• Skip to primary navigation
  • Skip to main content
  • Skip to footer
lab52

lab52

The threat intelligence division of S2 Grupo

  • Home
  • Faq
  • Blog
  • About
  • Contact

Mustang Panda’s PlugX new variant targetting Taiwanese government and diplomats

December 11, 2023

The Lab52 team has analysed a cyber campaign in which attackers deploy a new variant of the PlugX malware. Both the infection chain and the various artefacts used in the cyberattack share multiple similarities with the SmugX campaign, attributed to threat actors Red Delta and Mustang Panda, allegedly linked to the Chinese government. This time, […]

3722304989

New invitation from APT29 to use CCleaner

July 12, 2023

Last month of May we were talking about the new APT29 campaign that we called “Information”. Recently, just a week ago, an unknown actor used similar techniques to APT29. This time APT29 is once again the focus after new techniques were identified in their operations. This post details the new techniques observed, in particular: SVG […]

Er1c_C

Beyond appearances: unknown actor using APT29’s TTP against Chinese users

July 07, 2023

Introduction Lab52 has detected a different maldoc samples of a potential malicious campaign. The initial access is through a Chinese phishing.  The maldoc seems to be a campaign against Chinese speaking users as the content of the maldoc is written in Chinese. The social engineering technique applied into the maldoc’s content is to pretend to […]

Dex

The Chinese trap

June 08, 2023

Russia carried out on February 24, 2022 an invasion that few anticipated and that neither they nor Western states have found it satisfactory for their interests. There is only one actor who is benefiting from Putin’s risky move, and this is China. Also, the invasion of Ukraine has started a succession of events, fundamentally at […]

Dex

Quarterly Threat Report Q1 2023

May 25, 2023

During the first quarter of 2023, the Lab52 team has conducted an in-depth analysis of the threats that have been active during the period, focusing on information from both public and private sources, as well as studying the geopolitical context in order to anticipate potential campaigns. Below is the report for the quarter, which includes […]

Dex

New tricks of APT29 – update on the CERT.PL report

May 25, 2023

A new sample has been uploaded to VirusTotal, and its characteristics strongly resemble QUARTERRIG, a malware recently analyzed by CERT.PL and linked to APT29. In said analysis, the campaign was named “Note“. Based on the aforementioned report, the purpose of this post is to show the new features of this new campaign that we named […]

Er1c_C

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Go to page 5
  • Interim pages omitted …
  • Go to page 14
  • Go to Next Page »

Footer

Copyright &copy Lab52 2019 by S2 Grupo | Legal notice | Cookie policy | Privacy policy