* [Subscribe](#modal-newsletter) [Dark mode off](#) [Login](#)
* Securelist menu
* [English](#)
* [Russian](https://securelist.ru/)
* [Spanish](https://securelist.lat/)
* [Existing Customers](#)
* [Personal](#)
* [My Kaspersky](https://my.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Renew your product](https://www.kaspersky.com/renewal-center/home?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Update your product](https://www.kaspersky.com/downloads?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Customer support](https://support.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Business](#)
* [KSOS portal](https://ksos.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Kaspersky Business Hub](https://cloud.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Technical Support](https://support.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Knowledge Base](https://www.kaspersky.com/small-to-medium-business-security/resources?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Renew License](https://www.kaspersky.com/renewal-center/vsb?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Home](#)
* [Products](https://www.kaspersky.com/home-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Trials&Update](https://www.kaspersky.com/downloads?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Resource Center](https://www.kaspersky.com/resource-center?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Business](#)
* [Kaspersky Next](https://www.kaspersky.com/next?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Small Business (1-50 employees)](https://www.kaspersky.com/small-business-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Medium Business (51-999 employees)](https://www.kaspersky.com/small-to-medium-business-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Enterprise (1000+ employees)](https://www.kaspersky.com/enterprise-security?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* Securelist
* [Threats](https://securelist.com/threat-categories/)
* [Financial threats](https://securelist.com/threat-category/financial-threats/)
* [Mobile threats](https://securelist.com/threat-category/mobile-threats/)
* [Web threats](https://securelist.com/threat-category/web-threats/)
* [Secure environment (IoT)](https://securelist.com/threat-category/secure-environment/)
* [Vulnerabilities and exploits](https://securelist.com/threat-category/vulnerabilities-and-exploits/)
* [Spam and Phishing](https://securelist.com/threat-category/spam-and-phishing/)
* [Industrial threats](https://securelist.com/threat-category/industrial-threats/)
* [Categories](https://securelist.com/categories/)
* [APT reports](https://securelist.com/category/apt-reports/)
* [Incidents](https://securelist.com/category/incidents/)
* [Research](https://securelist.com/category/research/)
* [Malware reports](https://securelist.com/category/malware-reports/)
* [Spam and phishing reports](https://securelist.com/category/spam-and-phishing-reports/)
* [Publications](https://securelist.com/category/publications/)
* [Kaspersky Security Bulletin](https://securelist.com/category/kaspersky-security-bulletin/)
* [Archive](https://securelist.com/all/)
* [All Tags](https://securelist.com/tags/)
* [APT Logbook](https://apt.securelist.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Webinars](https://securelist.com/webinars/)
* [Statistics](https://statistics.securelist.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Encyclopedia](https://encyclopedia.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Threats descriptions](https://threats.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [KSB 2021](https://securelist.com/ksb-2021/)
* [About Us](#)
* [Company](https://www.kaspersky.com/about/company?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Transparency](https://www.kaspersky.com/transparency?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Corporate News](https://www.kaspersky.com/about/press-releases?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Press Center](https://press.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Careers](https://www.kaspersky.com/about/careers?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Sponsorships](https://www.kaspersky.com/about/sponsorships/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Policy Blog](https://www.kaspersky.com/about/policy-blog?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Contacts](https://www.kaspersky.com/about/contact?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Partners](#)
* [Find a Partner](https://www.kasperskypartners.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
* [Partner Program](https://www.kaspersky.com/partners?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_mobmen_sm-team_______03880766cb97f3a8)
[Content menu Close](#)
[Subscribe](#modal-newsletter)
[](https://securelist.com/head-mare-twelve-collaboration/115887/)
We analyze the activities of the Head Mare hacktivist group, which has been attacking Russian companies jointly with Twelve.
[](https://securelist.com/kaspersky-incident-response-report-2024/115873/)
[](https://securelist.com/new-wave-of-attacks-with-dcrat-backdoor-distributed-by-maas/115850/)
[](https://securelist.com/sidewinder-apt-updates-its-toolset-and-targets-nuclear-sector/115847/)
[](https://securelist.com/backdoors-and-stealers-prey-on-deepseek-and-grok/115801/)
[](https://securelist.com/silentcryptominer-spreads-through-blackmail-on-youtube/115788/)
[](https://securelist.com/mobile-threat-report-2024/115494/)
[](https://securelist.com/soc-files-web-shell-chase/115714/)
##### Threats
* [APT (Targeted attacks)](https://securelist.com/threat-category/apt-targeted-attacks/)
* [Mobile threats](https://securelist.com/threat-category/mobile-threats/)
* [Financial threats](https://securelist.com/threat-category/financial-threats/)
* [Vulnerabilities and exploits](https://securelist.com/threat-category/vulnerabilities-and-exploits/)
[](https://securelist.com/kaspersky-incident-response-report-2024/115873/?icid=gl_securelist_acq_ona_smm__onl_b2b_securelist_ban_sm-team___ir____d618ff41992026a8)
[](https://securelist.com/kaspersky-incident-response-report-2024/115873/?icid=gl_securelist_acq_ona_smm__onl_b2b_securelist_ban_sm-team___ir____d618ff41992026a8)
##### Latest Posts
[](https://securelist.com/vulnerabilities-and-exploits-in-q4-2024/115761/)
[](https://securelist.com/gitvenom-campaign/115694/)
[](https://securelist.com/angry-likho-apt-attacks-with-lumma-stealer/115663/)
[](https://securelist.com/kaspersky-managed-detection-and-response-report-2024/115635/)
##### Webinars
* [Cyberthreat talks](https://securelist.com/webinar-category/cyberthreat-talks/)
* [Threat intelligence and IR](https://securelist.com/webinar-category/threat-intelligence-and-incident-response/)
* [Technologies and services](https://securelist.com/webinar-category/technologies-and-services/)
* [SAS videos](https://securelist.com/webinar-category/sas-videos/)
[](https://securelist.com/webinars/silent-shields-digital-dragons-mdrs-proactive-protection/)
[](https://securelist.com/webinars/from-chaos-to-control-streamlining-detection-engineering-in-security-operation-centers/)
[](https://securelist.com/webinars/%d1%81rimeware-and-financial-cyberthreats-in-2025/)
[](https://securelist.com/webinars/global-it-outages-and-supply-chain-attacks-2024s-lessons-and-tomorrows-cyberthreats/)
Register to Access All Kaspersky Webinars
[All Webinars](https://securelist.com/webinars/)
##### Categories
* [APT reports](https://securelist.com/category/apt-reports/)
* [Archive](https://securelist.com/category/archive/)
* [Crimeware reports](https://securelist.com/category/crimeware-reports/)
* [DDoS reports](https://securelist.com/category/ddos-reports/)
* [Events](https://securelist.com/category/events/)
* [Incidents](https://securelist.com/category/incidents/)
* [Industrial threats](https://securelist.com/category/industrial-threats/)
* [View all categories](https://securelist.com/categories/)
[](https://securelist.com/spam-and-phishing-report-2024/115536/)
We analyze 2024’s key spam and phishing statistics and trends: the hunt for crypto wallets, Hamster Kombat, online promotions via neural networks, fake vacation schedules, and more.
[](https://securelist.com/starydobry-campaign-spreads-xmrig-miner-via-torrents/115509/)
[](https://securelist.com/nigerian-scams-2024/115388/)
[](https://securelist.com/ksb-apt-predictions-2025/114582/)
Kaspersky’s Global Research and Analysis Team monitors over 900 APT (Advanced Persistent Threat) groups and operations. In this piece of KSB series, we review the advanced threat trends from the past year and offer insights into what we can expect in 2025.
[All posts](https://securelist.com/all/)
##### Reports
In this article, we discuss the tools and TTPs used in the SideWinder APT’s attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.
Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.
While investigating an incident involving the BellaCiao .NET malware, Kaspersky researchers discovered a C++ version they dubbed “BellaCPP”.
Lazarus targets employees of a nuclear-related organization with a bunch of malware, such as MISTPEN, LPEClient, RollMid, CookieTime and a new modular backdoor CookiePlus.
[](https://www.brighttalk.com/webcast/15591/638205?icid=gl_securelist_acq_ona_smm__onl_b2b_securelist_ban_sm-team___kata____57a4efba155ffd14)
##### Subscribe to our weekly e-mails
The hottest research right in your inbox
Email(Required)
(Required)
I agree to provide my email address to “AO Kaspersky Lab” to receive information about new posts on the site. I understand that I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above.
Subscribe
Δ
[](https://www.brighttalk.com/webcast/15591/638205?icid=gl_securelist_acq_ona_smm__onl_b2b_securelist_ban_sm-team___kata____57a4efba155ffd14)
[Threats](https://securelist.com/threat-categories/)
Threats
* [APT (Targeted attacks)](https://securelist.com/threat-category/apt-targeted-attacks/)
* [Secure environment (IoT)](https://securelist.com/threat-category/secure-environment/)
* [Mobile threats](https://securelist.com/threat-category/mobile-threats/)
* [Financial threats](https://securelist.com/threat-category/financial-threats/)
* [Spam and phishing](https://securelist.com/threat-category/spam-and-phishing/)
* [Industrial threats](https://securelist.com/threat-category/industrial-threats/)
* [Web threats](https://securelist.com/threat-category/web-threats/)
* [Vulnerabilities and exploits](https://securelist.com/threat-category/vulnerabilities-and-exploits/)
* [All threats](https://securelist.com/threat-categories/)
[Categories](https://securelist.com/categories/)
Categories
* [APT reports](https://securelist.com/category/apt-reports/)
* [Malware descriptions](https://securelist.com/category/malware-descriptions/)
* [Security Bulletin](https://securelist.com/category/kaspersky-security-bulletin/)
* [Malware reports](https://securelist.com/category/malware-reports/)
* [Spam and phishing reports](https://securelist.com/category/spam-and-phishing-reports/)
* [Security technologies](https://securelist.com/category/security-technologies/)
* [Research](https://securelist.com/category/research/)
* [Publications](https://securelist.com/category/publications/)
* [All categories](https://securelist.com/categories/)
Other sections
* [Archive](https://securelist.com/all/)
* [All tags](https://securelist.com/tags/)
* [Webinars](https://securelist.com/webinars/)
* [APT Logbook](https://apt.securelist.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f)
* [Statistics](https://statistics.securelist.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f)
* [Encyclopedia](https://encyclopedia.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f)
* [Threats descriptions](https://threats.kaspersky.com/?icid=gl_seclistheader_acq_ona_smm__onl_b2b_securelist_main-menu_sm-team_______001391deb99c290f)
* [KSB 2024](https://securelist.com/ksb-2024/)
© 2025 AO Kaspersky Lab. All Rights Reserved.
Registered trademarks and service marks are the property of their respective owners.
* [Privacy Policy](https://www.kaspersky.com/web-privacy-policy?icid=gl_seclistfooter_acq_ona_smm__onl_b2b_securelist_footer_sm-team_______11d7a8212d94123d)
* [License Agreement](https://www.kaspersky.com/end-user-license-agreement?icid=gl_seclistfooter_acq_ona_smm__onl_b2b_securelist_footer_sm-team_______11d7a8212d94123d)
* [Cookies](javascript: void\(0\);)
[](#)
##### Subscribe to our weekly e-mails
The hottest research right in your inbox
Email(Required)
(Required)
I agree to provide my email address to “AO Kaspersky Lab” to receive information about new posts on the site. I understand that I can withdraw this consent at any time via e-mail by clicking the “unsubscribe” link that I find at the bottom of any e-mail sent to me for the purposes mentioned above.
Subscribe
Δ
Notifications