Hacktivism and State-Sponsored Knock-Offs | Attributing Deceptive Hack-and-Leak Operations
Are there still real hacktivists out there or are they all a cover for state-sponsored operations?
Read More
Are there still real hacktivists out there or are they all a cover for state-sponsored operations?
MuddyWater APT's updated toolkit: an evolution of PowGoop malware, abuse of tunneling tools, and targeting of Exchange servers. MuddyWater's activities are attributed to the Iranian Ministry of Intelligence by U.S. Cyber Command.
EGoManiac is a threat actor willing to spy on friend and foe and entrap journalists without compunction. Read our groundbreaking research.
Supplying a custom backdoor to a cluster of APT groups, the personas behind ShadowPad have maintained a cloak of secrecy, until now.
Nobelium – the new face of APT29 – deploys poisoned installers against Ukrainian government targets in a possible supply chain attack.
Our analysis of the SUPERNOVA trojan reveals the differences between the legitimate DLL and the attacker’s implant, along with some new IoCs for detection.
A technical analysis of the SUNBURST stealthy APT including processes, services, and drivers. SentinelOne customers protected with no updates or configuration changes.
Cybercrime and nation state attacks haven’t come to a stop due to COVID-19. Here we describe a recent APT attack on a global brand prevented by SentinelOne.
TA505 threat group use a crypter common to Clop/CryptoMix ransomware and others. We tear it down with a new unpacker utilizing SMT.
New threat intelligence on the ever-expanding toolset of North Korean APT Hidden Cobra (Lazarus) including IoCs for RATs, beacons, persistence and more.