HYAS Intel Team
Lazarus Group “Operation Dream Job”: Lessons in Attack Infrastructure
The Lazarus Group (aka Hidden Cobra, Labyrinth Chollima, Zinc, Guardians of Peace) is a threat...
Inside Ryuk Crime (Crypto) Ledger & Asian Crypto Traders
The following article is co-authored by threat intelligence researchers from HYAS and Advanced...
The SolarWinds Hack: Understanding The Adversary Infrastructure
The capabilities and possible victims of the recent SolarWinds hack and the SunBurst backdoor are...
Mapping Adversary Infrastructure: A Real-world (North Korean) Example
The news article “Hackers use fake media domains to trick North Korea researchers” by Nils...
Latest Roaming Mantis Campaign Targets Banks in Japan and Turkey
Summary Roaming Mantis is a Chinese-speaking threat actor group that has been active since at...
APT33 During the Coronavirus Pandemic: July 2020 Update
This blog post continues our ongoing research into Iranian threat actor groups, in particular...
The “Silent Night” Zloader/Zbot
ZeuS is probably the most famous banking Trojan ever released. Since its source code leaked,...
Fraud-as-a-Service In The Time Of COVID-19
Any catastrophe is an opportunity for cybercriminals, and coronavirus/COVID-19 is no exception....
Magecart Group 4 – A link with Cobalt Group?
Note: This blog post is a collaboration between the Malwarebytes and HYAS Threat Intelligence teams.
Hunting APT33 Campaign Infrastructure
Geopolitical risk is just one of many considerations that global enterprises and institutions must...
CVE-2017-0199 Targeting Brazilian Users
Recently we came across an interesting sample that warranted further investigation. The file in...
New Advanced Phishing Kits Target Digital Platforms
The difference between an obvious phish and a successful one is often the technical skill and...