The Cluster25 Blog
Cozy Smuggled Into the Box: APT29 Abusing Legitimate Software for Targeted Operations in Europe
May 13, 2022Cozy Bear (aka Nobelium, APT29, The Dukes) is a well-resourced, highly dedicated and organized cyberespionage group that...
The strange link between a destructive malware and a ransomware-gang linked custom loader: IsaacWiper vs Vatet
May 3, 2022NOTICE: After additional reviews, the team at Cluster25 has determined that the code commonality identified in the two a...
Ghostwriter / UNC1151 Adopts Microbackdoor Variants in Cyber Operations Against Ukraine
March 8, 2022For a few months Cluster25 collected and analyzed several malicious activities which then were internally linked with th...
RuRAT used in spear-phishing attacks against media organisations in United States
March 3, 2022INTRODUCTION On 23.02.2022 one of our partners received a very specific targeted spear-phishing email message which lead...
Conti's Source Code: Deep Dive
March 2, 2022INTRODUCTION On 25.02.2022 cybercrime group Conti published the following statement on their shame blog: The post was re...
North Korean Group “KONNI” Targets the Russian Diplomatic Sector with new Versions of Malware Implants
January 3, 2022Cluster25 analyzed a recent attack linked to the North Korean APT group “Konni” targeting Russian diplomatic sector usin...
Dharma/Crysis: Overview and Adversary Tracking
September 17, 2021Dharma, a family of ransomware first spotted in 2016, is a malicious program that encrypts a victim’s files and takes as...