Aleksandar Milenkoski
Threat Research | Threat Intelligence | Adversary Analysis
≡ Menu
≡
Cyberespionage
Cybercrime
Windows Internals
Academia
Talks
Community
Home
> Cyberespionage
This list includes only research designated for public release
ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware
Aleksandar Milenkoski, Julian-Ferdinand Vögele (Recorded Future)
26 June, 2024
Link
ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware (Full Report)
Aleksandar Milenkoski, Julian-Ferdinand Vögele (Recorded Future)
26 June, 2024
Link
Doppelgänger | Russia-Aligned Influence Operation Targets Germany
Aleksandar Milenkoski
22 February, 2024
Link
Unmasking I-Soon | The Leak That Revealed China’s Cyber Operations
Dakota Cary, Aleksandar Milenkoski
21 February, 2024
Link
ScarCruft | Attackers Gather Strategic Intelligence and Target Cybersecurity Professionals
Aleksandar Milenkoski, Tom Hegel
22 January, 2024
Link
Gaza Cybergang | Unified Front Targeting Hamas Opposition
Aleksandar Milenkoski
14 December, 2023
Link
Sandman APT | China-Based Adversaries Embrace Lua
Aleksandar Milenkoski, Bendik Hagen (PwC), Microsoft Threat Intelligence
11 December, 2023
Link
The Israel-Hamas War | Cyber Domain State-Sponsored Activity of Interest
Tom Hegel, Aleksandar Milenkoski
24 October, 2023
Link
Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit
Aleksandar Milenkoski, in collaboration with QGroup
21 September, 2023
Link
Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector
Aleksandar Milenkoski, Tom Hegel
17 August, 2023
Link
Comrades in Arms? | North Korea Compromises Sanctioned Russian Missile Engineering Company
Tom Hegel, Aleksandar Milenkoski
7 August, 2023
Link
Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence
Aleksandar Milenkoski
6 June, 2023
Link
Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit
Aleksandar Milenkoski, Tom Hegel
23 May, 2023
Link
Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign
Tom Hegel, Aleksandar Milenkoski
4 May, 2023
Link
Transparent Tribe (APT36) | Pakistan-Aligned Threat Actor Expands Interest in Indian Education Sector
Aleksandar Milenkoski
13 April, 2023
Link
SmoothOperator | Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack
Juan Andres Guerrero-Saade, Asaf Gilboa, David Acs, James Haughom, Phil Stokes, SentinelLabs
29 March, 2023
Link
Operation Tainted Love | Chinese APTs Target Telcos in New Attacks
Aleksandar Milenkoski, Juan Andres Guerrero-Saade, Joey Chen, in collaboration with QGroup
23 March, 2023
Link
WIP26 Espionage | Threat Actors Abuse Cloud Infrastructure in Targeted Telco Attacks
Aleksandar Milenkoski, Collin Farr, Joey Chen, in collaboration with QGroup
16 February, 2023
Link
DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation
Aleksandar Milenkoski, Joey Chen, Amitai Ben Shushan Ehrlich
24 January, 2023
Link
NoName057(16) – The Pro-Russian Hacktivist Group Targeting NATO
Tom Hegel, Aleksandar Milenkoski
12 January, 2023
Link
The Mystery of Metador | Unpicking Mafalda’s Anti-Analysis Techniques
Aleksandar Milenkoski
1 December, 2022
Link
The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities
Juan Andres Guerrero-Saade, Amitai Ben Shushan Ehrlich, Aleksandar Milenkoski
22 September, 2022
Link
The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities (Full Report)
Amitai Ben Shushan Ehrlich, Aleksandar Milenkoski, Juan Andres Guerrero-Saade
22 September, 2022
Link
The Mystery of Metador | Technical Appendix
Aleksandar Milenkoski, Amitai Ben Shushan Ehrlich
22 September, 2022
PDF