BlackBerry Global Threat Intelligence Report — January 2025 Edition
The January 2025 report – covering July through September, 2024 – showcases critical insights on Salt Typhoon's extensive telecommunications breach and in-depth coverage of Lynx, an emerging ransomware group. The report also features exclusive analysis from the Royal Canadian Mounted Police's National Cybercrime Coordination Centre (NC3) on the evolution of ransomware tactics.
Confronting Digital Deception
BlackBerry's Essential White Paper on Deepfakes
Dive into the evolution and challenges of deepfakes. In the paper, you’ll learn:
- How advanced AI algorithms create hyper-realistic multimedia content both to entertain and to deceive.
- The importance of user empowerment to mitigate these threats.
- Valuable insights on safeguarding organizations for leaders navigating the complexities of this technology.
Recent BlackBerry Threat Research and Intelligence Alerts
Suspected Nation-State Adversary Targets Pakistan Navy in Cyber Espionage Campaign
The BlackBerry Threat Research and Intelligence team continuously monitors cyber activities across the globe. In this case, we came across an interesting PDF lure which appeared to be an internal IT communication for the Pakistan Navy. As we pivoted off this artifact and followed its digital footprints, we came across a web of interlinking infrastructure, and artifacts of various filetypes, that appear to have an espionage theme.
LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign
BlackBerry identified a significant evolution in the LightSpy malware campaign, demonstrating enhanced capabilities and data theft mechanisms. The threat actor behind LightSpy, who we believe with a high level of confidence is associated with Chinese cyber-espionage group APT41, has now expanded their toolset to include a modular Windows-based surveillance framework that significantly broadens their espionage capabilities.
RobotDropper Automates the Delivery of Multiple Infostealers
Threat researchers at BlackBerry are tracking a phishing campaign that delivers Trojanized MSI files, that utilize DLL sideloading to execute LegionLoader, a malicious program typically used to distribute multiple infostealers on the victim’s system. Malicious payloads can range from infostealers like Raccoon and Vidar, to backdoors and even cryptocurrency stealers and miners.
Live and On-Demand Webinars
Global Threat Intelligence Report Deep Dive | September 2024 Edition
Explore key findings of the September 2024 Global Threat Intelligence Report with Ismael Valenzuela, BlackBerry Vice President of Threat Research and Intelligence, and Cesar Vargas, BlackBerry Director of Applied Research. They share cyberthreat trends impacting our organizations and mitigation strategies to reduce risk.
Recent Cyberattack Trends
Which types of cyberattacks are most prevalent right now and how do they unfold? This is your opportunity to hear from the CylanceMDR (managed detection and response) Team and the BlackBerry Incident Response Team as they answer these questions. Plus, they share what organizations are doing that put them at greater risk of a successful attack.
Meet the Global Team Representatives
Ismael Valenzuela
Vice President, Threat Research and Intelligence
Cesar Vargas
Director, Applied Researcher
Thom Ables
Director, Threat Research
Geoff O’Rourke
Senior Technical Lead
Natasha Rohner
Principal Threat Research Publisher
Dean Given
Principal Threat Researcher
Eoin Healy
Principal Threat Researcher
Jacob Faires
Principal Threat Researcher
Alexandra Mozil
Senior Threat Researcher
Dmitry Melikov
Threat Researcher II
Pedro Drimel
Threat Researcher, Consultant
Be in the Know.
Sign up to get new threat intelligence updates straight to your inbox.
Sign Up Now