Mysterious Elephant: a growing threat

Introduction Mysterious Elephant is a highly active advanced persistent threat APT group that we at Kaspersky GReAT discovered in 2023. It has been consistently evolving and adapting its tactics, techniques, and procedures TTPs to stay under the radar. With a primary focus on targeting government...

Highlighting TA866/Asylum Ambuscade Activity Since 2021

TA866 also known as Asylum Ambuscade is a threat actor that has been conducting intrusion operations since at least 2020. TA866 has frequently relied on commodity and custom tooling to facilitate post-compromise activities. These tools often perform specific functions and are deployed and used as...

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

Over the past several months, Microsoft has observed a mature subgroup of Mint Sandstorm, an Iranian nation-state actor previously tracked as PHOSPHORUS, refining its tactics, techniques, and procedures TTPs. Specifically, this subset has rapidly weaponized N-day vulnerabilities in common...

How we developed our simple Harbour decompiler

https://github.com/KasperskyLab/hbdec Every once in a while we get a request that leaves us scratching our heads. With these types of requests, existing tools are usually not enough and we have to create our own custom tooling to solve the "problem". One such request dropped onto our desk at the...

Introducing Slackor, a Remote Access Tool Using Slack as a C2 Channel

As a penetration tester at Coalfire Labs, I frequently use exploitation frameworks such as Metasploit or PowerShell Empire to perform post-exploitation actions on compromised endpoints. While anti-virus AV bypass and detection avoidance is often trivial in all but the most mature environments,...