Pierre Delcher

Senior Security Researcher at Kaspersky`s GReAT

As a computer-sciences engineer, Pierre walked his first miles on the cybersecurity road pentesting industrial systems and designing security architectures, applications and operating systems for critical infrastructures. He then worked for eight years within French government (ANSSI, MoD), where he notably designed national cybersecurity crisis plans, conducted large-scale incident-response operations on critical infrastructures, managed a threat-intelligence team, and drove international partnerships. Pierre also worked as CISO for a multinational corporation. Pierre is an organized and creative thinker, who likes tuning all the knobs to get actionable results – from embedded microcontrollers development to policies. He joined Kaspersky GReAT in 2020 to get his hands back on threat-intelligence operations.

@securechicken

Pierre Delcher

Reports

While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. We created offline backups of the devices, inspected them and discovered traces of compromise.

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

Kaspersky analysis of the CloudWizard APT framework used in a campaign in the region of the Russo-Ukrainian conflict.

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Pierre Delcher

What did DeathStalker hide between two ferns?

The SessionManager IIS backdoor

Researchers call for a determined path to cybersecurity

Tomiris called, they want their Turla malware back

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

Publications

Tomiris called, they want their Turla malware back

Indicators of compromise (IOCs): how we collect and use them

VileRAT: DeathStalker’s continuous strike at foreign and cryptocurrency exchanges

The SessionManager IIS backdoor

Owowa: the add-on that turns your OWA into a credential stealer and remote access panel

DarkHalo after SolarWinds: the Tomiris connection

The leap of a Cycldek-related threat actor

Researchers call for a determined path to cybersecurity

What did DeathStalker hide between two ferns?

IAmTheKing and the SlothfulMedia malware family

Lifting the veil on DeathStalker, a mercenary triumvirate

Lazarus on the hunt for big game

External Publications

GReAT Ideas. Powered by Croissant. Baguette edition.

Multi-stakeholder Community Talks on Cyber Diplomacy

GReAT Ideas. Powered by SAS: threat hunting and new techniques

GReAT Ideas. Powered by SAS: threat actors advance on new fronts

Reports

Operation Triangulation: iOS devices targeted with previously unknown malware

Meet the GoldenJackal APT group. Don’t expect any howls

CloudWizard APT: the bad magic story goes on

APT trends report Q1 2023

Subscribe to our weekly e-mails