Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-09-07GooglePierre-Marc Bureau, Google Threat Analysis Group
@online{bureau:20220907:initial:d1975b3, author = {Pierre-Marc Bureau and Google Threat Analysis Group}, title = {{Initial access broker repurposing techniques in targeted attacks against Ukraine}}, date = {2022-09-07}, organization = {Google}, url = {https://blog.google/threat-analysis-group/initial-access-broker-repurposing-techniques-in-targeted-attacks-against-ukraine/}, language = {English}, urldate = {2022-09-13} } Initial access broker repurposing techniques in targeted attacks against Ukraine
AnchorMail Cobalt Strike IcedID
2022-09-02nccgroupAlberto Segura, Mike Stokkel
@online{segura:20220902:sharkbot:a9ce98d, author = {Alberto Segura and Mike Stokkel}, title = {{Sharkbot is back in Google Play}}, date = {2022-09-02}, organization = {nccgroup}, url = {https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/}, language = {English}, urldate = {2022-09-12} } Sharkbot is back in Google Play
SharkBot
2022-08-29Check PointMoshe Marelus
@online{marelus:20220829:check:4b8b83f, author = {Moshe Marelus}, title = {{Check Point Research detects Crypto Miner malware disguised as Google translate desktop and other legitimate applications}}, date = {2022-08-29}, organization = {Check Point}, url = {https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications}, language = {English}, urldate = {2022-08-31} } Check Point Research detects Crypto Miner malware disguised as Google translate desktop and other legitimate applications
Nitrokod
2022-08-23GoogleAjax Bash
@online{bash:20220823:new:df2d83e, author = {Ajax Bash}, title = {{New Iranian APT data extraction tool}}, date = {2022-08-23}, organization = {Google}, url = {https://blog.google/threat-analysis-group/new-iranian-apt-data-extraction-tool/}, language = {English}, urldate = {2022-08-25} } New Iranian APT data extraction tool
HYPERSCRAPE
2022-08-10GoogleXingyu Jin, Google Project Zero
@online{jin:20220810:quantum:cbe3e82, author = {Xingyu Jin and Google Project Zero}, title = {{The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)}}, date = {2022-08-10}, organization = {Google}, url = {https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html}, language = {English}, urldate = {2022-08-11} } The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)
2022-07-28McAfeeDexter Shin
@online{shin:20220728:new:950bc90, author = {Dexter Shin}, title = {{New HiddenAds malware affects 1M+ users and hides on the Google Play Store}}, date = {2022-07-28}, organization = {McAfee}, url = {https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-hiddenads-malware-that-runs-automatically-and-hides-on-google-play-1m-users-affected/}, language = {English}, urldate = {2022-08-02} } New HiddenAds malware affects 1M+ users and hides on the Google Play Store
HiddenAd
2022-07-20QianxinRed Raindrops Team
@online{team:20220720:sidewinder:8d70604, author = {Red Raindrops Team}, title = {{The Sidewinder (APT-Q-39) uses Google Play to spread an analysis of malicious Android software}}, date = {2022-07-20}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/analysis-of-malware-android-software-spread-by-sidewinder-using-google-play/}, language = {Chinese}, urldate = {2022-08-02} } The Sidewinder (APT-Q-39) uses Google Play to spread an analysis of malicious Android software
SideWinder
2022-07-20MalwarebytesThreat Intelligence Team
@online{team:20220720:google:562a515, author = {Threat Intelligence Team}, title = {{Google Ads Lead to Major Malvertising Campaign}}, date = {2022-07-20}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2022/07/google-ads-lead-to-major-malvertising-campaign}, language = {English}, urldate = {2022-07-25} } Google Ads Lead to Major Malvertising Campaign
2022-07-19GoogleBilly Leonard
@online{leonard:20220719:continued:2a97da1, author = {Billy Leonard}, title = {{Continued cyber activity in Eastern Europe observed by TAG}}, date = {2022-07-19}, organization = {Google}, url = {https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag}, language = {English}, urldate = {2022-08-05} } Continued cyber activity in Eastern Europe observed by TAG
CyberAzov APT28 Callisto Ghostwriter Sandworm Turla
2022-07-19R136a1Dominik Reichel
@online{reichel:20220719:look:84e1e01, author = {Dominik Reichel}, title = {{A look into APT29's new early-stage Google Drive downloader}}, date = {2022-07-19}, organization = {R136a1}, url = {https://r136a1.info/2022/07/19/a-look-into-apt29s-new-early-stage-google-drive-downloader/}, language = {English}, urldate = {2022-07-25} } A look into APT29's new early-stage Google Drive downloader
Gdrive
2022-07-19GoogleBilly Leonard
@online{leonard:20220719:continued:e1dd77e, author = {Billy Leonard}, title = {{Continued cyber activity in Eastern Europe observed by TAG}}, date = {2022-07-19}, organization = {Google}, url = {https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/}, language = {English}, urldate = {2022-07-25} } Continued cyber activity in Eastern Europe observed by TAG
CyberAzov
2022-07-19Palo Alto Networks Unit 42Mike Harbison, Peter Renals
@online{harbison:20220719:russian:acbf388, author = {Mike Harbison and Peter Renals}, title = {{Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive}}, date = {2022-07-19}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/}, language = {English}, urldate = {2022-07-19} } Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive
Cobalt Strike EnvyScout Gdrive
2022-07-12GoogleShane Huntley, Google Threat Analysis Group
@online{huntley:20220712:tag:75b230d, author = {Shane Huntley and Google Threat Analysis Group}, title = {{TAG Bulletin: Q2 2022}}, date = {2022-07-12}, organization = {Google}, url = {https://blog.google/threat-analysis-group/tag-bulletin-q2-2022/}, language = {English}, urldate = {2022-07-15} } TAG Bulletin: Q2 2022
2022-07-06Trend MicroNathaniel Morales, Monte de Jesus, Ivan Nicole Chavez, Bren Matthew Ebriega, Joshua Paul Ignacio
@online{morales:20220706:brandnew:3a02441, author = {Nathaniel Morales and Monte de Jesus and Ivan Nicole Chavez and Bren Matthew Ebriega and Joshua Paul Ignacio}, title = {{Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server}}, date = {2022-07-06}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/g/brand-new-havanacrypt-ransomware-poses-as-google-software-update.html}, language = {English}, urldate = {2022-07-12} } Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server
HavanaCrypt
2022-06-30GoogleShane Huntley, Google Threat Analysis Group
@online{huntley:20220630:countering:ce81f7e, author = {Shane Huntley and Google Threat Analysis Group}, title = {{Countering hack-for-hire groups}}, date = {2022-06-30}, organization = {Google}, url = {https://blog.google/threat-analysis-group/countering-hack-for-hire-groups/}, language = {English}, urldate = {2022-07-15} } Countering hack-for-hire groups
2022-06-23GoogleBenoit Sevens, Clement Lecigne, Google Threat Analysis Group
@online{sevens:20220623:spyware:e4fb7dd, author = {Benoit Sevens and Clement Lecigne and Google Threat Analysis Group}, title = {{Spyware vendor targets users in Italy and Kazakhstan}}, date = {2022-06-23}, organization = {Google}, url = {https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/}, language = {English}, urldate = {2022-07-01} } Spyware vendor targets users in Italy and Kazakhstan
Hermit
2022-06-23GoogleIan Beer, Google Project Zero
@online{beer:20220623:curious:9aadd47, author = {Ian Beer and Google Project Zero}, title = {{The curious tale of a fake Carrier.app}}, date = {2022-06-23}, organization = {Google}, url = {https://googleprojectzero.blogspot.com/2022/06/curious-case-carrier-app.html}, language = {English}, urldate = {2022-07-01} } The curious tale of a fake Carrier.app
2022-05-25ReutersRaphael Satter, James Pearson, Christopher Bing
@online{satter:20220525:russian:0d05639, author = {Raphael Satter and James Pearson and Christopher Bing}, title = {{Russian hackers are linked to new Brexit leak website, Google says}}, date = {2022-05-25}, organization = {Reuters}, url = {https://www.reuters.com/technology/exclusive-russian-hackers-are-linked-new-brexit-leak-website-google-says-2022-05-25/}, language = {English}, urldate = {2022-05-25} } Russian hackers are linked to new Brexit leak website, Google says
2022-05-22Bleeping ComputerSergiu Gatlan
@online{gatlan:20220522:google:d2a26d5, author = {Sergiu Gatlan}, title = {{Google: Predator spyware infected Android devices using zero-days}}, date = {2022-05-22}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/google-predator-spyware-infected-android-devices-using-zero-days/}, language = {English}, urldate = {2022-05-24} } Google: Predator spyware infected Android devices using zero-days
Alien Chrysaor
2022-05-19GoogleClement Lecigne, Christian Resell, Google Threat Analysis Group
@online{lecigne:20220519:protecting:847f98a, author = {Clement Lecigne and Christian Resell and Google Threat Analysis Group}, title = {{Protecting Android users from 0-Day attacks}}, date = {2022-05-19}, organization = {Google}, url = {https://blog.google/threat-analysis-group/protecting-android-users-from-0-day-attacks/}, language = {English}, urldate = {2022-05-25} } Protecting Android users from 0-Day attacks