Targeting organizations in SE Asia and Australia, Aoqin Dragon uses pornographic-themed lures and custom backdoors to conduct espionage operations.
A new malware is attacking Ukrainian organizations and erasing Windows devices. In this early analysis, we provide technical details, IOCS and hunting rules.
Are there still real hacktivists out there or are they all a cover for state-sponsored operations?
MuddyWater APT's updated toolkit: an evolution of PowGoop malware, abuse of tunneling tools, and targeting of Exchange servers. MuddyWater's activities are attributed to the Iranian Ministry of Intelligence by U.S. Cyber Command.
EGoManiac is a threat actor willing to spy on friend and foe and entrap journalists without compunction. Read our groundbreaking research.
Supplying a custom backdoor to a cluster of APT groups, the personas behind ShadowPad have maintained a cloak of secrecy, until now.
Nobelium – the new face of APT29 – deploys poisoned installers against Ukrainian government targets in a possible supply chain attack.
Our analysis of the SUPERNOVA trojan reveals the differences between the legitimate DLL and the attacker’s implant, along with some new IoCs for detection.
A technical analysis of the SUNBURST stealthy APT including processes, services, and drivers. SentinelOne customers protected with no updates or configuration changes.
Cybercrime and nation state attacks haven’t come to a stop due to COVID-19. Here we describe a recent APT attack on a global brand prevented by SentinelOne.
