Although it is true that the terrestrial, maritime, air, space, and cyberspace domains are the usual focus of analysis, the radio frequency spectrum also reflects the current geopolitical tensions. Within it, states systematically employ capabilities related to influence, interference, and command and control. LAB52 has SIGINT acquisition capabilities in the radio frequency spectrum, which have […]
EasterBunny: advanced espionage artifacts attributed to APT29
During 2019, as part of the results of S2 Grupo’s incident management service, LAB52 gained access to a set of artifacts—and a large amount of evidence collected during the incident—which made it possible to conduct an exhaustive investigation linking the highly sophisticated campaign to APT29. Starting in November 2025, the information about these artifacts was […]
DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear
LAB52, the intelligence team at S2 Group, has identified a new campaign targeting Ukrainian entities, attributed to actors linked to Russia. The campaign, observed during February 2026, employs various judicial and charity themed lures to deploy a JavaScript‑based backdoor that runs through the Edge browser and has been named DRILLAPP by LAB52. This artifact enables […]
PlugX Meeting Invitation via MSBuild and GDATA
In relation to the latest variant of the PlugX RAT executed by STATICPLUGIN analyzed by IIJ-SECT, LAB52 aims to complement this information with additional observed deployment activity and encryption characteristics in samples analyzed by this team. PlugX PlugX is a long-running Remote Access Trojan (RAT) that has been consistently linked to multiple China-aligned threat actors […]
Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure
Overview LAB52 has been monitoring a campaign dubbed “Operation MacroMaze”, which, based on its characteristics, can be attributed to APT28, also known as Fancy Bear, Forest Blizzard or FROZENLAKE. The campaign has been active at least since late September 2025 through January 2026, targeting specific entities in Western and Central Europe. The campaign relies on […]
The GRU illegals
Illegals are intelligence officers operating abroad under false identities and nationalities, without the protection of diplomatic immunity. Posing as ordinary citizens of other countries, these officers maintain fake identities, spending years building normal lives while spying. In front of other spies, these officers have no diplomatic protection: if they are discovered, they go to prison. […]