During 2019, as part of the results of S2 Grupo’s incident management service, LAB52 gained access to a set of artifacts—and a large amount of evidence collected during the incident—which made it possible to conduct an exhaustive investigation linking the highly sophisticated campaign to APT29. Starting in November 2025, the information about these artifacts was […]
APT29
New invitation from APT29 to use CCleaner
Last month of May we were talking about the new APT29 campaign that we called “Information”. Recently, just a week ago, an unknown actor used similar techniques to APT29. This time APT29 is once again the focus after new techniques were identified in their operations. This post details the new techniques observed, in particular: SVG […]
New tricks of APT29 – update on the CERT.PL report
A new sample has been uploaded to VirusTotal, and its characteristics strongly resemble QUARTERRIG, a malware recently analyzed by CERT.PL and linked to APT29. In said analysis, the campaign was named “Note“. Based on the aforementioned report, the purpose of this post is to show the new features of this new campaign that we named […]