lab52

The GRU members expelled from the Netherlands used basic OPSEC measures, such as throwing out their own rubbish while staying in a hotel; nevertheless, their arrest revealed the lack of other equally basic security measures, that undoubtedly will have given the Service plenty to talk about. Perhaps the proximity operations – at least in the […]

The information that has come to light in recent months, especially Mueller’s accusation, has identified different tactics and techniques of the GRU, some of them previously known – and in many cases linked to APT28 – and others that, although we could all imagine, no one had previously confirmed. These TTPs are summarized in the […]

In addition to the two previous units, which have gained prominence from the information brought to light in 2018, the GRU has other Military Units linked to signal intelligence, cybersecurity or information warfare. Some of which we can find data in public sources are the following: Military Unit 11135 (18th Central Research Institute). Historically ([1]) the Central […]

In the middle of this year, from Lab52, thanks to our automated IOCs extraction and search system (hashes, domains, etc…), a match was found with a hash that we had in our database. The coincidence occurred in an email sent on May 14 of this year. When checking the log of the mail gateways, it […]

During the last months, Lab52 has been monitoring an infection campaign that is using different kinds of threats. One of these threats is Vengeance Justice Worm, also known as Vjw0rm, which is developed in Javascript. This is a type of malware capable of acting as a RAT or spreading through removable devices, thus doing worm […]