The Cluster25 Blog
Cozy Smuggled Into the Box: APT29 Abusing Legitimate Software for Targeted Operations in Europe
Cozy Smuggled Into the Box: APT29 Abusing Legitimate Software for Targeted Operations in Europe By Cluster25 Threat Intel Team May 05, 2022 Cozy Bear (aka Nobelium, APT29, The Dukes) is a well-resourced, highly dedicated and
The strange link between a destructive malware and a ransomware-gang linked custom loader: IsaacWiper vs Vatet
The strange link between a destructive malware and a ransomware-gang linked custom loader: IsaacWiper vs Vatet By Cluster25 Threat Intel Team May 03, 2022 NOTICE: After additional reviews, the team at Cluster25 has determined that
The Lotus Panda is Awake Again: Analysis of the Last Strike
The Lotus Panda is Awake Again: Analysis of the Last Strike By Cluster25 Threat Intel Team April 29, 2022 NAIKON is the name of an APT (Advanced Persistent Threat) which is believed to originate from
DPRK-NEXUS Adversary Targets South Korean Individuals in a New Chapter of Kitty Phishing Operations
DPRK-NEXUS Adversary Targets South Korean Individuals in a New Chapter of Kitty Phishing Operations By Cluster25 Threat Intel Team April 11, 2022 The research team at Cluster25 traced a recent activity that started in the
Ghostwriter / UNC1151 Adopts Microbackdoor Variants in Cyber Operations Against Ukraine
Ghostwriter / UNC1151 Adopts Microbackdoor Variants in Cyber Operations Against Ukraine By Cluster25 Threat Intel Team March 8, 2022 For a few months Cluster25 collected and analyzed several malicious activities which then were internally linked
RuRAT used in spear-phishing attacks against media organisations in United States
RuRAT used in spear-phishing attacks against media organisations in United States By Cluster25 Threat Intel Team March 3, 2022 INTRODUCTION On 23.02.2022 one of our partners received a very specific targeted spear-phishing email message
