Senior Security Researcher, Global Research & Analysis Team, ANZ
Noushin Shabab is a cybersecurity researcher based in Australia, specializing in reverse engineering and targeted attack investigations. She joined Kaspersky in 2016 as a senior security researcher in the Global Research & Analysis Team (GReAT). Her research focuses on the investigation of advanced cyber-criminal activities and targeted attacks with a particular focus on local threats in the Asia Pacific region. Prior to joining Kaspersky, Noushin worked as a senior malware analyst and security software developer focusing on rootkit analysis and detection techniques as well as APT attack investigations. Noushin is very active in the local cybersecurity community in Australia and New Zealand where she regularly presents at various security conferences and events and also delivers technical workshops. She is also a member of the Australian Women in Security Network (AWSN) which aims to connect, support, collaborate and inspire women in the Australian cybersecurity industry. She was the first mentor to provide technical workshops and mentorship in the AWSN cadets program. This initiative aims to bridge the gap between university and industry by bringing together female students from different universities interested in pursuing a career in the information security space.Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor.
The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.
We continue to report on the APT group ToddyCat. This time, we’ll talk about traffic tunneling, constant access to a target infrastructure and data extraction from hosts.
New unattributed DuneQuixote campaign targeting entities in the Middle East employs droppers disguised as Total Commander installer and CR4T backdoor in C and Go.