Skip to content

Latest commit

 

History

History
executable file
·
540 lines (508 loc) · 55.4 KB

README.md

File metadata and controls

executable file
·
540 lines (508 loc) · 55.4 KB

Threat INTel Reports

Archive of publicly available threat/cybercrime INTel reports (mostly APT Reports but not limited to). Useful as a reference when you emulate threat actors on a daily basis. Please create an issue if I'm missing a relevant Report.

Warning: If you are looking for every type of publicly available documents and notes related to APTs have a look at APTnotes and aptnotes. Unfortunately the way they store and sort their data doesn't work for me anymore.

Note: You can also find a page with an attempt to sort these reports by APT group name, based on the ThaiCert Threat Actor Encyclopedia and the Group pages of the MITRE ATT&CK team. This is work in progress and you can find it here: APT-Groups.

Depending on what you are looking for, you may also find this page useful.

2021

Title Month Source
The Evolution of the FIN7 JSSLoader Jan Morphisec
A wild Kobalos appears: Tricksy Linux malware goes after HPCs Feb ESET

2020

Title Month Source
Destructive Attack 'DUSTMAN' Jan SA NCSC
Caught in the Act: Running a Realistic Factory Honeypot to Capture Real Threats Jan Trend Micro
North American Electric Cyber Threat Perspective Jan Dragos
New Destructive Wiper "ZeroCleare" Targets Energy Sector in the Middle East Jan IBM
APT10 Threat Analysis Report Jan Adeo
Fox Kitten Campaign: Widespread Iranian Espionage-Offensive Campaign Feb ClearSky
Crime Without Punishment: In-depth analysis of js-sniffers Feb Group IB
International Security and Estonia Feb EFIS
And then there were 6: A story of cyberspionage incident response by DART that uncovered five additional threat actors in one environment Feb Microsoft
Cloud Snooper attack bypasses firewall security measures Feb Sophos
Profiling of TA505 Threat Group That Continues to Attack the Financial Sector Feb FSI
The Lazarus Constellation A study on North Korean malware Feb Lexfo
Operation Poisoned News: Hong Kong Users Targeted with Mobile Malware via Local News Links Mar Trend Micro
Bearing Witness: Uncovering the Logic Behind Russian Military Cyber Operations Mar Booz Allen
Operation Overtrap Targets Japanese Online Banking Users Via Bottle Exploit Kit and Brand-New Cinobi Banking Trojan Mar Trend Micro
Decade of the RATs: Novel APT Attacks Targeting Linux, Windows and Android Apr BlackBerry
Revealing Targets of the Iranian MuddyWater Group, Extracted from their C2 Apr Clearsky
New dark_nexus IoT Botnet Puts Others to Shame Apr Bitdefender
Chinese Influence Operations Evolve in Campaigns Targeting Taiwanese Elections, Hong Kong Protests Apr RecordedFuture
APTs and COVID-19: How advanced persistent threats use the coronavirus as a lure Apr MalwareBytes
Craft for Resilence - APT Group Chimera - APT Operation Skeleton Key Targets Taiwan Semiconductor Vendors Apr CyCraft
The 'Spy Cloud' Operation: Geumseong121 group carries out the APT attack disguising the evidence of North Korean defection Apr ESRC
Threat landscape for industrial automation systems Apr Kaspersky
Uncovering DRBControl Inside the Cyberespionage Campaign Targeting Gambling Operations Apr Trend Micro
Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia May Bitdefender
The "Silent Night" Zloader/Zbot May Malwarebytes & Hyas
Tactics, Techniques and Procedures Used to Target Australian Networks May ACSC
Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia May BitDefender
Leery Turtle Threat Report May CyberStruggle
AWS Shield Threat Landscape Report Q1 2020 May AWS
Shifts in Underground Markets May Trend Micro
From AGENT.BTZ to COMRAT V4. A ten-year journey May ESET
Mobile APT Surveillance Campaigns Targeting Uyghurs Jun Lookout
The Dark Overlord Cyber Investigation Report Jul Data Viper
Study of the APT attacks on state institutions in Kazakhstan and Kyrgyzstan Jul Dr.Web
The Hacker Infrastructure and Underground Hosting. An overview of the cybercriminal market Jul Trend Micro
Worm War: The Botnet Battle for IoT Territory Jul Trend Micro
APT29 targets COVID-19 vaccine development Jul NCSC
Card Fraud in a PSD2 World: A Few Examples Jul Cyber R&D Lab
THE FAKE CISCO: Hunting for backdoors in Counterfeit Cisco devices Jul F-Secure
Cosmic Lynx: The Rise of Russian BEC Jul Agari
Chinese state-sponsored group 'reddelta' targets the Vatican and Catholic organizations Jul Recorded Future
Operation 'Dream Job'. Widespread North Korean Espionage Campaign Aug ClearSky
Pillars of Russia's Desinformation and Propaganda Ecosystem Aug U.S. Department of State
Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware Aug NSA and FBI
No need to hack when it's leaking: GITHUB HEALTHCARE LEAKS Aug GitHub
LAZARUS GROUP: Campaign Targetting The Cryptocurrenct Vertical Aug F-Secure
Development of the activity of the TA505 Cybercriminal Group Aug ANSSI
The Kittens Are Back in Town 3 Charming Kitten Campaign Evolved and Deploying Spear-Phishing link by WhatsApp Aug ClearSky
FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks Aug USCYBERCOM
ULTRARANK The unexpected twist of a JS-sniffer triple threat Aug Group IB
CERBERUS Banking Trojan Analysis Aug Cyberwise
REDCURL The pentest you didn't know about Aug Group IB
The French Underground Under a Shroud of Extreme Caution NA Trend Micro
Cybercrime in West Africa Poised for an Underground Market NA Trend Micro
Lock Like a Pro: How QAKBOT Fuels Enterprise Ransomware Campaigns Sep Group IB
SideCopy An insight into Transparent Tribe's sub-division which has been incorrectly attributed for years Sep Seqrite
ShadowPad: new activity from the Winnti group NA PT
LATAM Financial Cybercrime: Competitors-in-crime sharing TTPs NA ESET
Threat landscape for industrial automation systems Sep Kaspersky
AT commands, Tor-based communications: meet ATTOR, A fantasy creature and also a Spy platform NA ESET
Operation Earth Kitsune Tracking SLUB's Current Operations Oct Trend Micro
Study of the ShadowPad APT backdoor and its relation to PlugX Oct Dr.Web
North Korean Advanced Persistent Threat Focus: Kimsuky Oct CISA/FBI/CNMF
Le Malware-as-a-service EMOTET Oct ANSSI
Supply Chain Attacks in the Age of Cloud Computing: Risks, Mitigations, and the Importance of Securing Back Ends Oct Trend Micro
Operation Quicksand MuddyWater’s Offensive Attack Against Israeli Organizations Oct Clear Sky
Banking Web Injects Are Top Cyber Threat for Financial Sector Oct Recorded Future
CHAES: Novel Malware Targeting Latin American E-Commerce Nov Cybereason
Threat Profile JUPYTER Infostealer Nov Morphisec
Analysis of the Bookcodes RAT C2 framework starting with spear phishing Nov KR CERT
Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions Nov BitDefender
TTPs 2 Analysis of the Bookcodes RAT C2 framework starting with spear phishing Nov KrCERT
TRICKBOT Now Offers 'TRICKBOOT': PERSIST, BRICK, PROFIT Dec Eclypsium
MOLERATS in the Cloud: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign Dec Cybereason
Adversary Tracking Report When a false flag doesn't work: Exploring the digital-crime underground at campaign preparation stage Dec Telsy
EyeD4kRAT/ShirBiter Overview Dec Nyotron
Egregor Ransomware: The Legacy of Maze Lives on Dec Group IB
Finding APTX: Attributing attacks via MITRE TTPs Dec Trend Micro
APT27 Turns to Ransomware Dec Profero

2019

Title Month Source
New Destructive Wiper "ZeroCleare" Targets Energy Sector in the Middle East Feb IBM
Above Us Only Stars: Exposing GPS Spoofing in Russia and Syria Mar C4ADS
Legit remote admin tools turn into threat actors tools Apr Cyberint
Analysis of the APT Campaign 'Smoke Screen' targeting to Korea and US Apr ESRC
Pirates of Brazil: Integrating the Strengths of Russian and Chinese Hacking Communities Apr Recorded Future
London Blue Apr Agari
Iranian Nation-State APT Groups - "Black Box" Leak May ClearSky
Turla LightNeuron: An email too far May ESET
Who's who in the Zoo Cyberespionage operation targets Android users in the Middle East May Kaspersky
Scattered Canary The Evolution and Inner Workings of a West African Cybercriminal Startup Turned BEC Enterprise Jun Agari
An APT Blueprint: Gaining New Visibility into Financial Threats Jun BitDefender
Threat Group Cards: A Threat Actor Encyclopedia Jun ThaiCert
Operation Soft Cell: A Worldwide Campaign Against Telecommunications Providers Jun Cybereason
The Predator in your Pocket Jun Citizen Lab
Iranian APT group MuddyWater Adds Exploits to Their Arsenal Jun Clearsky
Iranian Threat Actor Amasses Large Cyber Operations Infrastructure Network to Target Saudi Organizations Jun Recorded Future
EMOTET: A technical analysis of the destructive, polymorphic malware Jul Bromium
Bestsellers in the Underground Economy: Measuring Malware Polularity by Forum Jul Recorded Future
Double DragonAPT41, a dual espionage and cyber crime operation Aug FireEye
Silence 2.0 Going Global Aug Group IB
UPSynergy: Chinese-American Spy vs Spy Story Sep CheckPoint
The Kittens are back in town: Charming Kitten Campaign against Academic Researchers Sep ClearSky
Simjacker Technical Report Sep Simjacker.com
AT commands, TOR-based communications: Meet Attor, a fantasy creature and also a spy platform Oct ESET
Operation Ghost The Dukes aren't back - they never left Oct ESET
Connecting the dots Exposing the arsenal and methods of the Winnti Group Oct ESET
How TURBINE PANDA and China's Top Spies Enabled Beijing to Cut Corners on the C919 Passenger Jet Oct CrowdStrike
Turla group exploits Iranian APT to expand coverage of victims Oct NCSC
GEOST Botnet. The story of the discovery of a new Android Banking trojan from an OPSEC error Oct Garcia et all
Supply Chain Attacks. Threats targeting service providers and design offices Oct ANSSI
From tweet to rootkit Oct ExaTrack
The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Attack in History (Sandworm) Oct Wired
Here's the Evidence That Links Russia's Most Brazen Cyberattacks (Sandworm) Nov Wired
Operation Wocao Shining a light on one of China’s hidden hacking groups Dec FoxIT
Operation Gamework: Infrastructure Overlaps Found Between BlueAlpha and Iranian APTs Dec RecordedFuture
Drilling DeepA Look at Cyberattacks on the Oil and Gas Industry Dec Trend Micro

2018

Title Month Source
DRAGONFISH delivers new form of Elise malware Jan Accenture
Diplomats in Eastern Europe bitten by a Turla mosquito Jan ESET
Iran's Cyber Threat: Espionage Sabotage and Revenge Jan Carnegie Endowment
Turla group update Neuron malware Jan NCSC
Dark Caracal: Cyber-espionage at a Global Scale Jan Lookout & EFF
International Security and Estonia Feb Estonian Foreign Intelligence Service
APT37 Reaper: The Overlooked North Korean Actor Feb FireEye
BAD TRAFFIC Sandvines PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads Mar The Citizen Lab
The Slingshot APT Mar Kaspersky
Industrial Control System Threats Mar Dragos
Territorial Dispute - NSA's perspective on APT landscape Mar CrySyS Lab
Targeted Attacks on South Korean Organizations Mar AhnLab
GravityRAT Apr Talos
Hogfish Redleaves Apr Accenture
Mtrends 2018 May FireEye
Burning Umbrella May ProtectWise
Andariel Group - KR May Ahnlab
Irans Hacker Hierarchy Exposed May RecordedFuture
New Bank Attacks May Positive Technologies
Bank Attacks May Positive Technologies
Full Discloser of Andariel - A Subgroup of Lazarus Threat Group Jun AhnLab
Operation Roman Holiday Hunting the Russian APT28 group Jul CSE Zlab
COMMSEC: The Trails of WINDSHIFT APT Aug DarkMatter
TURLA Outlook Backdoor Aug ESET
Chinese Cyberespionage Originating From Tsinghua University Infrastructure Aug Recorded Future
The Untold Story of NotPetya, the Most Devastating Cyberattack in History (Sandworm) Aug Wired
Silence: Moving into the darkside Sep Group IB
APT38: Un-usual Suspects Oct FireEye
Thieves and Geeks: Russian and Chinese Hacking Communities Oct Recorded Future
LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group Oct ESET
GREYENERGY A successor to BlackEnergy Oct ESET
Operation Oceansalt Attacks South Korea, U.S. and Canada with Source Code from Chinese Hacker Group Oct McAfee
Buyer beware: cyberthreats targeting e-commerce Nov Kaspersky
The SpyRATs of OceanLotus Oct Cylance
Chinese Threat Actor TEMP.Periscope Targets UK-Based Engineering Company Using Russian APT Techniques Nov RecordedFuture
The Hunt for 3ve Nov Google
MuddyWater Operationsin Lebanon and Oman Nov ClearSky
Operation Shaheen Nov Cylance
Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers Leak Dec Trend Micro
Operation Sharpshooter Dec McAfee
The Dark Side of the ForSSHe: A landscape of OpenSSH backdoors Dec ESET

2017

Title Month Source
APT28: A Window into Russias Cyber Espionage Operations Jan FireEye
APT28: At the center of the storm. Russia strategically evolves its cyber operations Jan FireEeye
APT28 Under the Scope A Journey into Exfiltrating Intelligence and Government Information Feb BitDefender
KingSlayer A Supply chain attack Feb RSA
Nile Phish: Large-Scale Phishing Campaign Targeting Egyptian Civil Society Feb The Citizen Lab
Bitter Sweet: Supporters of Mexico's Soda Tax Targeted With NSO Exploit Links Feb The Citizen Lab
Enhanced Analysis of GRIZZLY STEPPE Activity Feb US-CERT
Dissecting the APT28 Mac OS X Payload Feb Bitdefender
Read The Manual A guide to the RTM Banking Trojan Feb ESET
Trends in Android Ransomware Feb ESET
From Shamoon to StoneDrill Mar Kaspersky
Carbon Paper: Peering into Turlas second stage backdoor Mar ESET
Lazarus Under the Hood Apr Kaspersky
Appendix B: Moonlight Maze Technical Report Apr Kaspersky
Callisto Group Apr F-Secure
McAfee Labs Threats Report Apr McAfee
Intrusions Affecting Multiple Victims Across Multiple Sectors Apr US-CERT
Two Years of Pawn Storm Examining an Increasingly Relevant Threat May Trend Micro
Sednit adds two zero-day exploits using Trumps attack on Syria as a decoy May ESET
Evolution of the GOLD EVERGREEN Threat Group May SecureWorks
Bachosens: Highly-skilled petty cyber criminal with lofty ambitions targeting large organizations May Symantec
Lazarus: History of mysterious group behind infamous cyber attacks May Symantec
Operation Bachosens: A detailed look into a long-running cyber crime campaign May Symantec
Tainted Leaks: Disinformation and Phishing With a Russian Nexus May The Citizen Lab
Lazarus Arisen - Architecture / Tools /Attribution May Group IB
Lazarus Arisen - article May Group IB
Operation Cobalt Kitty May Cybereason
CrashOverride: Analysis of the Threat to Electric Grid Operations Jun Dragos
WIN32/INDUSTROYER A new threat for industrial control systems Jun ESET
How an Entire Nation Became Russia's Test Lab for Cyberwar (Sandworm) Jun Wired
Behind the CARBANAK Backdoor Jun FireEye
Bahamut Pursuing a Cyber Espionage Actor in the Middle East Jun Collin and Claudio
FIN10 Anatomy of a Cyber Extortion Operation Jun FireEye
Detecting Lateral Movement through Tracking Event Logs Jun JPCERT
Bronze Buttler Jun SecureWorks
OceanLotus Blossoms: Mass Digital Surveillance andAttacks Targeting ASEAN, Asian Nations, the Media, HumanRights Groups, and Civil Society Jun Volexity
ChessMasters New Strategy: Evolving Tools and Tactics Jun Trend Micro
Everything we know about GoldenEye Jul BitDefender
CYBERATTACKS AGAINST UKRAINIAN ICS Jul Sentryo
Living off the land and fileless attack techniques Jul Symantec
State of Cybersecurity in Asia-Pacific Jul PaloAlto
Operation Wilted Tulip Jul ClearSky & Trend Micro
OilRig Deploys ALMA Communicator - DNS TunnelingTrojan Aug Palo Alto
Intelligence Games in the Power Grid Sep Treadstone 71
APT3 Adversary Emulation Plan Sep MITRE
Hack ATM with an anti-hacking feature and walk away with $1M in 2 minutes Oct Embedi
Remote Control Interloper: Analyzing New Chinese htpRAT Malware Attacks Against ASEAN Oct RISKIQ
Investigation: WannaCry cyber attack and the NHS Oct National Audit Office
Tracking Subaat: Targeted Phishing Attack Leads toThreat Actors Repository Oct Palo Alto
The CARBANAK/FIN7 Syndicate a historical overview of an evolving threat Nov RSA
The Shadows of Ghosts Inside the Response of a Unique CARBANAK Intrusion Nov RSA
Turla group using Neuron and Nautilus tools alongside Snake malware Nov UK NCSC
Charming Kitten Dec ClearSky
TRISIS Malware Analysis of Safety System Targeted Malware Dec Dragos
North Korea Bitten by Bitcoin Bug Dec Proofpoint
Attackers Deploy New ICS Attack Framework TRITON and Cause Operational Disruption to Critical Infrastructure Dec FireEye
MoneyTaker 1.5 Years of Silent Operations Dec Group IB

2016

Title Month Source
Analyzing a New Variant of BlackEnergy 3 Likely Insider-Based Execution Jan SentinelOne
Operation Dusty Sky Jan ClearSky
Know Your Enemies 2.0: A Primer on Advanced Persistent Threat Groups Feb ICIT
Operation Duststorm Feb Cylance
Operation Blockbuster Feb Novetta
From Seoul to Sony Feb Blue Coat
Prologue: Global Criminal Kingpin, Long Held in Secret U.S. Custody, Makes First Court Appearance (The Mastermind) Mar Atvist
Episode 1: A journey to understand how a real-estate agent in the Philippines became the target of a criminal mastermind (The Mastermind) Mar Atvist
Update to Episode 1: New revelations about Catherine Lee's accused killers (The Mastermind) Mar Atvist
Full text of the prosecution’s letter (The Mastermind) Mar Atvist
Episode 2: When you doin't know who your boss really is, a dream job can turn into a nightmare (The Mastermind) Mar Atvist
Episode 3: How dida usenet troll and encryption genius become a criminal mastermind? (The Mastermind) Mar Atvist
Episode 4: How the programmer became an insatiable tyrant (The Mastermind) Mar Atvist
Episode 5: A Yatch called "I Dream" washes up in Tonga with some drugs and grisly cargo (The Mastermind) Mar Atvist
Episode 6: How a retired american soldier became a brutal enforcer for an international cartel (The Mastermind) Mar Atvist
Episode 7: A shroud of secrecy, a legal gambit, and a mistery solved (The Mastermind) Mar Atvist
Update: Joseph Rambo Hunter, Paul Le Roux's former enforcer, sentenced to 20 years in prison (The Mastermind) Mar Atvist
The Four-Element Sword Engagement: Ongoing APT Targeting of Tibetan, Hong Kong, and Taiwanese Interests Mar Arbor Networks
The Four Element Sword Engagement Apr Arbor Networks
Between Hong Kong and Burma: Tracking UP007 and SLServer Espionage Campaigns Apr The Citizen Lab
PLATINUM Targeted attacks in South and Southeast Asia Apr Microsoft
Follow the money: Dissecting the operations of the cyber crime group FIN6 Apr FireEye
Mofang: A politically motivated information stealing adversary May FoxIT
Operation Groundbait:Analysis of a surveillance toolkit May ESET
APT Case RUAG Technical Report May Melani GovCERT
Keep Calm and (Dont) Enable Macros: A New Threat Actor Targets UAE Dissidents May The Citizen Lab
Operation DustySky Part 2 Jun ClearSky
Visiting The Bear Den A Journey in the Land of Cyber-Espionage Jun ESET
Vawtrak v2 Jun Sophos
REDLINE DRAWN China recalculates its use of cyber espionage Jun FireEye
Pacifier APT Jul Bitdefender
Unveiling Patchwork the Copy Paste APT Jul Cymmetria
Operation Manul Aug EFF
Monsoon - Analysis of an APT Campaign Aug Forcepoint
Group5: Syria and the Iranian Connection Aug The Citizen Lab
The ProjectSauron APT Aug Kaspersky
Carbanak Oracle Breach Aug VISA
The Million Dollar Dissident: NSO Group's iPhone Zero-Days used against a UAE Human Rights Defender Aug The Citizen Lab
Visa Alert and Update on the Oracle Breach Aug VISA
Ego Market When Greed for Fame Benefits Large-Scale Botnets Sep GoSecure
Hunting Libyan Scorpions Sep Cyberkov
En Route with Sednit Part 1: Approaching the Target Oct ESET
En Route with Sednit Part 2: Observing the Comings and Goings Oct ESET
En Route with Sednit Part 3: A Mysterious Downloader Oct ESET
Rootkit analysis Use case on HideDRV Oct Sekoia
Wave your false flags! Deception tactics muddying attribution in targeted attacks Oct Kaspersky
When The Lights Went Out: Ukraine Cybersecurity Threat Briefing Nov BAH
Cobalt Logical Attacks on ATMs Nov Group IB
PROMETHIUM and NEODYMIUM: Parallel zero-day attacks targeting individuals in Europe Dec Microsoft
Use of Fancy Bear Android Malware tracking of Ukrainian Artillery Units Dec Crowdstrike
GRIZZLY STEPPE - Russian Malicious Cyber Activity Dec FBI

2015

Title Month Source
Insight In To A Strategic Web Compromise And Attack Campaign Against Hong Kong Infrastructure Jan Dragon Threat Labs
The Waterbug Attack Group Jan Symantec
CARBANAK APT THE GREAT BANK ROBBERY Feb Kaspersky
MEDJACK.4 Medical Device Hijacking Feb TrapX
Behind The Syrian Conflict's Digital Front Lines Feb FireEye
The Desert Falcons Targeted Attacks Feb Kaspersky
Southeast Asia: An Evolving Cyber Threat Landscape Feb FireEye
Operation Arid Viper: Bypassing The Iron Dome Feb Trend Micro
Plugx Goes To The Registry And India Feb Sophos
ScanBox II Feb PWC
Crowdstrike Global Threat Intel Report Feb Crowdstrike
Equation Group: Questions And Answers Feb Kaspersky
Shooting Elephants Feb CIRCL Luxembourg
Tibetan Uprising Day Malware Attacks Mar The Citizen Lab
Operation Woolen-Goldfish When Kittens Go Phishing Mar Trend Micro
Volatile Cedar Threat Intelligence And Research Mar Check Point
Hacking Team Reloaded? US-Based Ethiopian Journalists Again Targeted with Spyware Mar The Citizen Lab
HACKING THE STREET? FIN4 LIKELY PLAYING THE MARKET Apr FireEye
APT30 And The Mechanics Of A Long-Running Cyber Espionage Operation Apr FireEye
Sofacy II Same Sofacy, Different Day Apr PWC
China's Great Cannon Apr The Citizen Lab
CozyDuke Apr F-Secure
Dissecting Linux/Moose The Analysis of a Linux Router-based Worm Hungry for Social Networks May ESET
Operation Tropic Trooper: Relying On Tried-And-Tested Flaws To Infiltrate Secret Keepers May Trend Micro
Oceanlotus APT-C-00 May SkyEye
APT28 Targets Financial Markets: Zero Day Hashes Released May Root9b
Analysis On APT-To-Be Attack That Focusing On China's Government Agency May Antiy CERT
The Msnmm Campaigns: The Earliest Naikon APT Campaigns May Kaspersky
Operation Oil Tanker: The Phantom Menace May PandaLabs
Thamar Reservoir An Iranian cyber - attack campaign against targets in the Middle East Jun ClearSky
Duqu 2.0: A Comparison To Duqu Jun CrySyS Lab
Operation Lotusblossom Jun PaloAlto
An Iranian Cyber-Attack Campaign Against Targets In The Middle East Jun ClearSky
The Duqu 2.0 Technical Details Jun Kaspersky
Insight in to advances of adversary tactics, techniques and procedures through analysis of an attack against an organisation in the Asia Pacific region Jun Dragon Threat Labs
Target Attacks Against Tibetan And Hong Kong Groups Exploiting CVE-2014-4114 Jun The Citizen Lab
Operation Potao Express: Analysis Of A Cyber-Espionage Toolkit Jul ESET
The Black Vine Cyberespionage Group Jul Symantec
HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group Jul FireEye
Butterfly: Corporate Spies Out For Financial Gain Jul Symantec
RSA Research Terracotta VPN: Enabler Of Advanced Threat Anonymity Aug RSA
What we know about the South Korea NIS's use of Hacking Team's RCS Aug The Citizen Lab
London Calling: Two-Factor Authentication Phishing From Iran Aug The Citizen Lab
THE DUKES: 7 years of Russian cyberespionage Sep F-Secure
The Spy Kittens Are Back: Rocket Kitten 2 Sep Trend Micro
Proactive Threat Identification Neutralizes Remote Access Trojan Efficacy Sep Recorded Future
Pay No Attention to the Server Behind the Proxy: Mapping FinFisher's Continuing Proliferation Oct The Citizen Lab
Targeted Malware Attacks against NGO Linked to Attacks on Burmese Government Websites Oct The Citizen Lab
RUSSIAN FINANCIAL CYBERCRIME: HOW IT WORKS Nov Kaspersky
CopyKittens Attack Group Nov ClearSky
ROCKET KITTEN: A Campaign with 9 lives Nov Check Point
Operation Iron Tiger: Exploring Chinese Cyber-Espionage Attacks on United States Defense Contractors Dec Trend Micro
The Dukes: 7 years of Russian cyberespionage Dec F-Secure

2014

Title Month Source
Targeted Attacks Against The Energy Sector Jan Symantec
Emerging Threat Profile Shell_Crew Jan RSA
New Cdto: A Sneakernet Trojan Solution Jan Fidelis
Intruder File Report- Sneakernet Trojan Jan Fidelis
Uroburos Highly Complex Espionage Software With Russian Roots Feb GDATA
Unveiling Careto - The Masked Apt Feb Kaspersky
Mapping Hacking Teams Untraceable Spyware Feb The Citizen Lab
Gathering In The Middle East, Operation Stteam Feb Fidelis
The Monju Incident Feb Context
Hacking Team and the Targeting of Ethiopian Journalists Feb The Citizen Lab
Hacking Team's US Nexus Mar The Citizen Lab
Snake Campaign & Cyber Espionage Toolkit Mar BAE
Maliciously Repackaged Psiphon Found Mar The Citizen Lab
Deep Panda May Crowdstrike
Operation Saffron Rose May FireEye
Rat In A Jar: A Phishing Campaign Using Unrecom May Fidelis
Illuminating The Etumbot Apt Backdoor Jun Arbor
Putter Panda Jun Crowdstrike
Anatomy Of The Attack: Zombie Zero Jun Trapx
Dragonfly: Cyberespionage Attacks Against Energy Suppliers Jun Symantec
Police Story: Hacking Team Government Surveillance Malware Jun The Citizen Lab
Energetic Bear _ Crouching Yeti Jul Kaspersky
The Eye Of The Tiger (Pitty Tiger) Jul Airbus
Crouching Yeti: Appendixes Jul Kaspersky
Operation Arachnophobia Caught In The Spider's Web Aug Threat Connect
Sidewinder Targeted Attack Against Android In The Golden Age Of Ad Libraries Aug FireEye
Profiling An Enigma: The Mystery Of North Korea's Cyber Threat Landscape Aug HP
The Epic Turla Operation: Solving Some Of The Mysteries Of Snake/Uroboros Aug Kaspersky
Syrian Malware, The Ever-Evolving Threat Aug Kaspersky
Cosmicduke Cosmu With A Twist Of Miniduke Sep F-Secure
Operation Quantum Entanglement Sep FireEye
BLACKENERGY & QUEDAGH The convergence of crimeware and APT attacks Oct F-Secure
Sofacy Phishing Oct PWC
Operation Pawn Storm Using Decoys to Evade Detection Oct Trend Micro
Hikit Analysis Oct Novetta
Apt28: A Window Into Russia's Cyber Espionage Operations Oct FireEye
Micro-Targeted Malvertising Via Real-Time Ad Bidding Oct Invincea
The Rotten Tomato Campaign Oct Sophos
Zoxpng Analysis Oct Novetta
Operation Toohash How Targeted Attacks Work Oct GDATA
The Darkhotel Apt A Story Of Unusual Hospitality Nov Kaspersky
Darkhotel Indicators Of Compromise Nov Kaspersky
Derusbi (Server Variant) Analysis Nov Novetta
Evil Bunny: Suspect #4 Nov Marion
The Regin Platform Nation-State Ownership Of Gsm Networks Nov Kaspersky
Regin: Top-Tier Espionage Tool Enables Stealthy Surveillance Nov Symantec
Anunak: Apt Against Financial Institutions Dec FoxIT
The Inception Framework: Cloud-Hosted Apt Dec Blue Coat
Operation Cleaver Dec Cylance
Bots, Machines, And The Matrix Dec Fidelis
Hacking The Street? Fin4 Likely Playing The Market Dec FireEye
W32/Regin, Stage #1 Dec F-Secure
W64/Regin, Stage #1 Dec F-Secure
Malware Attacks Targeting Syrian ISIS Critics Dec The Citizen Lab

2013

Title Month Source
"Red October" Diplomatic Cyber Attacks Investigation Jan Kaspersky
The Icefog Apt: A Tale Of Cloak And Three Daggers Jan Kaspersky
A closer look at MiniDuke Feb BitDefender
Stuxnet 0.5: The Missing Link Feb Symantec
The Miniduke Mystery: Pdf 0-Day Government Spy Assembler 0X29A Micro Backdoor Feb Kaspersky
Miniduke: Indicators Feb CrySyS Lab
Apt1 Exposing One Of China's Cyber Espionage Units Feb Mandiant
Command And Control In The Fifth Domain Feb Command Five Pty Ltd
Comment Crew: Indicators Of Compromise Feb Symantec
APT1s GLASSES: Watching a Human Rights Organization Feb The Citizen Lab
Dissecting Operation Troy: Cyberespionage In South Korea Mar McAfee
The Teamspy Story - Abusing Teamviewer In Cyberespionage Campaigns Mar Kaspersky
Analysis Of A Plugx Variant (Plugx Version 7.0) Mar CIRCL
You Only Click Twice: Finfisher's Global Proliferation Mar The Citizen Lab
Apt1: Technical Backstage Mar itrust
Safe A Targeted Threat Mar Trend Micro
Winnti: More Than Just A Game Apr Kaspersky
For Their Eyes Only: The Commercialization of Digital Spying Apr The Citizen Lab
Permission to Spy: An Analysis of Android Malware Targeting Tibetans Apr The Citizen Lab
Analysis Of A Stage 3 Miniduke Sample May CIRCL
Operation Hangover - Unveiling An Indian Cyberattack Infrastructure May Norman
The Chinese Malware Complexes: The Maudi Surveillance Operation Jun Norman
A Call To Harm: New Malware Attacks Target The Syrian Opposition Jun The Citizen Lab
Crude Faux: An Analysis Of Cyber Conflict Within The Oil & Gas Industries Jun Cerias
Njrat Uncovered Jun Fidelis
The Nettraveler (Aka Travnet) Jun Kaspersky
The Plugx Malware Revisited: Introducing Smoaler Jul Sophos
Operation Hangover - Unveiling An Indian Cyberattack Infrastructure (Appendix) Aug FIXME
The Little Malware That Could: Detecting And Defeating The China Chopper Web Shell Aug FireEye
Inside Report _ Apt Attacks On Indian Cyber Space Aug Infosec Consorcium
Surtr: Malware Family Targeting the Tibetan Community Aug The Citizen Lab
Poison Ivy: Assessing Damage And Extracting Intelligence Aug FireEye
2Q Report On Targeted Attack Campaigns Sep Trend Micro
Hidden Lynx: Professional Hackers For Hire Sep Symantec
World War C: Understanding Nation-State Motives Behind Today's Advanced Cyber Attacks Sep FireEye
Fakem Rat: Malware Disguised As Windows Messenger And Yahoo! Messenger Oct Trend Micro
Targeted Threats Index Oct The Citizen Lab
Supply Chain Analysis: From Quartermaster To Sunshopfireeye Nov FireEye
Energy At Risk: A Study Of It Security In The Energy And Natural Resources Industry Dec KPMG
Etso Apt Attacks Analysis Dec AHNLAB
Operation Ke3Chang Targeted Attacks Against Ministries Of Foreign Affairs Dec FireEye
"Njrat" The Saga Continues Dec Fidelis
Quantum of Surveillance: Familiar Actors and Possible False Flags in Syrian Malware Campaigns Dec The Citizen Lab

2012

Title Month Source
The Heartbeat Apt Campaign Jan Trend Micro
Crouching Tiger, Hidden Dragon, Stolen Data Mar Context
Skywiper (A.K.A. Flame A.K.A. Flamer): A Complex Malware For Targeted Attacks Mar CrySyS Lab
Luckycat Redux: Inside An Apt Campaign With Multiple Targets In India And Japan Mar Trend Micro
Have I Got Newsforyou: Analysis Of Flamer C&C Server May Symantec
Ixeshe An Apt Campaign May Trend Micro
Pest Control: Taming The Rats Jun Matasano
Spoofing the European Parliament: Analysis of the Repurposing of Legitimate Content in Targeted Malware Attacks Jun The Citizen Lab
Syrian Activists Targeted with BlackShades Spy Software Jun The Citizen Lab
From Bahrain With Love: Finfisher Spy Kit Exposed? Jul The Citizen Lab
Recent Observations In Tibet-Related Information Operations: Advanced Social Engineering For The Distribution Of Lurk Malware Jul The Citizen Lab
Iexpl0Re Rat Aug The Citizen Lab
Gauss: Abnormal Distribution Aug Kaspersky
The SmartPhone Who Loved Me: FinFisher Goes Mobile Aug The Citizen Lab
The Voho Campaign: An In Depth Analysis Aug RSA
The Elderwood Project Sep Symantec
Backdoors are Forever: Hacking Team and the Targeting of Dissent Oct The Citizen Lab
Trojan.Taidoor: Targeting Think Tanks Oct Symantec
Recovering From Shamoon Nov Fidelis
Systematic Cyber Attacks Against Israeli And Palestinian Targets Going On For A Year Nov Norman
The Many Faces Of Gh0St Rat: Plotting The Connections Between Malware Attacks Nov Norman

2011

Title Month Source
W32.Stuxnet Dossier Feb Symantec
Global Energy Cyberattacks: Night Dragon Feb McAfee
Stuxnet Under the Microscope Apr ESET
Advanced Persistent Threats: A Decade in Review Jun Command Five Pty Ltd
The Lurid Downloader Aug Trend Micro
Revealed: Operation Shady Rat Aug McAfee
Enter the Cyber-dragon Sep Vanity Fair
SK Hack by an Advanced Persistent Threat Sep Command Five Pty Ltd
Alleged APT Intrusion Set: "1.php" Group Oct Zscaler
The Nitro Attacks: Stealing Secrets From The Chemical Industry Oct Symantec

2010

Title Month Source
The Command Structure Of The Aurora Botnet Jan Damballa
Operation Aurora: Detect, Diagnose, Respond Jan HBGary
Operation Aurora Feb HBGary
Combating Aurora Jan McAfee
In-Depth Analysis Of Hydraq: The Face Of Cyberwar Enemies Unfolds Mar CA
Shadows In The Cloud: Investigating Cyber Espionage 2.0 Apr Shadowserver
The Msupdater Trojan And Ongoing Targeted Attacks Sep Zscaler

2009

Title Month Source
Tracking GhostNet: Investigating a Cyber Espionage Network Mar TheSecDevGroup
DECLAWING THE DRAGON: WHY THE U.S. MUST COUNTER CHINESE CYBER-WARRIORS Jun NA
Capability of the People\92s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation Oct Northrop Grumman
Russian Cyberwar on Georgia Nov georgiaupdate.gov.ge

References