In June 2022, Kaspersky researchers found a suspicious shellcode running in the memory of a system process. Based on their reconstruction of the infection chain, they determined that it originated from running an encoded PowerShell script as a task.

A newly discovered campaign related to the Bad Magic APT involved use of a modular framework dubbed CloudWizard. Its features include taking screenshots, microphone recording, keylogging, and more.

The threat actor targets government and diplomatic entities in the CIS. The few victims discovered in other regions (Middle East or Southeast Asia) turn out to be foreign representations of CIS countries, illustrating Tomiris’s narrow focus.

This threat cluster linked to the North Korean threat actor Lazarus is also known as Operation DreamJob or NukeSped. It's dubbed DeathNote after its malware payloads named Dn.dll or Dn64.dll.

The use of IPFS is not limited to mass mailing campaigns: it is used for complex targeted attacks too. Targeted phishing campaigns are much better prepared, normally focusing on specific persons within the company, not just random users.

In October 2022, Kaspersky researchers identified an active infection of government, agriculture, and transportation organizations located in the Donetsk, Lugansk, and Crimea regions.

To protect themselves from significant losses, cybercriminals use regulatory mechanisms, such as escrow services (aka middlemen, intermediaries, or guarantors), and arbitration.

Prilex is a highly advanced malware adopting a unique cryptographic scheme, doing real-time patching in target software, forcing protocol downgrades, manipulating cryptograms, doing GHOST transactions, and performing credit card fraud.

Roaming Mantis (aka Shaoye) is well-known campaign that uses malicious APK files to control infected Android devices and steal device information; it also uses phishing pages to steal user credentials, with a strong financial motivation.

BlueNoroff group introduced new file types to evade Mark-of-the-Web (MOTW) security measures. It expanded file types and tweaked infection methods and, created numerous fake domains impersonating venture capital companies and banks.