Executive Summary
SentinelLabs has discovered a novel malware variant of AcidRain, a wiper that rendered Eutelsat KA-SAT modems inoperative in Ukraine and caused additional disruptions throughout Europe at the onset…
Read More
Author: SentinelOne
Executive Summary
SentinelLabs and ClearSky Cyber Security have been tracking the activities of a suspected Russia-aligned influence operation network named Doppelgänger.
We observed Doppelgänger intensively targeting German audiences, coinciding with…
Read More
Executive Summary
Overlaps in targeting, malware characteristics, and long-term malware evolutions post 2018 suggest that the Gaza Cybergang sub-groups have likely been consolidating, possibly involving the establishment of internal and/or…
Read More
Executive Summary
SentinelLabs observes sustained tasking towards strategic intrusions by Chinese threat actors in Africa, designed to extend influence throughout the continent.
New attacks include those against telecommunication, finance and…
Read More
By Aleksandar Milenkoski and Tom Hegel
Executive Summary SentinelLabs has identified suspected-Chinese malware and infrastructure potentially involved in China-associated operations directed at the gambling sector within Southeast Asia. The threat…By Tom Hegel and Aleksandar Milenkoski
Executive Summary SentinelLabs identified an intrusion into the Russian defense industrial base, specifically a missile engineering organization NPO Mashinostroyeniya. Our findings identify two instances…By Aleksandar Milenkoski and Tom Hegel
Executive Summary Over the first quarter of 2023, SentinelLabs observed a campaign targeting users of Portuguese financial institutions conducted by a Brazilian threat group.…By Aleksandar Milenkoski and Tom Hegel
Executive Summary SentinelLabs has observed an ongoing campaign by Kimsuky, a North Korean APT group, targeting North Korea-focused information services, human rights activists, and…
Executive Summary
SentinelLabs analyzed several iterations of “AlienFox,” a comprehensive toolset for harvesting credentials for multiple cloud service providers.
Attackers use AlienFox to harvest API keys & secrets from popular…
Read More
By Aleksandar Milenkoski, Collin Farr, and Joey Chen, in collaboration with QGroup
Executive Summary A new threat cluster we track as WIP26 has been targeting telecommunication providers in the Middle…