuG6dDwwe4Pcw 177. https://mp.weixin.qq.com/s/9cqXdFn7erJupk9QPRhqpg 178. https://mp.weixin.qq.com/s/FJXfNLhWjBjBHMqWKgdPNw 179. https://mp.weixin.qq.com/s/WJji5Dr9OHSgwIaySetCfg 180. https://mp.weixin.qq.com/s/VCGI3FtR4LwXpWzf5EuLIA 181. https://mp.weixin.qq.com/s/6bicaHGYmOBQmXnm27NNAQ 182. https://mp.weixin.qq.com/s/nMTQww-jHkdKBWFPYdfprA 183. https://mp.weixin.qq.com/s/IOBCV0hUVjFUrEbbYnRW-w 184. https://www.zscaler.com/blogs/security-research/peek-apt36-s-updated-arsenal 185. https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/ 186. https://www.seqrite.com/blog/sidecopys-multi-platform-onslaught-leveraging-winrar-zero-day-and-linux-variant-of-ares-rat/ 187. https://mp.weixin.qq.com/s/iWx2tGCLOR0JtDBnC3FOwQ 188. https://mp.weixin.qq.com/s/CRx7NLPE4zzGwHEoWe8_bA 189. https://mp.weixin.qq.com/s/NpEpqjOCLKDRsRHJP-zTgA 190. https://mp.weixin.qq.com/s/cew83Kzo6omopGlPG-qgxw 191. https://mp.weixin.qq.com/s/o8KeGK1DKFfXCQT2KFdhHA 192. https://www.seqrite.com/blog/operation-rusticweb-targets-indian-govt-from-rust-based-malware-to-web-service-exfiltration/ 193. https://www.mandiant.com/resources/blog/turla-galaxy-opportunity 194. https://cert.gov.ua/article/3718487 195. https://www.welivesecurity.com/2023/01/27/swiftslicer-new-destructive-wiper-malware-ukraine/ 196. https://therecord.media/latvia-confirms-phishing-attack-on-ministry-of-defense-linking-it-to-russian-hacking-group/ 197. https://cert.gov.ua/article/3761023 198. https://mrtiepolo.medium.com/russian-apt-gamaredon-exploits-hoaxshell-to-target-ukrainian-organizations-173427d4339b 199. https://mrtiepolo.medium.com/sophisticated-apt29-campaign-abuses-notion-api-to-target-the-european-commission-200188059f58 200. https://threatmon.io/beyond-bullets-and-bombs-an-examination-of-armageddon-groups-cyber-warfare-against-ukraine/ 201. https://blogs.blackberry.com/en/2023/03/nobelium-targets-eu-governments-assisting-ukraine 202. https://informnapalm.org/en/hacked-russian-gru-officer/ 203. https://www.gov.pl/web/baza-wiedzy/espionage-campaign-linked-to-russian-intelligence-services 204. https://securityintelligence.com/posts/ex-conti-fin7-actors-collaborate-new-domino-backdoor/ 205. https://blog.eclecticiq.com/exposed-web-panel-reveals-gamaredon-groups-automated-spear-phishing-campaigns 206. https://www.ncsc.gov.uk/news/apt28-exploits-known-vulnerability-to-carry-out-reconnaissance-and-deploy-malware-on-cisco-routers 207. https://securelist.com/tomiris-called-they-want-their-turla-malware-back/109552/ 208. https://labs.withsecure.com/publications/fin7-target-veeam-servers 209. https://www.prodaft.com/resource/detail/paperbug-nomadic-octopus-paperbug-campaign 210. https://cert.gov.ua/article/4492467 211. https://cert.gov.ua/article/4501891 212. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/analyzing-the-ntc-vulkan-leak-what-it-says-about-russias-cyber-capabilities/ 213. https://thedfirreport.com/2023/06/12/a-truly-graceful-wipe-out/ 214. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-russia-ukraine-military 215. https://cert.gov.ua/article/4905718 216. https://www.recordedfuture.com/bluedelta-exploits-ukrainian-government-roundcube-mail-servers 217. https://cert.gov.ua/article/4905829 218. https://cert.gov.ua/article/5098518 219. https://lab52.io/blog/2344-2/ 220. https://blog.talosintelligence.com/malicious-campaigns-target-entities-in-ukraine-poland/ 221. https://cert.gov.ua/article/5160737 222. https://cert.gov.ua/article/5213167 223. https://www.avertium.com/resources/threat-reports/evolution-of-russian-apt29-new-attacks-and-techniques-uncovered 224. https://mp.weixin.qq.com/s/32U2nBhyE0hjBWSKhwCT4g 225. https://go.recordedfuture.com/hubfs/reports/cta-2023-0727-1.pdf 226. https://blog.eclecticiq.com/german-embassy-lure-likely-part-of-campaign-against-nato-aligned-ministries-of-foreign-affairs 227. https://www.cisa.gov/news-events/analysis-reports/ar23-243a 228. https://www.zscaler.com/blogs/security-research/steal-it-campaign 229. https://www.silentpush.com/blog/from-russia-with-a-71 230. https://unit42.paloaltonetworks.com/turla-pensive-ursa-threat-assessment/ 231. https://mp.weixin.qq.com/s/QFlQ_I08mDwyl8wl5_vshQ 232. https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/ 233. https://www.cert.ssi.gouv.fr/uploads/CERTFR-2023-CTI-009.pdf 234. https://unit42.paloaltonetworks.com/pensive-ursa-uses-upgraded-kazuar-backdoor/ 235. https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology 236. https://www.rnbo.gov.ua/files/2023_YEAR/CYBERCENTER/november/APT29%20attacks%20Embassies%20using%20CVE-2023-38831%20-%20report%20en.pdf 237. https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/ 238. https://www.wojsko-polskie.pl/woc/articles/aktualnosci-w/detecting-malicious-activity-against-microsoft-exchange-servers/ 239. https://www.proofpoint.com/us/blog/threat-insight/ta422s-dedicated-exploitation-loop-same-week-after-week 240. https://mp.weixin.qq.com/s/qXEGbV6LTn_UdJrSKS-srg 241. https://socradar.io/dark-web-profile-muddywater-apt-group/ 242. https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users/ 243. https://www.trendmicro.com/en_us/research/23/b/new-apt34-malware-targets-the-middle-east.html 244. https://www.gov.il/en/departments/news/_muddywater 245. https://mp.weixin.qq.com/s/NomfjAjGYdsOpLBtiOSZpA 246. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mantis-palestinian-attacks 247. https://www.microsoft.com/en-us/security/blog/2023/04/07/mercury-and-dev-1084-destructive-attack-on-hybrid-environment/ 248. https://www.microsoft.com/en-us/security/blog/2023/04/18/nation-state-threat-actor-mint-sandstorm-refines-tradecraft-to-attack-high-value-targets/ 249. https://www.group-ib.com/blog/muddywater-infrastructure/ 250. https://research.checkpoint.com/2023/educated-manticore-iran-aligned-threat-actor-targeting-israel-via-improved-arsenal-of-tools/ 251. https://www.bitdefender.com/blog/businessinsights/unpacking-bellaciao-a-closer-look-at-irans-latest-malware/ 252. https://www.welivesecurity.com/2023/05/02/apt-groups-muddying-waters-msps/ 253. https://research.checkpoint.com/2023/agrius-deploys-moneybird-in-targeted-attacks-against-israeli-organizations/ 254. https://www.volexity.com/blog/2023/06/28/charming-kitten-updates-powerstar-with-an-interplanetary-twist/ 255. https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater 256. https://www.proofpoint.com/us/blog/threat-insight/welcome-new-york-exploring-ta453s-foray-lnks-and-mac-malware 257. https://mp.weixin.qq.com/s/XVV3BoAd7CdPaZ0na8ID1Q 258. https://mp.weixin.qq.com/s/e4S10n9sLxJrmmgyJFZN0g 259. https://mp.weixin.qq.com/s/YEIyUjvG2rmgrI8gDDAPBA 260. https://www.welivesecurity.com/en/eset-research/sponsor-batch-filed-whiskers-ballistic-bobcats-scan-strike-backdoor/ 261. https://www.microsoft.com/en-us/security/blog/2023/09/14/peach-sandstorm-password-spray-campaigns-enable-intelligence-collection-at-high-value-targets/ 262. https://mp.weixin.qq.com/s/-LYXJtjEhdwa8Km_Ri1cXg 263. https://www.welivesecurity.com/en/eset-research/oilrigs-outer-space-juicy-mix-same-ol-rig-new-drill-pipes/ 264. https://www.welivesecurity.com/en/eset-research/stealth-falcon-preying-middle-eastern-skies-deadglyph/ 265. https://www.trendmicro.com/en_us/research/23/i/apt34-deploys-phishing-attack-with-new-malware.html 266. https://mp.weixin.qq.com/s/xy9PfucgtYTzae_XLWsN6w 267. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/crambus-middle-east-government 268. https://blog.sekoia.io/aridviper-an-intrusion-set-allegedly-associated-with-hamas/ 269. https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/ 270. https://blog.talosintelligence.com/arid-viper-mobile-spyware/ 271. https://www.deepinstinct.com/blog/muddywater-en-able-spear-phishing-with-new-ttps 272. https://unit42.paloaltonetworks.com/agonizing-serpens-targets-israeli-tech-higher-ed-sectors/ 273. https://www.sentinelone.com/labs/arid-viper-apts-nest-of-spyc23-malware-continues-to-target-android-devices/ 274. https://mp.weixin.qq.com/s/f6T_ZQHyLcDcJZrHiHDxFA 275. https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government 276. https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/ 277. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms 278. https://securelist.com/operation-triangulation/109842/ 279. https://securelist.com/find-the-triangulation-utility/109867/ 280. https://securelist.com/triangledb-triangulation-implant/110050/ 281. https://securelist.com/triangulation-validators-modules/110847/ 282. https://securelist.com/operation-triangulation-catching-wild-triangle/110916/ 283. https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/ 284. https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/ 285. https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia 286. https://mp.weixin.qq.com/s/agvWfF-UBTbTevUSm2yspw 287. https://threatmon.io/apt-blind-eagles-malware-arsenal-technical-analysis/ 288. https://mp.weixin.qq.com/s/6YDnMAf0laiLKukJ04XLTQ 289. https://it.rising.com.cn/anquan/20037.html 290. https://mp.weixin.qq.com/s/-7U1-NTP0EdVOtptzbHUsg 291. https://mp.weixin.qq.com/s/b0FSKQ6D3MvlA8yX3v4IUg 292. https://mp.weixin.qq.com/s/5e_FTpMsciVFouWpigV7Gw 293. https://www.trendmicro.com/en_us/research/23/b/earth-kitsune-delivers-new-whiskerspy-backdoor.html 294. https://blog.sekoia.io/following-noname05716-ddosia-projects-targets/ 295. https://securelist.com/goldenjackal-apt-group/109677/ 296. https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/ 297. https://www.paloaltonetworks.com/blog/security-operations/through-the-cortex-xdr-lens-uncovering-a-new-activity-group-targeting-governments-in-the-middle-east-and-africa/ 298. https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/space-pirates-a-look-into-the-group-s-unconventional-techniques-new-attack-vectors-and-tools/ 299. https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ 300. https://mp.weixin.qq.com/s/DZwbJ8-UTji29kH2on90fQ 301. https://mp.weixin.qq.com/s/dOQ5kA7MwQCDg2x_NgBoEA 302. https://www.barracuda.com/company/legal/esg-vulnerability 303. https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally 304. https://msrc.microsoft.com/blog/2023/07/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email/ 305. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-193a 306. https://practical365.com/storm-0558-snafus/ 307. https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/view?pli=1#gid=1746868651 308. https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/ 309. https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/ 310. https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/ 311. https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html 312. https://ti.qianxin.com/uploads/2023/03/20/396eaf4482e610119ce0cdcd7526c945.pdf 313. https://ti.qianxin.com/apt/detail/5acb29d0596a10001a1a9794?name=Turla&type=map 314. https://blogs.blackberry.com/en/2023/07/romcom-targets-ukraine-nato-membership-talks-at-nato-summit