• Skip to primary navigation
  • Skip to main content
  • Skip to footer
lab52

lab52

The threat intelligence division of S2 Grupo

  • Home
  • Faq
  • Blog
  • About
  • Contact

GRU military unit 29155

October 11, 2024

GRU’s military unit 29155 (161st Specialist Training Center) has been historically engaged in kinetic active measures such as subversion, assassinations or sabotage. Soviet or Russian active measures refer to covert operations aimed at influencing third countries’ politics or public opinion. They include from cyberspace activities to “wet stuff” (or “bloody stuff”, or simply “stuff that […]

BigBoss

RansomHub Ransomware – New Infection Chains Unveiled

July 26, 2024

From Lab52, we are very aware that in the fight against ransomware, we must not focus solely on the final artifact but must pay attention to every phase of deployment. Unfortunately, it will not always be possible to accurately identify the entire infection chain, as highlighted in the latest statistics by Coveware. The objective of […]

nieto

DLL Side Loading through IObit against Colombia

May 28, 2024

Early in May 2024, S2 Grupo’s intelligence unit, Lab52, detected a new phishing campaign in which attackers impersonated the Colombian Attorney General’s Office. The attack aims to infect victims’ systems with the generic malware artefact AsyncRAT. To do so, it deploys a series of malicious files, including the legitimate file of the free IObit anti-malware […]

Erlebnis

Pelmeni Wrapper: New Wrapper of Kazuar (Turla Backdoor)

February 19, 2024

Turla is an APT group allegedly linked to the intelligence service FSB (Federal Security Service) from the Russian Federation. This threat actor is specifically in the Center 16 unit, which carries out the collection of radio-electronic intelligence on communications facilities. Moreover, the Center 16 is in charge of intercepting, decrypting and processing the electronic message […]

Er1c_C

Ransomware’s Christmas Carol

December 21, 2023

Around mid-year, Lab52 published a report on ransomware that included both geopolitical and cyber intelligence content. The report includes the analysis of different sources of information and showcasing some of our cyberintelligence findings in this regard. However, the activity of this type of malware prompts Lab52 to closely track the various recorded cases. Therefore, taking […]

nieto

Mustang Panda’s PlugX new variant targetting Taiwanese government and diplomats

December 11, 2023

The Lab52 team has analysed a cyber campaign in which attackers deploy a new variant of the PlugX malware. Both the infection chain and the various artefacts used in the cyberattack share multiple similarities with the SmugX campaign, attributed to threat actors Red Delta and Mustang Panda, allegedly linked to the Chinese government. This time, […]

3722304989

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Interim pages omitted …
  • Go to page 14
  • Go to Next Page »

Footer

Copyright &copy Lab52 2019 by S2 Grupo | Legal notice | Cookie policy | Privacy policy