In a post from last week, researchers at Lab52 observe an unknown actor using similar techniques to APT29 and post details about the new techniques they identified, in particular the SVG Dropper, DLL used for infection and C2 behaviour. https://t.co/7z6PNjIEO9

The latest article from LAB52 looks in depth at the anti-analysis techniques used by QakBot during the early stages of its execution. https://t.co/2KLnL7n9Fc

Check out our new paper (NOT OA)!! This Is How They Tell Me a SOC Works https://t.co/byKthQM8wC #SOC

Lab52 researchers analyse a new campaign detected in Colombia with several similarities to previous decoys and malware used by APT-C-36. https://t.co/cUH6xoURWh

Ana Nieto (@cadirneca) nos comparte el análisis de Lab52 sobre la evolución del #ransomware en #STICPANAMA

During the last months, we have been involved in some presentations about the GRU, mostly related to the book "Cyber GRU. Russian military intelligence in cyberspace" that we announced in July: https://t.co/yUYraMbgjL 🧵

LAB52 reseachers uncovered a phishing campaign deploying DeedRAT, a modular backdoor attributed to Chinese threat actors. The campaign leverages the legitimate signed binary MambaSafeModeUI.exe, part of the VIPRE AV software, vulnerable to DLL side-loading https://t.co/beTOtK43zm

In the news, research by Lab52 unveils efforts by the Turla group with a modified Kazuar trojan. PayPal targets stolen super-cookies threats. Axie Infinity's Jeff Zirlin and wallets face crypto-theft, highlighted by PeckShield. The LockBit group threatens with new FBI material

S2 Grupo's intelligence team LAB52 reports a new Outlook backdoor, named NotDoor and attributed to APT28, that watches for specific trigger words and then exfiltrates data, uploads files, and executes commands on victim hosts. https://t.co/xNyU4ajeFB

🚨 New Lab52 alert: Russian-origin Snake Keylogger is exploiting trusted Java tools in a geopolitical-themed phishing campaign 🐍 📧 Spear-phishing emails tout oil deals, using a weaponized jsadebugd.exe DLL-sideload to inject Snake into InstallUtil.exe 🎯 Targets span

LAB52 has identified a new backdoor for Outlook attributed to the persistent threat group APT28, which is linked to the Russian intelligence service and has compromised multiple companies from various sectors in NATO member countries. https://t.co/knRlR1EbDk @LAB52io

LAB52, the intelligence team at S2 Group, has uncovered a new phishing campaign deploying DeedRAT—a modular backdoor attributed to Chinese threat actors | https://t.co/RCAfhUPkv5 @LAB52io

#100DaysofYARA might have gotten missed but Lab52 had a cool report on a new loader for Turla's (TA420 😎) Kazuar family lets look for it by honing in on code in the export functions used for thread suspension, loading into mem, and DLL name style https://t.co/wmydePQ6DM

Lab52 has a neat organigram on Unit 26165 ( https://t.co/rfGljHkVKM)

Here they are!!

Desde Lab52, la división de ciberinteligencia de S2 Grupo, traemos una completa investigación sobre #JuguetesInteligentes💥tipos de amenazas, riesgos, consejos y... te mostramos un caso real con un dron. ¡Sorprendente!😉 Ya puedes acceder aquí: https://t.co/wN31Y95Y72

Now!!! @ramado78 in action at #STIC2025

Do you want to receive access to the findings of the investigation that uncovered #EasterBunny, #APT29's sophisticated malware?

DreamLoaders in #Lazarus Recent Campaign https://t.co/f0XxzAW91J