Sudeep Singh

Security Research | Blog Category Feed

*Updated on November 7, 2024: As of November 7, 2024, the WINELOADER attacks have been attributed, with high confidence, to the Russian threat actor group known as APT29 or Cozy Bear. We have updated the blog accordingly.IntroductionZscaler ThreatLabz discovered a suspicious PDF file through our intelligence sources on January 30th, ... Read More

IntroductionZscaler's ThreatLabz discovered a suspicious PDF file uploaded to VirusTotal from Latvia on January 30th, 2024. This PDF file is masqueraded as an invitation letter from the Ambassador of India, inviting diplomats to a wine-tasting event in February 2024. The PDF also included a link to a fake questionnaire that ... Read More

Introduction In July 2023, Zscaler ThreatLabz discovered new malicious activity perpetuated by the Pakistan-based advanced persistent threat group (APT36). APT36 is a sophisticated cyber threat group with a history of conducting targeted espionage operations in South Asia. We observed APT36 targeting Indian government sectors using a previously undocumented Windows RAT, ... Read More

Introduction In our persistent quest to decode DuckTail’s maneuvers, Zscaler ThreatLabz began an intelligence collection operation in May 2023. Through an intensive three-month period of monitoring, we obtained critical details about DuckTail’s operational framework. This expedition granted us unprecedented visibility into DuckTail’s end-to-end operations, spanning the entire kill chain from ... Read More

Summary At Zscaler ThreatLabz, we have been closely monitoring the tools, techniques and procedures (TTPs) of APT37 (also known as ScarCruft or Temp.Reaper) - a North Korea-based advanced persistent threat actor. This threat actor has been very active in February and March 2023 targeting individuals in various South Korean organizations ... Read More

Summary At Zscaler ThreatLabz, we have been closely monitoring web threats such as payment card skimming attacks against e-commerce stores. Starting in July 2022, we have observed an increase in such activity targeted against Magento and Presta Shop e-commerce stores. With Black Friday and the holiday season approaching, it is ... Read More

Summary APT-36 (also known as Transparent Tribe) is an advanced persistent threat group attributed to Pakistan that primarily targets users working at Indian government organizations. Zscaler ThreatLabz has been closely monitoring the activities of this group throughout 2022. Our tracking efforts have yielded new intelligence about this APT group that ... Read More

Summary This blog is a follow-up to our recent publication which described the details of a large-scale phishing campaign targeting enterprise users of Microsoft email services. Beginning in mid-July 2022, ThreatLabz started observing instances of adversary-in-the-middle (AiTM) phishing attacks targeted towards enterprise users of Gmail. Upon further analysis of the ... Read More

Summary ThreatLabz has discovered a new strain of a large-scale phishing campaign, which uses adversary-in-the-middle (AiTM) techniques along with several evasion tactics. Similar AiTM phishing techniques were used in another phishing campaign described by Microsoft recently here. In June 2022, researchers at ThreatLabz observed an increase in the use of ... Read More

Summary Since May 2022, ThreatLabz has been closely monitoring the activities of a threat actor which targets users in various US-based organizations with malicious voicemail-notification-themed emails in an attempt to steal their Office365 and Outlook credentials. The tactics, techniques, and procedures (TTPs) of this threat actor have a high overlap ... Read More