In Q3 2024, a new APT malware called CloudSorcerer was discovered targeting Russian government organizations. CloudSorcerer functions as separate modules – for communication and data collection, but executes from a single executable.
In August, Blind Eagle, a threat actor targeting government, finance, energy, oil and gas and other sectors in Latin America, launched a new campaign using DLL side-loading.
Tropic Trooper, active since 2011, initiated a series of persistent campaigns targeting a government body in the Middle East in June 2023.
The Twelve and BlackJack groups emerged as hacktivist groups targeting Russian government organizations and institutions in late 2023 and 2024 with overlapping TTPs.
Cybercriminals boosting the business of ransomware can find leaked ransomware variants online, buy ransomware on the dark web, or become an affiliate of a ransomware group.
In June, a macOS version of the HZ Rat backdoor was discovered, being used to target users of the enterprise messenger DingTalk and the social networking and messaging platform WeChat.
The Kaspersky Global Emergency Response Team (GERT) identified a complex campaign consisting of multiple sub-campaigns orchestrated by Russian-speaking cybercriminals called Tusk.
A new RAT called SambaSpy was discovered in May, exclusively targeting victims in Italy, using phishing emails disguised as messages from a real estate agency.
Head Mare, a hacktivist group targeting organizations in Russia and Belarus, maintains a public account on a social network, posting information about its victims. The group also deploys LockBit and Babuk ransomware.
Loki, a previously unknown backdoor, was discovered in July, being used in a series of targeted attacks against Russian companies in various industries.