-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapt.html
467 lines (454 loc) · 36.1 KB
/
apt.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
<link rel="stylesheet" href="rc_images/main.css" type="text/css"/> <!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="generator" content="RocketCake">
<meta name="description" content="Aleksandar Milenkoski, cybersecurity, cyberespionage, APT, advanced persistent threat, research, threat intelligence, threat research"> <title>Aleksandar Milenkoski | Cyberespionage</title>
<meta name="keywords" content="Aleksandar Milenkoski, cybersecurity, cyberespionage, APT, advanced persistent threat, research, threat intelligence, threat research" />
<link rel="stylesheet" type="text/css" href="apt_html.css">
</head>
<body>
<div class="textstyle1">
<div id="container_2b1a1ed5"><div id="container_2b1a1ed5_padding" ><div class="textstyle1"><span class="textstyle2"><a href="index.html" class="wsp22fd5893">Aleksandar Milenkoski</a></span><span class="textstyle2"><br/><br/></span><span class="textstyle2"><a href="index.html" class="wsp22fd5893">Threat Research | Threat Intelligence | Adversary Analysis</a></span></div>
<div class="textstyle3"></div>
</div></div><div id="container_4746e9ac"><div class="textstyle3"><script>
function createsidebarMenu()
{
var sidebar = document.getElementById("thesidebarMenu");
if (!sidebar)
{
sidebar = document.createElement("div");
sidebar.id = "thesidebarMenu";
sidebar.style.cssText = 'height: 100%; max-width:100vw; width: 0; position: fixed; z-index: 3000; top: 0; left: 0; background-color: #2C2825; overflow-x: hidden; overflow-y:auto; transition: 0.5s;';
//document.body.appendChild(sidebar);
// close button
var closebtn = document.createElement("a");
//sidebar.appendChild(closebtn);
closebtn.href = 'javascript:void(0)';
closebtn.onclick = closesidebarMenu;
closebtn.style.cssText = 'position: absolute; top: 3%; right: 5%; font-size: clamp(35px, 4.5vw, 60px); color: #FFFFFF; text-decoration: none;';
closebtn.innerHTML = '\× '; // × or × or ×
sidebar.appendChild(closebtn);
// add links
var aelem = document.createElement("a");
aelem.textContent = "CYBERESPIONAGE";
aelem.href = 'apt.html';
aelem.style.cssText = 'padding: 1.5% 1% 1.5% 3%; margin-top: 15vh; text-decoration: none; font-family: Segoe, Segoe UI, Helvetica Neue, sans-serif; font-size: clamp(17px, 3.15vw, 40px); color: #FFFFFF; display: block; transition: 0.4s;';
sidebar.appendChild(aelem);
var aelem = document.createElement("a");
aelem.textContent = "CYBERCRIME";
aelem.href = 'cybercrime.html';
aelem.style.cssText = 'padding: 1.5% 1% 1.5% 3%; text-decoration: none; font-family: Segoe, Segoe UI, Helvetica Neue, sans-serif; font-size: clamp(17px, 3.15vw, 40px); color: #FFFFFF; display: block; transition: 0.4s;';
sidebar.appendChild(aelem);
var aelem = document.createElement("a");
aelem.textContent = "WINDOWS INTERNALS";
aelem.href = 'winternals.html';
aelem.style.cssText = 'padding: 1.5% 1% 1.5% 3%; text-decoration: none; font-family: Segoe, Segoe UI, Helvetica Neue, sans-serif; font-size: clamp(17px, 3.15vw, 40px); color: #FFFFFF; display: block; transition: 0.4s;';
sidebar.appendChild(aelem);
var aelem = document.createElement("a");
aelem.textContent = "ACADEMIA";
aelem.href = 'academia.html';
aelem.style.cssText = 'padding: 1.5% 1% 1.5% 3%; text-decoration: none; font-family: Segoe, Segoe UI, Helvetica Neue, sans-serif; font-size: clamp(17px, 3.15vw, 40px); color: #FFFFFF; display: block; transition: 0.4s;';
sidebar.appendChild(aelem);
var aelem = document.createElement("a");
aelem.textContent = "TALKS";
aelem.href = 'talks.html';
aelem.style.cssText = 'padding: 1.5% 1% 1.5% 3%; text-decoration: none; font-family: Segoe, Segoe UI, Helvetica Neue, sans-serif; font-size: clamp(17px, 3.15vw, 40px); color: #FFFFFF; display: block; transition: 0.4s;';
sidebar.appendChild(aelem);
var aelem = document.createElement("a");
aelem.textContent = "COMMUNITY";
aelem.href = 'community.html';
aelem.style.cssText = 'padding: 1.5% 1% 1.5% 3%; text-decoration: none; font-family: Segoe, Segoe UI, Helvetica Neue, sans-serif; font-size: clamp(17px, 3.15vw, 40px); color: #FFFFFF; display: block; transition: 0.4s;';
sidebar.appendChild(aelem);
document.body.appendChild(sidebar);
}
}
createsidebarMenu();
function opensidebarMenu()
{
var sidebarWidth = "90%";
var sidebar = document.getElementById("thesidebarMenu");
sidebar.style.width = sidebarWidth;
// set margin of all top containers to width
//for(var child=document.body.firstChild; child!==null; child=child.nextSibling)
//if (child.tagName == 'DIV' && child.id != 'thesidebarMenu')
//{
//child.style.transition = "margin-left .5s";
//child.style.marginLeft = sidebarWidth;
//}
}
function closesidebarMenu()
{
document.getElementById("thesidebarMenu").style.width = "0";
// set margin of all top containers back
for(var child=document.body.firstChild; child!==null; child=child.nextSibling)
if (child.tagName == 'DIV' && child.id != 'thesidebarMenu')
child.style.marginLeft = "0";
}
</script>
<a href=" javascript:opensidebarMenu();" style="text-decoration:none"><div id="button_39dc1fcb"><div class="vcenterstyle1"><div class="vcenterstyle2"><div class="textstyle3"></div>
<div class="textstyle1"> <span class="textstyle4">≡ Menu</span>
</div>
<div class="textstyle3"></div>
</div></div></div></a></div>
<div class="textstyle1"><div id="menu_5f8bee95"><div id="menu_5f8bee95_menualignmentwrapper" ><div class="menuholder1"><a href="javascript:void(0);">
<div id="menuentry_6f12c37a" class="menustyle1 menu_5f8bee95_mainMenuEntry mobileEntry">
<div class="menuentry_text1">
<span class="textstyle5">≡</span>
</div>
</div>
</a>
<a href="apt.html" style="text-decoration:none">
<div id="menuentry_2bf3ca44" class="menustyle2 menu_5f8bee95_mainMenuEntry normalEntry">
<div class="menuentry_text2">
<span class="textstyle6">Cyberespionage</span>
</div>
</div>
</a>
<a href="cybercrime.html" style="text-decoration:none">
<div id="menuentry_10274de8" class="menustyle3 menu_5f8bee95_mainMenuEntry normalEntry">
<div class="menuentry_text2">
<span class="textstyle6">Cybercrime</span>
</div>
</div>
</a>
<a href="winternals.html" style="text-decoration:none">
<div id="menuentry_6a79eea8" class="menustyle4 menu_5f8bee95_mainMenuEntry normalEntry">
<div class="menuentry_text2">
<span class="textstyle6">Windows Internals</span>
</div>
</div>
</a>
<a href="academia.html" style="text-decoration:none">
<div id="menuentry_3bb8a4fa" class="menustyle5 menu_5f8bee95_mainMenuEntry normalEntry">
<div class="menuentry_text2">
<span class="textstyle6">Academia</span>
</div>
</div>
</a>
<a href="talks.html" style="text-decoration:none">
<div id="menuentry_5d208a30" class="menustyle6 menu_5f8bee95_mainMenuEntry normalEntry">
<div class="menuentry_text2">
<span class="textstyle6">Talks</span>
</div>
</div>
</a>
<a href="community.html" style="text-decoration:none">
<div id="menuentry_1aa18056" class="menustyle7 menu_5f8bee95_mainMenuEntry normalEntry">
<div class="menuentry_text2">
<span class="textstyle6">Community</span>
</div>
</div>
</a>
<script type="text/javascript" src="rc_images/wsp_menu.js"></script>
<script type="text/javascript">
var js_menu_5f8bee95= new wsp_menu('menu_5f8bee95', 'menu_5f8bee95', 15, null, true);
js_menu_5f8bee95.createMenuForItem('menuentry_6f12c37a', [" <span class=\"textstyle7\">Cyberespionage</span> ", 'apt.html', '',
" <span class=\"textstyle7\">Cybercrime</span> ", 'cybercrime.html', '',
" <span class=\"textstyle7\">Windows Internals</span> ", 'winternals.html', '',
" <span class=\"textstyle7\">Academia</span> ", 'academia.html', '',
" <span class=\"textstyle7\">Talks</span> ", 'talks.html', '',
" <span class=\"textstyle7\">Community</span> ", 'community.html', '']);
js_menu_5f8bee95.createMenuForItem('menuentry_2bf3ca44', []);
js_menu_5f8bee95.createMenuForItem('menuentry_10274de8', []);
js_menu_5f8bee95.createMenuForItem('menuentry_6a79eea8', []);
js_menu_5f8bee95.createMenuForItem('menuentry_3bb8a4fa', []);
js_menu_5f8bee95.createMenuForItem('menuentry_5d208a30', []);
js_menu_5f8bee95.createMenuForItem('menuentry_1aa18056', []);
</script>
</div></div></div></div>
</div><div id="container_495e96cc"><div id="container_495e96cc_padding" ></div></div><div id="container_7a5ef65"><div id="container_7a5ef65_padding" ><div class="textstyle1"><div id="placeh_36035886" >
<div class="textstyle3">
<div id="container_59b95f62"><div id="container_59b95f62_padding" ><div class="textstyle3"> <span class="textstyle8"><a href="index.html">Home</a></span>
<span class="textstyle8"> > Cyberespionage</span>
</div>
</div></div><span class="textstyle9"><br/><br/></span><div id="container_74af1da0"><div id="container_74af1da0_padding" ><div class="textstyle3"> <span class="textstyle8">This list includes only research designated for public release </span>
<span class="textstyle10"><br/></span>
</div>
</div></div><span class="textstyle9"><br/><br/></span><div id="container_20c0a65f"><div id="container_20c0a65f_padding" ><div class="textstyle3"><span class="textstyle11">Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Aleksandar Milenkoski, Luigi Martire (Tinexta Cyber)<br/><br/></span><span class="textstyle10">10 December, 2024</span><span class="textstyle8"><br/> </span> <span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/" target="_blank" style="text-decoration:none"><div id="button_7519d2a2">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span>
</div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_7b9e1d04"><div id="container_7b9e1d04_padding" ><div class="textstyle3"><span class="textstyle11">ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Aleksandar Milenkoski, Julian-Ferdinand Vögele (Recorded Future)<br/><br/></span><span class="textstyle10">26 June, 2024</span><span class="textstyle8"><br/> </span> <span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/labs/chamelgang-attacking-critical-infrastructure-with-ransomware/" target="_blank" style="text-decoration:none"><div id="button_5f5ee9dd">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span>
</div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_7b26615d"><div id="container_7b26615d_padding" ><div class="textstyle3"><span class="textstyle11">ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware (Full Report)</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Aleksandar Milenkoski, Julian-Ferdinand Vögele (Recorded Future)<br/><br/></span><span class="textstyle10">26 June, 2024</span><span class="textstyle8"><br/> </span> <span class="textstyle10"><br/></span>
<a href="https://assets.sentinelone.com/sentinellabs/chamelgang-friends-en" target="_blank" style="text-decoration:none"><div id="button_68e3b2c9">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span>
</div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_4f2cba3f"><div id="container_4f2cba3f_padding" ><div class="textstyle3"><span class="textstyle11">Doppelgänger | Russia-Aligned Influence Operation Targets Germany <br/></span><span class="textstyle12"><br/></span><span class="textstyle8">Aleksandar Milenkoski<br/><br/></span><span class="textstyle10">22 February, 2024</span><span class="textstyle8"><br/><br/></span> <a href="https://www.sentinelone.com/labs/doppelganger-russia-aligned-influence-operation-targets-germany/" target="_blank" style="text-decoration:none"><div id="button_12b12d9a">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
</div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_dfedc4"><div id="container_dfedc4_padding" ><div class="textstyle3"><span class="textstyle11">Unmasking I-Soon | The Leak That Revealed China’s Cyber Operations<br/></span><span class="textstyle12"><br/></span><span class="textstyle8">Dakota Cary, Aleksandar Milenkoski<br/><br/></span><span class="textstyle10">21 February, 2024</span><span class="textstyle8"><br/><br/></span> <a href="https://www.sentinelone.com/labs/unmasking-i-soon-the-leak-that-revealed-chinas-cyber-operations/" target="_blank" style="text-decoration:none"><div id="button_76651f5c">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
</div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_774f966b"><div id="container_774f966b_padding" ><div class="textstyle3"><span class="textstyle11">ScarCruft | Attackers Gather Strategic Intelligence and Target Cybersecurity Professionals<br/></span><span class="textstyle12"><br/></span><span class="textstyle8">Aleksandar Milenkoski, Tom Hegel<br/><br/></span><span class="textstyle10">22 January, 2024</span><span class="textstyle8"><br/><br/></span> <a href="https://www.sentinelone.com/labs/a-glimpse-into-future-scarcruft-campaigns-attackers-gather-strategic-intelligence-and-target-cybersecurity-professionals/" target="_blank" style="text-decoration:none"><div id="button_430e85af">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
</div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_1d76d555"><div id="container_1d76d555_padding" ><div class="textstyle3"><span class="textstyle11">Gaza Cybergang | Unified Front Targeting Hamas Opposition</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Aleksandar Milenkoski<br/><br/></span><span class="textstyle10">14 December, 2023</span><span class="textstyle13"><br/></span> <span class="textstyle8"> </span>
<span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/labs/gaza-cybergang-unified-front-targeting-hamas-opposition/" target="_blank" style="text-decoration:none"><div id="button_1510df6f">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span>
</div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_50b82ec2"><div id="container_50b82ec2_padding" ><div class="textstyle3"><span class="textstyle11">Sandman APT | China-Based Adversaries Embrace Lua</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Aleksandar Milenkoski, Bendik Hagen (PwC), Microsoft Threat Intelligence<br/><br/></span><span class="textstyle10">11 December, 2023</span><span class="textstyle13"><br/></span> <span class="textstyle8"> </span>
<span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/labs/sandman-apt-china-based-adversaries-embrace-lua/" target="_blank" style="text-decoration:none"><div id="button_62438d26">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span>
</div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_1659716c"><div id="container_1659716c_padding" ><div class="textstyle3"><span class="textstyle11">The Israel-Hamas War | Cyber Domain State-Sponsored Activity of Interest</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Tom Hegel, Aleksandar Milenkoski<br/><br/></span><span class="textstyle10">24 October, 2023</span><span class="textstyle13"><br/></span> <span class="textstyle8"> </span>
<span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/labs/the-israel-hamas-war-cyber-domain-state-sponsored-activity-of-interest/" target="_blank" style="text-decoration:none"><div id="button_2268ee1a">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span>
</div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_3fc84624"><div id="container_3fc84624_padding" ><div class="textstyle3"><span class="textstyle11">Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Aleksandar Milenkoski, in collaboration with QGroup<br/><br/></span><span class="textstyle10">21 September, 2023</span><span class="textstyle13"><br/></span> <span class="textstyle8"> </span>
<span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/" target="_blank" style="text-decoration:none"><div id="button_65901f0d">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle13"><br/></span>
</div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_466cdbc4"><div id="container_466cdbc4_padding" ><div class="textstyle3"><span class="textstyle11">Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Aleksandar Milenkoski, Tom Hegel<br/><br/></span><span class="textstyle10">17 August, 2023</span><span class="textstyle13"><br/></span> <span class="textstyle8"> </span>
<span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/" target="_blank" style="text-decoration:none"><div id="button_11dfbdf1">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span>
</div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_4cc6288"><div id="container_4cc6288_padding" ><div class="textstyle3"><span class="textstyle11">Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Tom Hegel, Aleksandar Milenkoski<br/><br/></span><span class="textstyle10">7 August, 2023</span><span class="textstyle13"><br/></span> <span class="textstyle8"> </span>
<span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/labs/comrades-in-arms-north-korea-compromises-sanctioned-russian-missile-engineering-company/" target="_blank" style="text-decoration:none"><div id="button_504a0431">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span>
</div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_903db13"><div id="container_903db13_padding" ><div class="textstyle3"><span class="textstyle11">Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Aleksandar Milenkoski<br/><br/></span><span class="textstyle10">6 June, 2023</span><span class="textstyle13"><br/></span> <span class="textstyle8"> </span>
<span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/labs/kimsuky-new-social-engineering-campaign-aims-to-steal-credentials-and-gather-strategic-intelligence/" target="_blank" style="text-decoration:none"><div id="button_38364aea">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span>
</div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_58804390"><div id="container_58804390_padding" ><div class="textstyle3"><span class="textstyle11">Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Aleksandar Milenkoski, Tom Hegel<br/><br/></span><span class="textstyle10">23 May, 2023</span><span class="textstyle13"><br/></span> <span class="textstyle8"> </span>
<span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/labs/kimsuky-ongoing-campaign-using-tailored-reconnaissance-toolkit/" target="_blank" style="text-decoration:none"><div id="button_7a17763d">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span>
</div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_525dcd98"><div id="container_525dcd98_padding" ><div class="textstyle3"><span class="textstyle11">Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Tom Hegel, Aleksandar Milenkoski<br/><br/></span><span class="textstyle10">4 May, 2023</span><span class="textstyle13"><br/></span> <span class="textstyle8"> </span>
<span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/labs/kimsuky-evolves-reconnaissance-capabilities-in-new-global-campaign/" target="_blank" style="text-decoration:none"><div id="button_310b3002">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span><span class="textstyle9"><br/></span></div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_c35c234"><div id="container_c35c234_padding" ><div class="textstyle3"><span class="textstyle11">Transparent Tribe (APT36) | Pakistan-Aligned Threat Actor Expands Interest in Indian Education Sector</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Aleksandar Milenkoski<br/><br/></span><span class="textstyle10">13 April, 2023</span><span class="textstyle13"><br/></span> <span class="textstyle8"> </span>
<span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/labs/transparent-tribe-apt36-pakistan-aligned-threat-actor-expands-interest-in-indian-education-sector/" target="_blank" style="text-decoration:none"><div id="button_2e9b964e">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span><span class="textstyle9"><br/></span></div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_2bcb75b4"><div id="container_2bcb75b4_padding" ><div class="textstyle3"><span class="textstyle11">SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Juan Andres Guerrero-Saade, Asaf Gilboa, David Acs, James Haughom, Phil Stokes, SentinelLabs<br/><br/></span><span class="textstyle10">29 March, 2023</span><span class="textstyle13"><br/></span> <span class="textstyle8"> </span>
<span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/" target="_blank" style="text-decoration:none"><div id="button_1f1cb559">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span>
</div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_4df61a1f"><div id="container_4df61a1f_padding" ><div class="textstyle3"><span class="textstyle11">Operation Tainted Love | Chinese APTs Target Telcos in New Attacks</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Aleksandar Milenkoski, Juan Andres Guerrero-Saade, Joey Chen, in collaboration with QGroup<br/><br/></span><span class="textstyle10">23 March, 2023</span><span class="textstyle13"><br/></span> <span class="textstyle8"> </span>
<span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/labs/operation-tainted-love-chinese-apts-target-telcos-in-new-attacks/" target="_blank" style="text-decoration:none"><div id="button_57ab293b">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span><span class="textstyle9"><br/></span></div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_5a8040ab"><div id="container_5a8040ab_padding" ><div class="textstyle3"><span class="textstyle11">WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Aleksandar Milenkoski, Collin Farr, Joey Chen, in collaboration with QGroup<br/><br/></span><span class="textstyle10">16 February, 2023</span><span class="textstyle13"><br/></span> <span class="textstyle8"> </span>
<span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/labs/wip26-espionage-threat-actors-abuse-cloud-infrastructure-in-targeted-telco-attacks/" target="_blank" style="text-decoration:none"><div id="button_5d43ca7b">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span><span class="textstyle9"><br/></span></div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_15c124b3"><div id="container_15c124b3_padding" ><div class="textstyle3"><span class="textstyle11">DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Aleksandar Milenkoski, Joey Chen, Amitai Ben Shushan Ehrlich<br/><br/></span><span class="textstyle10">24 January, 2023</span><span class="textstyle13"><br/></span> <span class="textstyle8"> </span>
<span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/" target="_blank" style="text-decoration:none"><div id="button_1feff82f">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span>
</div>
<div style="clear:both"></div></div></div><span class="textstyle14"><br/></span><span class="textstyle9"><br/></span><div id="container_647be58d"><div id="container_647be58d_padding" ><div class="textstyle3"><span class="textstyle11">NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Tom Hegel, Aleksandar Milenkoski<br/><br/></span><span class="textstyle10">12 January, 2023</span><span class="textstyle13"><br/></span> <span class="textstyle8"> </span>
<span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/labs/noname05716-the-pro-russian-hacktivist-group-targeting-nato/" target="_blank" style="text-decoration:none"><div id="button_3b6450bc">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span><span class="textstyle9"><br/></span></div>
<div style="clear:both"></div></div></div><span class="textstyle14"><br/><br/></span><div id="container_2a39fe9d"><div id="container_2a39fe9d_padding" ><div class="textstyle3"><span class="textstyle11">The Mystery of Metador | Unpicking Mafalda’s Anti-Analysis Techniques</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Aleksandar Milenkoski<br/><br/></span><span class="textstyle10">1 December, 2022</span><span class="textstyle13"><br/></span> <span class="textstyle8"> </span>
<span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/labs/the-mystery-of-metador-unpicking-mafaldas-anti-analysis-techniques/" target="_blank" style="text-decoration:none"><div id="button_7a7cb015">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span>
</div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/></span><span class="textstyle14"><br/></span><div id="container_7475d820"><div id="container_7475d820_padding" ><div class="textstyle3"><span class="textstyle11">The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Juan Andres Guerrero-Saade, Amitai Ben Shushan Ehrlich, Aleksandar Milenkoski<br/><br/></span><span class="textstyle10">22 September, 2022</span><span class="textstyle8"><br/> </span> <span class="textstyle10"><br/></span>
<a href="https://www.sentinelone.com/labs/the-mystery-of-metador-an-unattributed-threat-hiding-in-telcos-isps-and-universities/" target="_blank" style="text-decoration:none"><div id="button_42b57f3b">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span>
</div>
<div style="clear:both"></div></div></div><span class="textstyle14"><br/><br/></span><div id="container_4ce337c3"><div id="container_4ce337c3_padding" ><div class="textstyle3"><span class="textstyle11">The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities (Full Report)</span><span class="textstyle12"><br/><br/></span><span class="textstyle8">Amitai Ben Shushan Ehrlich, Aleksandar Milenkoski, Juan Andres Guerrero-Saade<br/><br/></span><span class="textstyle10">22 September, 2022 </span><span class="textstyle8"><br/></span><span class="textstyle10"><br/></span> <a href="https://assets.sentinelone.com/sentinellabs22/metador" target="_blank" style="text-decoration:none"><div id="button_2a26ce4c">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">Link</span>
</div>
</div></div>
</div></a>
<span class="textstyle9"><br/></span>
</div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_65852279"><div id="container_65852279_padding" ><div class="textstyle3"><span class="textstyle11">The Mystery of Metador | Technical Appendix<br/></span><span class="textstyle12"><br/></span><span class="textstyle8">Aleksandar Milenkoski, Amitai Ben Shushan Ehrlich<br/><br/></span><span class="textstyle10">22 September, 2022</span><span class="textstyle8"><br/> </span> <span class="textstyle10"><br/></span>
<a href="rc_images/metador_technical_appendix.pdf" target="_blank" style="text-decoration:none"><div id="button_45ffab5e">
<div class="vcenterstyle1"><div class="vcenterstyle2"> <div class="textstyle3">
</div>
<div class="textstyle1">
<span class="textstyle8">PDF</span>
</div>
</div></div>
</div></a>
</div>
<div style="clear:both"></div></div></div><span class="textstyle9"><br/><br/></span><div id="container_47758b79"><div class="textstyle3"> <span class="textstyle9"><br/></span>
</div>
</div> </div>
</div>
</div>
<div style="clear:both"></div></div></div> </div>
</body>
</html>