Lab52 offers a service which is completely focused on geopolitics and cybersecurity. Currently, there is an important correlation between geopolitics and cyberattacks. All the cyberattacks promoted by states have their origins or roots in the ancient framework of military espionage and intelligence ([1]). For that reason, Lab52 is permanently following and investigating the new updates related […]
Leviathan: Geostrategy and TTP (Tactics, Techniques and Procedures)
Executive summary: FireEye posted a relevant report regarding one of the most active threat groups; Leviathan, also known as TEMP, Periscope or TEMP.Jumper. This APT is supposedly attributed to the Chinese government ([1]). In this report is shown how involved the cyber threat groups are in the geostrategy of countries. China is the main supplier […]
Winnti Group: Geostrategic and TTP (Tactics, Techniques and Procedures)
Executive Summary China is one of the world powers with more presence within the international market of the gaming sector, controlling the Southeast Asian market and even more than half of the global market of the Gaming sector. Winnti Group is currently considered to be an APT group allegedly attributed to the government of China […]
Ukraine election 2019 polls Maldoc: analysis
From Lab52 at S2 Grupo, we have recently detected a malicious document titled “Ukraine_election_2019_polls.doc”. The document was uploaded to Virustotal on March 12nd, 2019 from Germany. The title and uploading date is especially relevant in this case, because of the existing conflict between Ukraine and Russia and the general elections at Ukraine. Document content Regarding […]
Military Financing Maldoc: analysis
Recently at Lab52 from S2 Grupo, we have detected an infection campaign through a malicious document that has called our attention due to its content and title. The document in question, named “Military Financing.xlsm” and hash “efe51c2453821310c7a34dca3054021d0f6d453b7133c381d75e3140901efd12” stands out mainly for the image it contains, which refers to a document with secret information about the […]
(Cyber) GRU (VIII): Structure. Unit 74455
Apparently, Unit 74455 is linked to operations of disinformation, influence, propaganda … which would reconfirm the broad concept of information warfare of the Russian military doctrine. We have already referred to it repeatedly, and to the mixture of the purely technical field with the psychological field (dezinformatsiya, spetspropaganda, kompromat, etc.). In fact, the US DIA […]