• Skip to primary navigation
  • Skip to main content
  • Skip to footer
lab52

lab52

The threat intelligence division of S2 Grupo

  • Home
  • Faq
  • Blog
  • About
  • Contact

Some thoughts about Laundry Bear

May 27, 2025

Today, Dutch intelligence (AIVD and MIVD) and Microsoft have published two reports unveiling a potential new Russian threat actor: Laundry Bear, or Void Blizzard. This actor was discovered through a recent compromise of the Dutch Police, and it has been targeting Western organizations since at least 2024, including armed forces, government organizations and defense contractors, […]

BigBoss

Grandoreiro Stealer Targeting Spain and Latin America: Malware Analysis and Decryption Insights

April 04, 2025

A new campaign targeting Spain and Latin American countries, utilizing the Brazilian stealer Grandoreiro, was detected during March 2025. This report provides detailed insights into the malware’s behavior, along with an explanation of the string obfuscation and decryption techniques employed in this campaign. Grandoreiro Grandoreiro is a Brazilian-origin stealer malware that has been active since […]

3722304989

GRU: Military Unit 54777

February 03, 2025

The main units of the Russian GRU engaged in cyberspace operations have been discussed in this blog: from our old posts (from 2018) about unit 26165 and 74455, to the recent rise of unit 29155. All these units have something in common, in addition to their cyberspace capabilities: they have been assigned an APT group […]

BigBoss

GRU military unit 29155

October 11, 2024

GRU’s military unit 29155 (161st Specialist Training Center) has been historically engaged in kinetic active measures such as subversion, assassinations or sabotage. Soviet or Russian active measures refer to covert operations aimed at influencing third countries’ politics or public opinion. They include from cyberspace activities to “wet stuff” (or “bloody stuff”, or simply “stuff that […]

BigBoss

RansomHub Ransomware – New Infection Chains Unveiled

July 26, 2024

From Lab52, we are very aware that in the fight against ransomware, we must not focus solely on the final artifact but must pay attention to every phase of deployment. Unfortunately, it will not always be possible to accurately identify the entire infection chain, as highlighted in the latest statistics by Coveware. The objective of […]

nieto

DLL Side Loading through IObit against Colombia

May 28, 2024

Early in May 2024, S2 Grupo’s intelligence unit, Lab52, detected a new phishing campaign in which attackers impersonated the Colombian Attorney General’s Office. The attack aims to infect victims’ systems with the generic malware artefact AsyncRAT. To do so, it deploys a series of malicious files, including the legitimate file of the free IObit anti-malware […]

Erlebnis

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Interim pages omitted …
  • Go to page 14
  • Go to Next Page »

Footer

Copyright &copy Lab52 2019 by S2 Grupo | Legal notice | Cookie policy | Privacy policy