The Cluster25 Blog
Ghostwriter / UNC1151 Adopts Microbackdoor Variants in Cyber Operations Against Ukraine
March 8, 2022For a few months Cluster25 collected and analyzed several malicious activities which then were internally linked with th...
Conti's Source Code: Deep Dive
March 2, 2022INTRODUCTION On 25.02.2022 cybercrime group Conti published the following statement on their shame blog: The post was...
2021 Ransomware Bulletin: Recent, Past and Near Future of Cyber Extortion
January 12, 2022This past year 2021 was characterized by an increase in ransomware incidents, not only in regards to occurrence but also...
North Korean Group “KONNI” Targets the Russian Diplomatic Sector with new Versions of Malware Implants
January 3, 2022Cluster25 analyzed a recent attack linked to the North Korean APT group “Konni” targeting Russian diplomatic sector usin...
Dharma/Crysis: Overview and Adversary Tracking
September 17, 2021Dharma, a family of ransomware first spotted in 2016, is a malicious program that encrypts a victim’s files and takes as...
A RattleSnake in the Navy
September 10, 2021Recent geopolitical events are leading to an increase in cyber operations in the Central Asian region. Among the actors ...
A not so Fancy game. Exploring the new “SkinnyBoy” Bear’s backdoor
June 3, 2021This paper presents an analysis of a new and never publicly reported malware internally dubbed as SkinnyBoy. Based on lo...