en
GET A CONSULTATION
Cluster25 joins the VirusTotal community
Cluster25 joins the VirusTotal community
March 16, 2023

  We are proud to announce that Cluster25 has joined the VirusTotal community, improving its website/domain scanning eng...

Read this article

An infostealer comes to town: Dissecting a highly evasive malware targeting Italy
An infostealer comes to town: Dissecting a highly evasive malware targeting Italy
December 22, 2022

  Cluster25 researchers analyzed several campaigns (also publicly reported by CERT-AGID) that used phishing emails to sp...

Read this article

Sanctioned deals: the Irano-Russian connection under Ankara's supervision. Analysis of the NPPD leak
Sanctioned deals: the Irano-Russian connection under Ankara's supervision. Analysis of the NPPD leak
November 7, 2022

  On October 22nd, during the usual OSInt monitoring, Cluster25 detected the Farsi speaking hacktivist TA known as Black...

Read this article

In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants
In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants
September 23, 2022

Cluster25 researchers collected and analyzed a lure document used to implant a variant of Graphite malware, uniquely lin...

Read this article

Erbium InfoStealer Enters the Scene: Characteristics and Origins
Erbium InfoStealer Enters the Scene: Characteristics and Origins
September 15, 2022

On the 21st of July 2022 on a DWW (Deep/Dark Web) forum, a Russian speaking threat actor created an announcement about t...

Read this article

LockBit 3.0: “Making the ransomware great again”
LockBit 3.0: “Making the ransomware great again”
July 6, 2022

LockBit is a major player in the ransomware scene and has contributed heavily for this cyber-crime model to become one o...

Read this article

Cozy Smuggled Into the Box: APT29 Abusing Legitimate Software for Targeted Operations in Europe
Cozy Smuggled Into the Box: APT29 Abusing Legitimate Software for Targeted Operations in Europe
May 13, 2022

Cozy Bear (aka Nobelium, APT29, The Dukes) is a well-resourced, highly dedicated and organized cyberespionage group that...

Read this article

The strange link between a destructive malware and a ransomware-gang linked custom loader: IsaacWiper vs Vatet
The strange link between a destructive malware and a ransomware-gang linked custom loader: IsaacWiper vs Vatet
May 3, 2022

NOTICE: After additional reviews, the team at Cluster25 has determined that the code commonality identified in the two a...

Read this article

Ghostwriter / UNC1151 Adopts Microbackdoor Variants in Cyber Operations Against Ukraine
Ghostwriter / UNC1151 Adopts Microbackdoor Variants in Cyber Operations Against Ukraine
March 8, 2022

For a few months Cluster25 collected and analyzed several malicious activities which then were internally linked with th...

Read this article

RuRAT used in spear-phishing attacks against media organisations in United States
RuRAT used in spear-phishing attacks against media organisations in United States
March 3, 2022

INTRODUCTION On 23.02.2022 one of our partners received a very specific targeted spear-phishing email message which lead...

Read this article

Prev 1 2 Next
Categories
Popular Posts
In the footsteps of the Fancy Bea...
September 23, 2022
Sanctioned deals: the Irano-Russi...
November 7, 2022
Erbium InfoStealer Enters the Sce...
September 15, 2022