Reposted by Mathieu Tartare
#ESETresearch discovered and analyzed a previously undocumented malicious tool for network devices that we have named #EdgeStepper, enabling China-aligned #PlushDaemon APT to perform adversary-in-the-middle to hijack updates to deliver malware. www.welivesecurity.com/en/eset-rese... 1/5
PlushDaemon compromises network devices for adversary-in-the-middle attacks
ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks.
www.welivesecurity.com
November 19, 2025 at 10:12 AM
#ESETresearch discovered and analyzed a previously undocumented malicious tool for network devices that we have named #EdgeStepper, enabling China-aligned #PlushDaemon APT to perform adversary-in-the-middle to hijack updates to deliver malware. www.welivesecurity.com/en/eset-rese... 1/5
Reposted by Mathieu Tartare
New @esetresearch.bsky.social blog, where Peter Kalnai & I discuss a recent cyber espionage campaign by the 🇰🇵-aligned Lazarus group. This operation targeted 3 European defense companies and seemed in no small part interested in drone-related technologies. (1/5) www.welivesecurity.com/en/eset-rese...
Gotta fly: Lazarus targets the UAV sector
ESET Research analyzes a recent cyberespionage campaign linked to Operation DreamJob, conducted by a North Korea-aligned Lazarus group.
www.welivesecurity.com
October 23, 2025 at 2:19 PM
New @esetresearch.bsky.social blog, where Peter Kalnai & I discuss a recent cyber espionage campaign by the 🇰🇵-aligned Lazarus group. This operation targeted 3 European defense companies and seemed in no small part interested in drone-related technologies. (1/5) www.welivesecurity.com/en/eset-rese...
Reposted by Mathieu Tartare
#ESETresearch has uncovered the North Korea-aligned threat actor, DeceptiveDevelopment, targeting freelance developers with trojanized coding challenges and fake job interviews.
www.welivesecurity.com/en/eset-rese... 1/6
www.welivesecurity.com/en/eset-rese... 1/6
www.welivesecurity.com
September 25, 2025 at 9:24 AM
#ESETresearch has uncovered the North Korea-aligned threat actor, DeceptiveDevelopment, targeting freelance developers with trojanized coding challenges and fake job interviews.
www.welivesecurity.com/en/eset-rese... 1/6
www.welivesecurity.com/en/eset-rese... 1/6
Reposted by Mathieu Tartare
#ESETresearch has discovered the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Both groups are affiliated with the FSB, Russia’s main domestic intelligence and security agency. www.welivesecurity.com/en/eset-rese...
1/3
1/3
Gamaredon X Turla collab
ESET researchers reveal how the notorious APT group Turla collaborates with fellow FSB-associated group known as Gamaredon to compromise high‑profile targets in Ukraine.
www.welivesecurity.com
September 19, 2025 at 9:27 AM
#ESETresearch has discovered the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Both groups are affiliated with the FSB, Russia’s main domestic intelligence and security agency. www.welivesecurity.com/en/eset-rese...
1/3
1/3
Reposted by Mathieu Tartare
#ESETresearch’s Matthieu Faou and Zoltán Rusnák will present at Labscon 2025 @labscon_io: “Gamaredon x Turla: Unveiling a 2025 Espionage Alliance Targeting Ukraine”. Join them in Scottsdale, September 19 at 11:00 AM MST. 1/3
September 16, 2025 at 6:47 AM
#ESETresearch’s Matthieu Faou and Zoltán Rusnák will present at Labscon 2025 @labscon_io: “Gamaredon x Turla: Unveiling a 2025 Espionage Alliance Targeting Ukraine”. Join them in Scottsdale, September 19 at 11:00 AM MST. 1/3
Reposted by Mathieu Tartare
#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/7
August 26, 2025 at 3:38 PM
#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/7
Reposted by Mathieu Tartare
#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom @dmnsch @cherepanov74 www.welivesecurity.com/en/eset-rese...
1/7
1/7
August 11, 2025 at 9:09 AM
#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom @dmnsch @cherepanov74 www.welivesecurity.com/en/eset-rese...
1/7
1/7
Reposted by Mathieu Tartare
#ESETresearch has conducted a comprehensive technical analysis of new malicious tools and significant updates observed in 2024 in the arsenal of the Russia-aligned #Gamaredon #APTgroup targeting Ukraine🇺🇦. www.welivesecurity.com/en/eset-rese... 1/9
Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset
ESET Research analyzes Gamaredon’s updated cyberespionage toolset, new stealth-focused techniques, and aggressive spearphishing operations observed throughout 2024.
www.welivesecurity.com
July 2, 2025 at 10:49 AM
#ESETresearch has conducted a comprehensive technical analysis of new malicious tools and significant updates observed in 2024 in the arsenal of the Russia-aligned #Gamaredon #APTgroup targeting Ukraine🇺🇦. www.welivesecurity.com/en/eset-rese... 1/9
Reposted by Mathieu Tartare
ESET’s Matthieu Faou exposed “Operation Texonto”, a pro-Russian disinformation operation aimed at Ukrainian speakers. He shared the full breakdown at #CYBERWARCON.
Watch his talk >> www.youtube.com/watch?v=X5lL...
Read the research >> www.welivesecurity.com/en/eset-rese...
#IO #Cybersecurity
Watch his talk >> www.youtube.com/watch?v=X5lL...
Read the research >> www.welivesecurity.com/en/eset-rese...
#IO #Cybersecurity
Operation Texonto: Information operation targeting Ukrainian speakers in the context of the war
ESET Research discovers Operation Texonto, a disinformation/psychological operations (PSYOPs) campaign that uses spam emails to demoralize Ukrainian citizens with disinformation messages about war-rel...
www.welivesecurity.com
June 25, 2025 at 5:40 PM
ESET’s Matthieu Faou exposed “Operation Texonto”, a pro-Russian disinformation operation aimed at Ukrainian speakers. He shared the full breakdown at #CYBERWARCON.
Watch his talk >> www.youtube.com/watch?v=X5lL...
Read the research >> www.welivesecurity.com/en/eset-rese...
#IO #Cybersecurity
Watch his talk >> www.youtube.com/watch?v=X5lL...
Read the research >> www.welivesecurity.com/en/eset-rese...
#IO #Cybersecurity
Reposted by Mathieu Tartare
"La mathématisation du monde est une forme de négation du rôle et de la nature humaine dans ce monde. Si tout devient quantifiable, mesurable, objectivable, alors tout devient process, automatisme, donnée. Tout peut potentiellement être confié aux algorithmes."
Extension du domaine du calcul
Même dans les fonctions qui leur étaient plus ou moins accueillantes, reste-t-il encore une place pour les non-scientifiques dans le monde…
pierredebeauville.medium.com
June 6, 2025 at 6:28 AM
"La mathématisation du monde est une forme de négation du rôle et de la nature humaine dans ce monde. Si tout devient quantifiable, mesurable, objectivable, alors tout devient process, automatisme, donnée. Tout peut potentiellement être confié aux algorithmes."
Reposted by Mathieu Tartare
🚨 Après plusieurs années passées à travailler sur les enjeux cyber, je nourrissais depuis quelques temps le désir de me rapprocher du « terrain ». C'est désormais chose faite: j'ai le privilège de rejoindre cette semaine @esetresearch.bsky.social à titre de Strategic Threat Intelligence Analyst !
May 16, 2025 at 5:46 PM
🚨 Après plusieurs années passées à travailler sur les enjeux cyber, je nourrissais depuis quelques temps le désir de me rapprocher du « terrain ». C'est désormais chose faite: j'ai le privilège de rejoindre cette semaine @esetresearch.bsky.social à titre de Strategic Threat Intelligence Analyst !
Reposted by Mathieu Tartare
#ESETresearch publishes its investigation of Operation RoundPress, which uses XSS vulnerabilities to target high-value webmail servers. We attribute the operation to Sednit with medium confidence. www.welivesecurity.com/en/eset-rese... 1/5
Operation RoundPress targeting high-value webmail servers
ESET researchers uncover a Russia-aligned espionage operation that they named RoundPress and that targets webmail servers via XSS vulnerabilities.
www.welivesecurity.com
May 15, 2025 at 7:36 AM
#ESETresearch publishes its investigation of Operation RoundPress, which uses XSS vulnerabilities to target high-value webmail servers. We attribute the operation to Sednit with medium confidence. www.welivesecurity.com/en/eset-rese... 1/5
Reposted by Mathieu Tartare
#ESETResearch analyzed the toolset of the China-aligned APT group that we have named #TheWizards. It can move laterally on compromised networks by performing adversary-in-the-middle (AitM) attacks to hijack software updates. www.welivesecurity.com/en/eset-rese... 1/6
TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks
ESET researchers publish an analysis of Spellbinder, a lateral movement tool used to perform adversary-in-the-middle attacks.
www.welivesecurity.com
April 30, 2025 at 11:30 AM
#ESETResearch analyzed the toolset of the China-aligned APT group that we have named #TheWizards. It can move laterally on compromised networks by performing adversary-in-the-middle (AitM) attacks to hijack software updates. www.welivesecurity.com/en/eset-rese... 1/6
Reposted by Mathieu Tartare
We at Wired put together six stories on lesser known hacker groups who have quietly become some of the most harmful in the world.
Case in point: The turncoat Ukrainian spies working for Russia who some analysts say are the top cyberespionage threat to Ukraine today. www.wired.com/story/gamare...
Case in point: The turncoat Ukrainian spies working for Russia who some analysts say are the top cyberespionage threat to Ukraine today. www.wired.com/story/gamare...
Gamaredon: The Turncoat Spies Relentlessly Hacking Ukraine
For the past decade, this group of FSB hackers—including “traitor” Ukrainian intelligence officers—has used a grinding barrage of intrusion campaigns to make life hell for their former countrymen and ...
www.wired.com
April 14, 2025 at 9:00 PM
We at Wired put together six stories on lesser known hacker groups who have quietly become some of the most harmful in the world.
Case in point: The turncoat Ukrainian spies working for Russia who some analysts say are the top cyberespionage threat to Ukraine today. www.wired.com/story/gamare...
Case in point: The turncoat Ukrainian spies working for Russia who some analysts say are the top cyberespionage threat to Ukraine today. www.wired.com/story/gamare...
Reposted by Mathieu Tartare
In July 2024, #ESETresearch discovered that the China-aligned #FamousSparrow APT group, thought at the time to have been inactive since 2022, compromised the network of a US trade group and a Mexican research institute. www.welivesecurity.com/en/eset-rese... 1/5
You will always remember this as the day you finally caught FamousSparrow
ESET researchers uncover the toolset used by the FamousSparrow APT group, including two undocumented versions of the group’s signature backdoor, SparrowDoor.
www.welivesecurity.com
March 26, 2025 at 3:03 PM
In July 2024, #ESETresearch discovered that the China-aligned #FamousSparrow APT group, thought at the time to have been inactive since 2022, compromised the network of a US trade group and a Mexican research institute. www.welivesecurity.com/en/eset-rese... 1/5
Reposted by Mathieu Tartare
#ESETresearch published its investigation of Operation FishMedley, a global espionage operation by the China-aligned APT group FishMonger. We identified seven victims – including governments, NGOs, and think tanks – across Asia, Europe, and the US.
www.welivesecurity.com/en/eset-rese... 1/3
www.welivesecurity.com/en/eset-rese... 1/3
Operation FishMedley targeting governments, NGOs, and think tanks
ESET Research is publishing its investigation of Operation FishMedley, a global espionage operation by the China-aligned APT group FishMonger.
www.welivesecurity.com
March 20, 2025 at 5:56 PM
#ESETresearch published its investigation of Operation FishMedley, a global espionage operation by the China-aligned APT group FishMonger. We identified seven victims – including governments, NGOs, and think tanks – across Asia, Europe, and the US.
www.welivesecurity.com/en/eset-rese... 1/3
www.welivesecurity.com/en/eset-rese... 1/3
Reposted by Mathieu Tartare
#ESETresearch has uncovered the #MirrorFace Operation AkaiRyū, which extends the group’s usual focus beyond Japan into Europe. The initial lure centered around Expo 2025 in Japan, compromising a Central European diplomatic institute. 1/8
www.welivesecurity.com/en/eset-rese...
www.welivesecurity.com/en/eset-rese...
Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor
ESET researchers uncovered MirrorFace activity that expanded beyond its usual focus on Japan and targeted a Central European diplomatic institute with the ANEL backdoor.
www.welivesecurity.com
March 18, 2025 at 10:03 AM
#ESETresearch has uncovered the #MirrorFace Operation AkaiRyū, which extends the group’s usual focus beyond Japan into Europe. The initial lure centered around Expo 2025 in Japan, compromising a Central European diplomatic institute. 1/8
www.welivesecurity.com/en/eset-rese...
www.welivesecurity.com/en/eset-rese...
Reposted by Mathieu Tartare
If I had a dollar for every single time something is attributed vaguely to “”Mustang Panda”” I could buy a flat in London
February 14, 2025 at 12:39 PM
If I had a dollar for every single time something is attributed vaguely to “”Mustang Panda”” I could buy a flat in London
Reposted by Mathieu Tartare
A lire absolument, pour ceux qui souhaitent comprendre l'ampleur de ce que les #databrokers obtiennent comme info sur les internautes.
#adint #cybercriminalité #sensibilisation
Merci #LeMonde pour cet excellent article.
www.lemonde.fr/pixels/artic...
#adint #cybercriminalité #sensibilisation
Merci #LeMonde pour cet excellent article.
www.lemonde.fr/pixels/artic...
February 12, 2025 at 4:45 PM
A lire absolument, pour ceux qui souhaitent comprendre l'ampleur de ce que les #databrokers obtiennent comme info sur les internautes.
#adint #cybercriminalité #sensibilisation
Merci #LeMonde pour cet excellent article.
www.lemonde.fr/pixels/artic...
#adint #cybercriminalité #sensibilisation
Merci #LeMonde pour cet excellent article.
www.lemonde.fr/pixels/artic...
Reposted by Mathieu Tartare
"ChatGPT and other Large Language Models are not a decision-making technology, they are decision-removing technologies. They generate text, but most powerfully, they generate pretext."
Wonderful insight by @eryk.bsky.social, as usual.
mail.cyberneticforests.com/a-fork-in-th...
Wonderful insight by @eryk.bsky.social, as usual.
mail.cyberneticforests.com/a-fork-in-th...
A Fork in the Road
AI is an excuse that allows those with power to operate at a distance from those whom their power touches.
mail.cyberneticforests.com
February 7, 2025 at 7:04 AM
"ChatGPT and other Large Language Models are not a decision-making technology, they are decision-removing technologies. They generate text, but most powerfully, they generate pretext."
Wonderful insight by @eryk.bsky.social, as usual.
mail.cyberneticforests.com/a-fork-in-th...
Wonderful insight by @eryk.bsky.social, as usual.
mail.cyberneticforests.com/a-fork-in-th...
Reposted by Mathieu Tartare
Intelligence Online links the MOONSHINE framework that we discussed in our Earth Minotaur report (www.trendmicro.com/en_us/resear...) to a Chinese company www.intelligenceonline.com/surveillance... (article is free but needs registration to access it). Happy new year UPSEC ! 😘
China : Chinese firm behind hacking operations against Uyghurs and Tibetans unveiled
Intelligence Online has established a link between a Chinese public security ministry contractor and recent IT hacking operations carried out in China and abroad against the two minorities, reviled
www.intelligenceonline.com
January 29, 2025 at 10:08 AM
Intelligence Online links the MOONSHINE framework that we discussed in our Earth Minotaur report (www.trendmicro.com/en_us/resear...) to a Chinese company www.intelligenceonline.com/surveillance... (article is free but needs registration to access it). Happy new year UPSEC ! 😘
Reposted by Mathieu Tartare
#ESETresearch discovered + named 🇨🇳 China-aligned #APT group #PlushDaemon who did a supply-chain compromise of a 🇰🇷 South Korean #VPN provider, trojanizing its legitimate software installer with a Windows backdoor we named #SlowStepper www.welivesecurity.com/en/eset-rese...
🧵1/6
🧵1/6
January 22, 2025 at 8:50 AM
#ESETresearch discovered + named 🇨🇳 China-aligned #APT group #PlushDaemon who did a supply-chain compromise of a 🇰🇷 South Korean #VPN provider, trojanizing its legitimate software installer with a Windows backdoor we named #SlowStepper www.welivesecurity.com/en/eset-rese...
🧵1/6
🧵1/6
Reposted by Mathieu Tartare
Join #ESETresearch at #JSAC2025!
Facundo Munoz will talk about China-aligned PlushDaemon APT compromising the supply chain of a 🇰🇷 South Korean VPN. In 2024, several users downloaded a trojanized NSIS installer from the official website of a South Korean VPN company. 🧵 1/3
Facundo Munoz will talk about China-aligned PlushDaemon APT compromising the supply chain of a 🇰🇷 South Korean VPN. In 2024, several users downloaded a trojanized NSIS installer from the official website of a South Korean VPN company. 🧵 1/3
January 22, 2025 at 12:54 AM
Join #ESETresearch at #JSAC2025!
Facundo Munoz will talk about China-aligned PlushDaemon APT compromising the supply chain of a 🇰🇷 South Korean VPN. In 2024, several users downloaded a trojanized NSIS installer from the official website of a South Korean VPN company. 🧵 1/3
Facundo Munoz will talk about China-aligned PlushDaemon APT compromising the supply chain of a 🇰🇷 South Korean VPN. In 2024, several users downloaded a trojanized NSIS installer from the official website of a South Korean VPN company. 🧵 1/3