Robert Falcone

Robert Falcone

Shamoon 3 Targets Oil and Gas Organization
December 13, 2018
Dear Joohn: The Sofacy Group’s Global Campaign
December 12, 2018
Sofacy Continues Global Attacks and Wheels Out New ‘Cannon’ Trojan
November 20, 2018
Analyzing OilRig’s Ops Tempo from Testing to Weaponization to Delivery
November 16, 2018
OilRig Uses Updated BONDUPDATER to Target Middle Eastern Government
September 12, 2018
OilRig Targets a Middle Eastern Government and Adds Evasion Techniques to OopsIE
September 4, 2018
DarkHydrus Uses Phishery to Harvest Credentials in the Middle East
August 7, 2018
The Gorgon Group: Slithering Between Nation State and Cybercrime
August 2, 2018
New Threat Actor Group DarkHydrus Targets Middle East Government
July 27, 2018
OilRig Targets Technology Service Provider and Government Agency with QUADAGENT
July 25, 2018
Sofacy Group’s Parallel Attacks
June 6, 2018
Sofacy Uses DealersChoice to Target European Government Agency
March 15, 2018
Sofacy Attacks Multiple Government Entities
February 28, 2018
OopsIE! OilRig Uses ThreeDollars to Deliver New Trojan
February 23, 2018
OilRig uses RGDoor IIS Backdoor on Targets in the Middle East
January 25, 2018
OilRig Performs Tests on the TwoFace Webshell
December 11, 2017
OilRig Deploys “ALMA Communicator” – DNS Tunneling Trojan
November 8, 2017
OilRig Group Steps Up Attacks with New Delivery Documents and New Injector Trojan
October 9, 2017
Threat Actors Target Government of Belarus Using CMSTAR Trojan
September 28, 2017
Striking Oil: A Closer Look at Adversary Infrastructure
September 26, 2017
TwoFace Webshell: Persistent Access Point for Lateral Movement
July 31, 2017
OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group
July 27, 2017
Kazuar: Multiplatform Espionage Backdoor with API Access
May 3, 2017
OilRig Actors Provide a Glimpse into Development and Testing Efforts
April 27, 2017
Shamoon 2: Delivering Disttrack
March 27, 2017
Targeted Ransomware Attacks Middle Eastern Government Organizations for Political Purposes
March 8, 2017
Magic Hound Campaign Attacks Saudi Targets
February 15, 2017
XAgentOSX: Sofacy’s XAgent macOS Tool
February 14, 2017
Second Wave of Shamoon 2 Attacks Identified
January 9, 2017
Let It Ride: The Sofacy Group’s DealersChoice Attacks Continue
December 15, 2016
Shamoon 2: Return of the Disttrack Wiper
November 30, 2016
Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy
November 22, 2016
PSA: Conference Invite used as a Lure by Operation Lotus Blossom Actors
October 28, 2016
‘DealersChoice’ is Sofacy’s Flash Player Exploit Platform
October 17, 2016
OilRig Malware Campaign Updates Toolset and Expands Targets
October 4, 2016
Sofacy’s ‘Komplex’ OS X Trojan
September 26, 2016
The Dukes R&D Finds a New Anti-Analysis Technique
September 9, 2016
Aveo Malware Family Targets Japanese Speaking Users
August 16, 2016
Fresh Baked HOMEKit-made Cookles – With a DarkHotel Overlap
August 12, 2016
Attack Delivers ‘9002’ Trojan Through Google Drive
July 26, 2016
Technical Walkthrough: Office Test Persistence Method Used In Recent Sofacy Attacks
July 20, 2016
New Sofacy Attacks Against US Government Agency
June 14, 2016
The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor
May 26, 2016
Don’t Be an April Fool: Inside a Common Phone Scam
April 1, 2016
ProjectM: Link Found Between Pakistani Actor and Operation Transparent Tribe
March 25, 2016
Digital Quartermaster Scenario Demonstrated in Attacks Against the Mongolian Government
March 14, 2016
Emissary Trojan Changelog: Did Operation Lotus Blossom Cause It to Evolve?
February 3, 2016
Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists
January 24, 2016
NetTraveler Spear-Phishing Email Targets Diplomat of Uzbekistan
January 21, 2016
Attack on French Diplomat Linked to Operation Lotus Blossom
December 18, 2015
Attack Campaign on the Government of Thailand Delivers Bookworm Trojan
November 24, 2015
Bookworm Trojan: A Model of Modular Architecture
November 10, 2015
Chinese Actors Use ‘3102’ Malware in Attacks on US Government and EU Media
September 23, 2015
Musical Chairs: Multi-Year Campaign Involving New Variant of Gh0st Malware
September 8, 2015
RTF Exploit Installs Italian RAT: uWarrior
August 24, 2015
Retefe Banking Trojan Targets Sweden, Switzerland and Japan
August 20, 2015
UPS: Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload
July 27, 2015
Tracking MiniDionis: CozyCar’s New Ride Is Related to Seaduke
July 14, 2015
APT Group UPS Targets US Government with Hacking Team Flash Exploit
July 10, 2015
Evilgrab Delivered by Watering Hole Attack on President of Myanmar’s Website
June 11, 2015
Cmstar Downloader: Lurid and Enfal’s New Cousin
May 18, 2015
PlugX Uses Legitimate Samsung Application for DLL Side-Loading
May 1, 2015

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.

© 2018 Palo Alto Networks, Inc. All rights reserved.