Denis Legezo

Senior security researcher, GreAT

An GCFA-certified specialist working as Senior Security Researcher with Global Research and Analysis Team (GreAT) At Kaspersky since 2014. He specialized on targeted attacks research, reverse engineering and malware analysis. Denis regularly providing trainings for the customers on these matters. He got his degree at cybernetics and applied mathematics facility of Moscow State University in 2002 with diploma topic related to information security. Then he started his career as a programmer in different public and commercial companies. He presented his researches at RSA, HITB, SAS, VirusBulletin, MBLT Dev.

@legezo

Reports

In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations.

While hunting for less common Deathstalker intrusions, we identified a new Janicab variant used in targeting legal entities in the Middle East throughout 2020.

This is our latest summary of advanced persistent threat (APT) activities, focusing on events that we observed during Q3 2022.

In the second part of this report, we discuss improvements made to the LODEINFO backdoor shellcode in 2022.

Denis Legezo

LuckyMouse hits national data center to organize country-level waterholing campaign

Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities

MontysThree: Industrial espionage with steganography and a Russian accent on both sides

WildPressure targets the macOS platform

Research on unsecured Wi-Fi networks across the world

Publications

A new secret stash for “fileless” malware

MoonBounce: the dark side of UEFI firmware

WildPressure targets the macOS platform

MontysThree: Industrial espionage with steganography and a Russian accent on both sides

Microcin is here

WildPressure targets industrial-related entities in the Middle East

Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities

LuckyMouse hits national data center to organize country-level waterholing campaign

FIFA public Wi-Fi guide: which host cities have the most secure networks?

Research on unsecured Wi-Fi networks across the world

InPage zero-day exploit used to attack financial institutions in Asia

How to trick traffic sensors

External Publications

Industrial espionage with steganography and Russian accent on both sides

Payment required: rare HTTP statuses and air-gaps avoidance from the authors of COMPFun

From Authors of COMPFun: HTTP Statuses as C2 Commands and Compromised TLS

Microcin-2020: GitLab programmers ban, async sockets and the sock

Targeted attacks through ISPs

Reports

Ransomware and wiper signed with stolen certificates

DeathStalker targets legal entities with new Janicab variant

APT trends report Q3 2022

APT10: Tracking down LODEINFO 2022, part II

Subscribe to our weekly e-mails