Archive of publicly available threat/cybercrime INTel reports (mostly APT Reports but not limited to). Useful as a reference when you emulate threat actors on a daily basis. Please create an issue if I'm missing a relevant Report.
Note: If you are looking for every type of publicly available documents and notes related to APTs have a look at APTnotes and aptnotes. Unfortunately the way they store and sort their data doesn't work for me anymore.
Title | Month | Source |
---|---|---|
DRAGONFISH delivers new form of Elise malware | Jan | Accenture |
Diplomats in Eastern Europe bitten by a Turla mosquito | Jan | ESET |
Iran's Cyber Threat: Espionage Sabotage and Revenge | Jan | Carnegie Endowment |
Turla group update Neuron malware | Jan | NCSC |
Dark Caracal: Cyber-espionage at a Global Scale | Jan | Lookout & EFF |
International Security and Estonia | Feb | Estonian Foreign Intelligence Service |
APT37 Reaper: The Overlooked North Korean Actor | Feb | FireEye |
BAD TRAFFIC Sandvines PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads | Mar | The Citizen Lab |
The Slingshot APT | Mar | Kaspersky |
Industrial Control System Threats | Mar | Dragos |
Territorial Dispute - NSA's perspective on APT landscape | Mar | CrySyS Lab |
Targeted Attacks on South Korean Organizations | Mar | AhnLab |
GravityRAT | Apr | Talos |
Mtrends 2018 | May | FireEye |
Title | Month | Source |
---|---|---|
W32.Stuxnet Dossier | Feb | Symantec |
Global Energy Cyberattacks: Night Dragon | Feb | McAfee |
Stuxnet Under the Microscope | Apr | ESET |
Advanced Persistent Threats: A Decade in Review | Jun | Command Five Pty Ltd |
The Lurid Downloader | Aug | Trend Micro |
Revealed: Operation Shady Rat | Aug | McAfee |
Enter the Cyber-dragon | Sep | Vanity Fair |
SK Hack by an Advanced Persistent Threat | Sep | Command Five Pty Ltd |
Alleged APT Intrusion Set: "1.php" Group | Oct | Zscaler |
The Nitro Attacks: Stealing Secrets From The Chemical Industry | Oct | Symantec |
Title | Month | Source |
---|---|---|
The Command Structure Of The Aurora Botnet | Jan | Damballa |
Operation Aurora: Detect, Diagnose, Respond | Jan | HBGary |
Operation Aurora | Feb | HBGary |
Combating Aurora | Jan | McAfee |
In-Depth Analysis Of Hydraq: The Face Of Cyberwar Enemies Unfolds | Mar | CA |
Shadows In The Cloud: Investigating Cyber Espionage 2.0 | Apr | Shadowserver |
The Msupdater Trojan And Ongoing Targeted Attacks | Sep | Zscaler |
Title | Month | Source |
---|---|---|
Tracking GhostNet: Investigating a Cyber Espionage Network | Mar | TheSecDevGroup |
DECLAWING THE DRAGON: WHY THE U.S. MUST COUNTER CHINESE CYBER-WARRIORS | Jun | NA |
Capability of the People\92s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation | Oct | Northrop Grumman |
Russian Cyberwar on Georgia | Nov | georgiaupdate.gov.ge |