Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition
Latest Ghostwriter campaign brings Belarusian opposition into its sights for the first time as it continues weaponizing XLS docs to drop malware.
Read More
DPRK IT Workers | A Network of Active Front Companies and Their Links to China
SentinelLabs has identified multiple deceptive websites linked to businesses in China fronting for North Korea's fake IT workers scheme.
Read More
FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks
This research explores how FIN7 has adopted automated attack methods and developed defense evasion techniques previously unseen in the wild.
Read More
CapraTube Remix | Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts
SentinelLabs has identified four new CapraRAT APKs associated with suspected Pakistan state-aligned actor Transparent Tribe.
Read More
AcidPour | New Embedded Wiper Variant of AcidRain Appears in Ukraine
SentinelLabs has discovered a novel malware variant of AcidRain that could be targeting telecoms networks in Ukraine.
Read More
Doppelgänger | Russia-Aligned Influence Operation Targets Germany
Doppelgänger, a sophisticated Russia-aligned operation, targets German public opinion with disinformation ahead of elections.
Read More
Gaza Cybergang | Unified Front Targeting Hamas Opposition
Cluster of threat groups continues on trajectory to consolidate with shared victims, TTPs and evolving malware.
Read More
Cyber Soft Power | China’s Continental Takeover
China-aligned threat actors are increasingly involved in strategic intrusions in Africa, aiming to extend the PRC's influence across the continent.
Read More
Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector
Threat actors abuse Adobe Creative Cloud, Edge, and other executables vulnerable to DLL hijacking in campaign targeting the Southeast Asian gambling sector.
Read More
Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company
North Korean threat actors attempt to further missile program by compromising sanctioned Russian defense company with OpenCarrot backdoor.
Read More