The Cluster25 Blog
An infostealer comes to town: Dissecting a highly evasive malware targeting Italy
An infostealer comes to town: Dissecting a highly evasive malware targeting Italy By Cluster25 Threat Intel Team December 22, 2022 Cluster25 researchers analyzed several campaigns (also publicly reported by CERT-AGID) that used phishing emails to
Sanctioned deals: the Irano-Russian connection under Ankara’s supervision. Analysis of the NPPD leak
Sanctioned deals: the Irano-Russian connection under Ankara’s supervision. Analysis of the NPPD leak By Cluster25 Threat Intel Team September 7, 2022 On October 22nd, during the usual OSInt monitoring, Cluster25 detected the Farsi speaking hacktivist
In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants
In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants By Cluster25 Threat Intel Team September 23, 2022 Cluster25 researchers collected and analyzed a lure document used to implant a
Erbium InfoStealer Enters the Scene: Characteristics and Origins
Erbium InfoStealer Enters the Scene: Characteristics and Origins By Cluster25 Threat Intel Team September 15, 2022 On the 21st of July 2022 on a DWW (Deep/Dark Web) forum, a Russian speaking threat actor created an
LockBit 3.0: “Making the ransomware great again”
LockBit 3.0: “Making the ransomware great again” By Cluster25 Threat Intel Team July 6, 2022 LockBit is a major player in the ransomware scene and has contributed heavily for this cyber-crime model to become one
Cyberwarfare targeting the energy sector. Is Europe under threat?
Cyberwarfare targeting the energy sector. Is Europe under threat? By Cluster25 Threat Intel Team May 27, 2022 The energy sector is a pivotal one for the whole contemporary economy. A disrupt of its functions could
