During the first quarter of 2023, the Lab52 team has conducted an in-depth analysis of the threats that have been active during the period, focusing on information from both public and private sources, as well as studying the geopolitical context in order to anticipate potential campaigns. Below is the report for the quarter, which includes […]
New Mustang Panda’s campaing against Australia
AUKUS (Australia-United Kingdom-United States) is a strategic military alliance between these territories that became a reality in 2021, whose main objective is to build nuclear-powered submarines to counter the threat from China in the Indo-Pacific region. This agreement also includes the sharing of cyber capabilities and other submarine technologies. Some sources point out that this […]
MuddyWater’s “light” first-stager targeting Middle East
Since the last quarter of 2020 MuddyWater has maintained a “long-term” infection campaign targeting Middle East countries. We have gathered samples from November 2020 to January 2022, and due to the recent samples found, it seems that this campaign might still be currently active. The latest campaigns of the Muddy Water threat group, allegedly sponsored […]
Another cyber espionage campaign in the Russia-Ukrainian ongoing cyber attacks
From lab52, in connection to the latest events related to the Russia’s ongoing cyberattacks in Ukraine, beyond destructive artifacts seen like Wipers and others, a new wave of malicious office documents (hereinafter maldocs) has been observed attempting to compromise systems leveraging a variant of well-know and open-source malware known as Quasar RAT. Recently, we identified […]
Very very lazy Lazyscripter’s scripts: double compromise in a single obfuscation
In July of 2021, we identified an infection campaign targeting important European entities. During this investigation we could identify the threat actor behind these attacks as LazyScripter, an emerging APT group pointed by MalwareBytes in February 2021. Through our analysis, we could track their activity with precise dates in 2021 based on their samples. Furthermore, […]
New TransparenTribe Operation: Targeting India with weaponized COVID-19 lure documents
Over the last months, lab52 has been researching an attack campaign which targets government and military personnel of India. In fact, targeting the Indian government seems to be one of the key indicators of the group that may be behind this attack. Furthermore, some of the artifacts and infrastructure used to carry out the novel […]