Investigating state-sponsored espionage and counterterrorism is one thing. Writing public reports about these activities is another.

Mike Mimoso talks to Kaspersky Lab Global Research and Analysis Team researchers Juan Andres Guerrero-Saade and Brian Bartholomew about a paper released at Virus Bulletin on deception tactics and false flags flown by APT groups to frustrate analysis.

A high-stakes game of attribution started by a group claiming to have a cache of exploits belonging to the Equation Group took a somewhat definitive turn Tuesday afternoon. Researchers at Kaspersky Lab yesterday confirmed a connection between the tools currently up for auction by the ShadowBrokers and Equation Group exploits and malware that researchers at...

Stealing data from air-gapped computers is one of the great exercises in computer security: advanced attackers covet what’s stored on these isolated machines, while researchers try to figure out the novel ways adversaries could jump those gaps. The latest effort doesn’t involve USBs, heat, acoustical mesh networks, or decoding radio signals. Instead, researchers from Ben-Gurion...

A state-sponsored APT platform on par with Equation, Flame and Duqu has been used since 2011 to spy on government agencies and other critical industries. Known as ProjectSauron, or Strider, the platform has all the earmarks of advanced attackers who covet stealth, and rely on a mix of zero-day exploits and refined coding to exfiltrate...

Amid the connections being made between the Russian government and the attack on the Democratic National Committee (DNC), researchers on Tuesday reminded us of the challenges security experts have in correctly attributing advanced attacks. In a wide-ranging Reddit AMA, members of Kaspersky Lab’s Global Research and Analysis Team shared some insight into their day-to-day investigations...

A scathing congressional report points the finger at hackers sponsored by the Chinese government for their role in a series of hacks against the U.S. Federal Deposit Insurance Corp. (FDIC). The report also alleges the agency covered up the hacks in order to guarantee the appointment of current chairman Martin J. Gruenberg. The report from...

A malware dropper with designs on specific targets was found in a private underground forum and is likely the predecessor to the Furtim malware that was uncovered in May. Researchers at SentinelOne today published a report that says the dropper sample they investigated, which they’re calling SFG, was built to target at least one unnamed...

Adobe on Thursday patched a zero-day vulnerability in Flash Player that has been used in targeted attacks carried out by a new APT group operating primarily against high-profile victims in Russia and Asia. Researchers at Kaspersky Lab privately disclosed the flaw to Adobe after exploits against the zero-day were used in March by the ScarCruft APT gang...

Adobe today said it will patch Flash Player this week, addressing a vulnerability being exploited in “limited, targeted attacks.” The flaw, CVE-2016-4171, exists in versions of Flash prior to, and including, 21.0.0.242 on Windows, Macintosh, Linux and ChromeOS platforms. “Successful exploitation could cause a crash and potentially allow an attacker to take control of the...