APTAPT (Targeted attacks)APT reportsBackdoorCloud AtlasCybersecurityMalware descriptionsMalware TechnologiesMicrosoft WindowsPhishingPowerShellSSHTargeted attacksWindows malware
Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload
In 2025, we observed pervasive SSH...
APTAPT (Targeted attacks)APT reportsBackdoorCybersecurityDropperGitHubGReAT researchKimsukyMalwareRATRC4Spear phishingTargeted attacksWindows malware
Kimsuky targets organizations with PebbleDash-based tools
Over the past few months, we...
APTAPT (Targeted attacks)APT reportsCybersecurityGReAT researchMalwareMalware descriptionsMalware TechnologiesOceanLotusPythonSupply-chain attackTargeted attacksZiChatBot
OceanLotus suspected of using PyPI to deliver ZiChatBot malware
Introduction Through our daily threat hunting,...
ABCDoorAPTAPT (Targeted attacks)APT reportsBackdoorCybersecurityGReAT researchMalwareMalware descriptionsMalware TechnologiesRATRustSLSilver FoxSpam and phishingSpear phishingTargeted attacksTrojanValleyRAT
Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India
In December 2025, we detected a...
APTAPT (Targeted attacks)APT reportsBackdoorBrowserCybersecurityFirefoxGoogle ChromeGReAT researchHoneyMyteInfostealersMalwareMalware descriptionsMalware TechnologiesMicrosoft EdgeTargeted attacksTrojan-stealer
HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns
Over the past few years, we’ve...
APTAPT (Targeted attacks)APT reportsBackdoorCybersecurityGReAT researchHoneyMyteMalwareMalware descriptionsRootkitsTargeted attacks
The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
Overview of the attacks In mid-2025,...
APTAPT (Targeted attacks)APT reportsCybersecurityDefense evasionDNS manipulationencryptionEvasive PandaGReAT researchMalwareMalware descriptionsMalware TechnologiesshellcodeTargeted attacksWindows malware
Evasive Panda APT poisons DNS requests to deliver MgBot
Introduction The Evasive Panda APT group...
APTAPT (Targeted attacks)APT reportsBackdoorCloud AtlasCybersecurityHTAMalwareMalware descriptionsMalware TechnologiesMicrosoft WindowsPhishingPowerShellTargeted attacksVBSWindows malware
Cloud Atlas activity in the first half of 2025: what changed
Known since 2014, the Cloud Atlas...
APTAPT (Targeted attacks)APT reportsCybersecurityDLLForumTrollGReAT researchMalwareMalware TechnologiesPowerShellSpear phishingTargeted attacksThematic phishingWindows malware
Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports
Introduction In March 2025, we discovered...