{"id":404,"date":"2023-06-19T15:46:31","date_gmt":"2023-06-19T13:46:31","guid":{"rendered":"https:\/\/bl0g.cedricpernet.net\/?page_id=404"},"modified":"2025-01-24T17:31:03","modified_gmt":"2025-01-24T15:31:03","slug":"elementor-404","status":"publish","type":"page","link":"https:\/\/bl0g.cedricpernet.net\/?page_id=404","title":{"rendered":"Cyberespionage"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

CYBER
ESPIONAGE
(APT)<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

If you can read French, I have written a book about cyberespionage, available on Amazon or in French libraries.
Thanks to my editor, Editions Eyrolles.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

They wrote about it:
Cyber-Securite.fr<\/a>
Cybertactique<\/a>
St\u00e9phane Bortzmeyer<\/a>
M82 Project<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t

\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

This page lists all public cyberespionage (APT) publications I’ve worked on through time.<\/b><\/p>\n

2024<\/h3>\n

Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion
<\/b>(in collab with Jaromir Horejsi)
Full paper<\/a>
Journalists about it: Decipher<\/a> – The Hacker News<\/a> – DarkReading<\/a> – SecurityAffairs<\/a>
<\/p>\n

—<\/p>\n

Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections<\/b>
(in collab with Jaromir Horejsi)
Full paper<\/a>
Journalists about it: – Taipei Times<\/a> – Candid Technologies<\/a> – Security Online<\/a> – IT Daily<\/a><\/p>\n

 <\/h3>\n

2022<\/h3>\n

Delving Deep: An Analysis of Earth Lusca\u2019s Operations<\/b>
Summary<\/a> – Full paper<\/a>
(in collab with Joseph C Chen, Kenney Lu, Gloria Chen, Jaromir Horejsi, Daniel Lunghi)<\/p>\n

2021<\/h3>\n

Void Balaur and the Rise of the Cybermercenary Industry<\/b>
Summary<\/a> – Full paper<\/a>
(in collaboration with Feike Hacquebord)
Journalists about it: Forbes<\/a> – <\/span>Le Monde<\/a> – <\/span>Le Figaro<\/a> – <\/span>20 Minutes<\/a> – <\/span>The Hacker News<\/a> – <\/span>Threat Post<\/a>
TechTarget<\/a> – <\/span>CSO Online<\/a> – <\/span>BleepingComputer<\/a> – <\/span>The Record<\/a> – <\/span>DarkReading<\/a> – <\/span>India Times<\/a><\/p>\n

2020<\/h3>\n

Operation DRBControl – Uncovering a Cyberespionage Campaign Targeting Gambling Companies in Southeast Asia<\/b>
Summary<\/a> – Full paper<\/a>
(in collaboration with Daniel Lunghi, Kenney Lu, and Jamz Yaneza)
Journalists about it: BleepingComputer<\/a> – CyberSecurityHelp<\/a><\/p>\n

2019<\/h3>\n
Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry<\/b>
Summary<\/a> – Full paper<\/a>
(in collaboration with Feike Hacquebord)
Journalists about it: Financial Post<\/a> – CyberSecurity Europe<\/a> – Intelligent CISO<\/a><\/div>\n
 <\/div>\n

—<\/p>\n

Obfuscated APT33 C&Cs Used for Narrow Targeting<\/b>
Full research<\/a>
(in collaboration with Feike Hacquebord & Kenney Lu)
Journalists about it: ZDNet<\/a> – Threat Post<\/a> – DarkReading<\/a> – SecurityWeek<\/a> – TechRadar<\/a> – Binary Defense<\/a> – CyberScoop<\/a> – Infosecurity Magazine<\/a> – CybersecurityHelp<\/a> – GBHackers<\/a><\/p>\n

—<\/p>\n

New SLUB Backdoor Uses GitHub, Communicates via Slack<\/b>
Full research<\/a>
(in collab with Elliot Cao, Jaromir Horejsi, Joseph C Chen, William Gamazo Sanchez)
Journalists about it: ZDNet<\/a> – SecurityWeek<\/a> – BleepingComputer<\/a> – Security Intelligence<\/a> – The Register<\/a> – Le Monde Informatique<\/a> – HackRead<\/a> – TechCentral<\/a><\/p>\n

2017<\/h3>\n

Untangling the Patchwork Cyberespionage Group<\/b>
Summary<\/a> – Full paper<\/a>
(in collaboration with Daniel Lunghi, Jaromir Horejsi)
Journalists about it: SecurityWeek<\/a><\/p>\n

—<\/p>\n

Winnti Abuses GitHub for C&C Communications<\/b>
Full research<\/a>
(in collaboration with CSS Team)
Journalists about it: InfoWorld<\/a><\/p>\n

\n

2015<\/h3>\n

Operation Iron Tiger: Exploring Chinese Cyber-Espionage Attacks on United States Defense Contractors
<\/b>Full paper<\/a>
(in collaboration with Ziv Chang, Kenney Lu, Aaron Luo, Jay Yaneza)
Journalists about it: Forbes<\/a> – SecurityWeek<\/a> – TripWire<\/a> – Infosecurity Magazine<\/a><\/p>\n

—<\/p>\n

The Spy Kittens Are Back: Rocket Kitten 2<\/b>
Full paper<\/a>
(in collaboration with Eyal Sela, ClearSky)
Journalists about it: SecurityWeek<\/a> – SCMagazine<\/a> – The Register<\/a> – DarkReading<\/a> – Softpedia<\/a> – CyberSecurityIntelligence<\/a><\/p>\n<\/div>\n

—<\/p>\n

Operation Woolen Goldfish – When Kittens Go Phishing<\/b>
Summary<\/a> – Full paper<\/a>
(in collaboration with Kenney Lu)
Journalists about it: SecurityWeek<\/a> – CyberDefenseMagazine<\/a> – SpamFighter<\/a> – HelpNetSecurity<\/a><\/p>\n

2014<\/h3>\n

Operation Pitty Tiger \u2013 \u201cThe Eye of the Tiger\u201d<\/b>
Full paper<\/a>
(in collab with Fabien Perigaud, Ronan Mouchoux, David Bizeul)
Journalists about it: HelpNetSecurity<\/a> – SecurityWeek<\/a> – InCyber<\/a> – Zataz<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

CYBERESPIONAGE(APT) If you can read French, I have written a book about cyberespionage, available on Amazon or in French libraries.Thanks to my editor, Editions Eyrolles. They wrote about it:Cyber-Securite.frCybertactiqueSt\u00e9phane BortzmeyerM82 Project This page lists all public cyberespionage (APT) publications I’ve worked on through time. 2024 Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion(in collab with […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"site-sidebar-layout":"no-sidebar","site-content-layout":"page-builder","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"class_list":["post-404","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/bl0g.cedricpernet.net\/index.php?rest_route=\/wp\/v2\/pages\/404","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bl0g.cedricpernet.net\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/bl0g.cedricpernet.net\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/bl0g.cedricpernet.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bl0g.cedricpernet.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=404"}],"version-history":[{"count":0,"href":"https:\/\/bl0g.cedricpernet.net\/index.php?rest_route=\/wp\/v2\/pages\/404\/revisions"}],"wp:attachment":[{"href":"https:\/\/bl0g.cedricpernet.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=404"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}