Anton Cherepanov
@cherepanov74
Followers
4K
Following
1K
Media
92
Statuses
1K
Malware researcher at ESET Slovakia. Opinions are my own.
Bratislava, Slovakia
Joined April 2013
#ESETresearch discovered a new wave of the well-known 🇰🇵 Lazarus campaign Operation DreamJob, now targeting the drone industry. @pkalnai @alexis_rapin
https://t.co/lR9FTFnCCN 1/9
welivesecurity.com
ESET Research analyzes a recent cyberespionage campaign linked to Operation DreamJob, conducted by a North Korea-aligned Lazarus group.
1
60
133
The video of @droethlisberger and my @reconmtl 2025 talk, "A Trip to Ancient BABYLON", is now online! It's a fun story about a 2017-era iOS persistence exploit that we found in a Pegasus sample -- on VT (!!)
1
11
41
#ESETResearch has identified two campaigns targeting Android users in the🇦🇪. The campaigns, which are still ongoing, distribute previously undocumented spyware impersonating #Signal and #ToTok via deceptive websites. https://t.co/8Rt9I1GV40 1/6
welivesecurity.com
ESET researchers have discovered campaigns distributing spyware disguised as Android Signal and ToTok apps, targeting users in the United Arab Emirates.
2
31
69
#ESETresearch has observed #Gamaredon exploiting CVE-2025-8088 (#WinRAR path traversal) in an ongoing spearphishing campaign. This vulnerability allows arbitrary file write via crafted RAR archives. 1/5
2
44
127
Today, the NCSC has published a new malware analysis report to help organisations detect and mitigate malicious targeting of certain Cisco devices🚨 See our latest advice and insights from our Chief Technical Officer👇 https://t.co/eQs2OHGezE
5
32
49
#ESETresearch has discovered the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Both groups are affiliated with the FSB, Russia’s main domestic intelligence and security agency. https://t.co/1cADq5kf7p 1/3
welivesecurity.com
ESET researchers reveal how the notorious APT group Turla collaborates with fellow FSB-associated group known as Gamaredon to compromise high‑profile targets in Ukraine.
3
40
98
#ESETresearch has discovered #HybridPetya ransomware on VirusTotal: a UEFI-compatible copycat of the infamous Petya/NotPetya malware. HybridPetya is capable of bypassing UEFI Secure Boot on outdated systems. @smolar_m
https://t.co/UQAcC4O3Pu 1/8
welivesecurity.com
ESET Research has discovered HybridPetya, a copycat of the infamous Petya/NotPetya malware that adds the capability of compromising UEFI-based systems and weaponizing CVE‑2024‑7344 to bypass UEFI...
2
69
148
#ESETresearch uncovers GhostRedirector, a threat actor compromising Windows servers with a C++ Backdoor named Rungan and Gamshen, a native IIS malware https://t.co/PeZ4TYHCXy 1/6
welivesecurity.com
ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search results.
1
53
133
🚨 BREAKING: New zero-click exploit used to hack WhatsApp users. WhatsApp has just sent out a round of threat notifications to individuals they believe where targeted by an advanced spyware campaign in past 90 days. Seek out expert help if you have received this alert
17
193
530
Excellent profile on UNC5807/Salt Typhoon released from several govs today. There are several CN actors targeting global telcos, but these guys are distinguished by deep familiarity with the tech allowing them to evade detection and spread broadly. 1/x
nsa.gov
FORT MEADE, Md. – The National Security Agency (NSA) and other U.S. and foreign organizations are releasing a joint Cybersecurity Advisory to expose advanced persistent threat (APT) actors
2
31
95
#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/6
56
674
3K
Cisco Talos’ latest blog exposes Static Tundra, a Russian state-sponsored group targeting unpatched Cisco devices for long-term espionage worldwide. Apply the patch now and protect your network: https://t.co/6lrkUMqgbs
0
29
48
#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom @dmnsch @cherepanov74
https://t.co/DjAaBJJa5O 1/7
welivesecurity.com
ESET Research discover a zero-day vulnerability in WinRAR being exploited in the wild in the guise of job application documents.
3
74
155
Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware.
microsoft.com
Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow...
3
73
187
An interesting case of a recent phishing campaign targeting users of the X platform. #ESETResearch analyzed the campaign and found that, in addition to the expected focus on individuals involved in crypto and digital assets, the attackers also targeted prominent journalists, a
Last night my Twitter account was hijacked. I’ve now regained access and can tell the full story — it was a sophisticated phishing attack. Essentially, I handed over all my passwords and 2FA myself, so it’s entirely my fault. 1. I received an email (screenshot) claiming there
2
24
36
#ESETresearch has conducted a comprehensive technical analysis of new malicious tools and significant updates observed in 2024 in the arsenal of the Russia-aligned #Gamaredon #APTgroup targeting Ukraine🇺🇦. https://t.co/lWHCJLibyx 1/9
1
29
70
ICYMI, yesterday we released a report providing a first look at how we found traces of spyware on two journalists' iPhones, traces which we can attribute with high confidence to Paragon's Graphite spyware:
citizenlab.ca
On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists who consented to the technical analysis of...
3
49
115
Zero-Day used by Stealth Falcon APT group in a spear-phishing campaign: 💥 .URL file exploitation (assigned CVE-2025-33053) 🧰 Custom Mythic implants, LOLBins, and custom payloads 🌍 High-profile targets across the Middle East and Africa https://t.co/OnQmC2GBLJ
research.checkpoint.com
Check Point Research uncovers Stealth Falcon's cyber espionage campaign exploiting a Microsoft Zero Day Vulnerability
0
108
265
#ESETresearch, in collaboration with #Microsoft, BitSight, Lumen, Cloudflare, CleanDNS, and GMO Registry, has helped disrupt #LummaStealer – a notorious malware-as-a-service infostealer. @JamesTomanek
https://t.co/mAg1Yr7ThM 1/5
welivesecurity.com
Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation
3
48
150
#ESETresearch publishes its investigation of Operation RoundPress, which uses XSS vulnerabilities to target high-value webmail servers. We attribute the operation to Sednit with medium confidence. https://t.co/JI0lkHBi4I 1/5
welivesecurity.com
ESET researchers uncover a Russia-aligned espionage operation that they named RoundPress and that targets webmail servers via XSS vulnerabilities.
1
34
68