Click here to download all references as Bib-File.•
| 2026-03-31
⋅
Google
⋅
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack WAVESHAPER |
| 2026-02-25
⋅
Google
⋅
Cloud Threat Horizons Report: H1 2026 UNC6426 |
| 2025-09-30
⋅
Google
⋅
Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations |
| 2024-06-20
⋅
Hunt.io
⋅
Caught in the Act: Uncovering SpyNote in Unexpected Places SpyNote |
| 2024-05-22
⋅
Mandiant
⋅
IOC Extinction? China-Nexus Cyber Espionage Actors Use ORB Networks to Raise Cost on Defenders |
| 2024-03-21
⋅
Mandiant
⋅
Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect GOREVERSE SNOWLIGHT |
| 2024-02-09
⋅
Hunt.io
⋅
Tracking ShadowPad Infrastructure Via Non-Standard Certificates ShadowPad |
| 2023-08-29
⋅
Mandiant
⋅
Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868) GhostEmperor |
| 2023-08-29
⋅
Google
⋅
Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868) GhostEmperor UNC4841 |
| 2023-03-30
⋅
Proofpoint
⋅
Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe Winter Vivern |
| 2022-08-30
⋅
Proofpoint
⋅
Rising Tide: Chasing the Currents of Espionage in the South China Sea scanbox Meterpreter APT40 |
| 2022-07-14
⋅
Proofpoint
⋅
Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media Chinoxy APT31 Lazarus Group TA482 |
| 2022-03-07
⋅
Proofpoint
⋅
The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates PlugX MUSTANG PANDA |
| 2022-03-01
⋅
Proofpoint
⋅
Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement SunSeed |
| 2022-02-04
⋅
Cyber And Ramen blog
⋅
Shortcut to Windows Update |
| 2022-01-23
⋅
Cyber And Ramen blog
⋅
Analysis of a DLL Downloader |
| 2022-01-18
⋅
Cyber And Ramen blog
⋅
Info-Stealing Tool Posing As Naver OTP |
| 2021-12-01
⋅
Proofpoint
⋅
Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors |
| 2021-11-11
⋅
Twitter (@aRtAGGI)
⋅
Tweet on APT31 using compromised PakEdge Rk1&RE2 router IPs as exit nodes in reconnaissance phishing campaigns |
| 2021-07-28
⋅
Proofpoint
⋅
I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona Liderc SysKit |
| 2021-05-13
⋅
Bloomberg
⋅
Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom DarkSide |
| 2021-04-15
⋅
The Wall Street Journal
⋅
U.S. Puts Fresh Sanctions on Russia Over Hacking, Election Interference |
| 2021-03-07
⋅
The Wall Street Journal
⋅
Russian Disinformation Campaign Aims to Undermine Confidence in Pfizer, Other Covid-19 Vaccines, U.S. Officials Say |
| 2021-02-25
⋅
Proofpoint
⋅
TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations scanbox Sepulcher Lucky Cat |
| 2020-06-08
⋅
Proofpoint
⋅
TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware FlowCloud Lookback APT10 TA410 |
| 2020-03-11
⋅
Virus Bulletin
⋅
Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers 8.t Dropper |
| 2020-02-10
⋅
Bitdefender
⋅
Hypervisor Introspection Thwarts Web Memory Corruption Attack in the Wild coldbrew |
| 2019-09-22
⋅
Proofpoint
⋅
LookBack Forges Ahead: Continued Targeting of the United States’ Utilities Sector Reveals Additional Adversary TTPs Lookback TA410 |
| 2019-08-01
⋅
Proofpoint
⋅
LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards GUP Proxy Tool Lookback TA410 |
| 2019-07-23
⋅
Proofpoint
⋅
Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia 8.t Dropper Cotx RAT Poison Ivy TA428 |