This report explores the operational environment of the Nomadic Octopus espionage group's Tajikistan Campaign: Paperbug. According to victim analysis, the group targets high-ranking government officials, telecommunication services, and public service infrastructures. The types of compromised machines range from individuals' computers to OT devices....
April 27, 2023 18:12
RIG EK is a financially-motivated program that has been active since 2014. Although it has yet to substantially change its exploits in its more recent activity, the type and version of the malware they distribute constantly change. The frequency of updating samples ranges from weekly to daily updates. This report aims to provide insight into how...
February 27, 2023 10:23
The highly active threat group FIN7 has been continuously broadening their cybercrime horizons and recently added ransomware to its attack arsenal. FIN7 group is known to hold a notorious status due to their achievement in deploying extensive backdoors in leveraging software supply chains, distributing malicious USB sticks, and cooperating with oth...
December 22, 2022 00:21
UNC1151 is an organizational group that tends to distribute malware through phishing emails with malicious attachments to compromise governments' communication systems, and gather data to misuse in ongoing Information Operation (IO) campaigns. Our PTI team investigated the UNC1151 campaigns and publishing new data and insights on the inner works of...
September 15, 2022 12:01
TA505 is a financially motivated threat group that has been active since 2014. The group frequently changes its malware attack strategies in response to global cybercrime trends. It opportunistically adopts new technologies in order to gain leverage over victims before the wider cybersecurity industry catches on. This report provides insight int...
September 6, 2022 08:13
The PRODAFT Threat Intelligence (PTI) team has assembled this report to provide in-depth knowledge about Wizard Spider. This report provides unprecedented visibility into the structure, background, and motivations of Wizard Spider. We’ve obtained command statistics, target country statistics, command execution patterns, and other information on...
May 16, 2022 15:22
The group behind PYSA ransomware has earned notoriety for targeting government agencies, educational institutions, and the healthcare sector. The group is known to carefully research high-value targets before launching its attacks, compromising enterprise systems and forcing organizations to pay large ransoms to restore their data. They are listed...
April 13, 2022 17:55
PRODAFT Threat Intelligence (PTI) Team has obtained valuable insights on the inner workings of the Conti ransomware group. The PTI team accessed Conti’s infrastructure and identified the real IP addresses of the servers in question. This report provides unprecedented detail into the way the Conti ransomware gang works, how they select their targets...
November 18, 2021 09:57
The PRODAFT Threat Intelligence (PTI) team has assembled this report to provide in-depth knowledge about Solarmarker malware and the threat actors behind it. Solarmarker is a multipurpose backdoor first discovered sometime around September 2020. This report brings new, exclusive information about Solarmarker C2 infrastructure to the publi...
October 28, 2021 10:43
Starting from the second half of 2020, PRODAFT Threat Intelligence ("PTI") team witnessed a rising trend of mobile banking malware attacks against the European countries; primarily targeting customers of banking institutions based in Spain, Germany, Switzerland, and Netherlands. Toddler is considered to be an important example of this trend in term...
July 16, 2021 09:01