Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-07-21Twitter (@bkMSFT)Ben Koehl
@online{koehl:20210721:anssi:d77e4ad, author = {Ben Koehl}, title = {{Tweet on an ANSSI report detailing APT31 intrusions in France}}, date = {2021-07-21}, organization = {Twitter (@bkMSFT)}, url = {https://twitter.com/bkMSFT/status/1417823714922610689}, language = {English}, urldate = {2021-12-17} } Tweet on an ANSSI report detailing APT31 intrusions in France
SoWaT APT31
2020-09-24MicrosoftBen Koehl, Joe Hannon, Microsoft Identity Security Team
@online{koehl:20200924:microsoft:adbe527, author = {Ben Koehl and Joe Hannon and Microsoft Identity Security Team}, title = {{Microsoft Security—detecting empires in the cloud}}, date = {2020-09-24}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/}, language = {English}, urldate = {2020-09-24} } Microsoft Security—detecting empires in the cloud
CACTUSTORCH LazyCat APT40
2015-08-10shadowserverNed Moran, Ben Koehl
@techreport{moran:20150810:italian:26b33c4, author = {Ned Moran and Ben Koehl}, title = {{The Italian Connection: An analysis of exploit supply chains and digital quartermasters}}, date = {2015-08-10}, institution = {shadowserver}, url = {https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2015/Aug.10.The_Italian_Connection_An_analysis_of_exploit_supply_chains_and_digital_quartermasters/HTExploitTelemetry.pdf}, language = {English}, urldate = {2020-01-07} } The Italian Connection: An analysis of exploit supply chains and digital quartermasters
smac APT20