Leonid Bezvershenko

Today we share details about Operation Triangulation, a campaign targeting iOS devices of Kaspersky employees. It was an unprecedented investigation, and we've done a lot to study this campaign with great scrutiny. Report and IoCs here: securelist.com/operation-tria…. @kucher1n @2igosha

New blog post! Writeup for my SASCTF'25 Finals A/D challenge: BPF-style symbolic verification of bare-metal RISC-V using Triton, a custom QEMU machine, and 5 bugs hidden across the stack. From verifier bypasses to a full QEMU escape 🔑 (link in comments)

The CPU-Z and HWMonitor incident is the sloppiest supply chain attack I've EVER seen. The payloads have been copy-pasted from a previous attack, with C2 server reuse. The final implant, STX RAT, wasn't even cleaned from detections with PUBLICLY available Yara rules!🤦[1/4]

It turned out there are many more payloads used in the Notepad++ attack! To stay undetected, its masterminds were COMPLETELY changing execution chains about every month. Here are more IPs used in the attack: 45.76.155[.]202 45.32.144[.]255 Read below for many other IoCs! [1/8]

Announcing the #TheSAS2025 #CTF winners! Congratulations to @C4TBuTS4D for taking the absolute win in the A/D and first-blooding 2 of the 4 services, including the trickiest one. Kudos to SKSD and dtl for their well-deserved 2nd and 3rd places. Every team received a check with a different sum written on it, but we feel the share of the crowd’s love was equal for every winner.

After 24 hours without sleep and an insane amount of caffeine, we were able to win the MENA region league in Kaspersky CTF. And by that, our team secured a spot in SAS 2025 CTF final in Khao Lak, Thailand, on October 25-28. See you in Thailand （づ￣3￣）づ╭❤️～

🚀 If you plan to join @kaspersky #CTF and want advice from a seasoned player, check out the webinar recording from yesterday! @bzvr_, one of the CTF organizers, shares the basics and practical examples to help you win in Kaspersky{CTF}. 🌴 Winners of the five regional competitions will receive a complimentary #TheSAS2025 invitation to the CTF finals! The webinar recording is available without registration: lp.kaspersky.com/ctf/

We're excited to announce our upcoming Capture The Flag (CTF) competition designed for corporate cybersecurity teams and academic institutions. Join us on August 30 for a 24-hour online challenge that will test your team’s skills in real-world threat scenarios. Form your squad. Represent your company. Register now: kas.pr/m8qi

A few weeks ago, I was responding to a cybersecurity incident - $500,000 have been stolen from a #blockchain developer. The infected operating system was freshly installed, and the victim was vigilant about cybersecurity. How could this happen? New supply chain attack? [1/6]

We have released four selected writeups for SAS CTF Quals. Check them out at sekai.team/tags/sasctf-20… !

The hardcoded attacker-controlled cryptocurrency wallet addresses are: addresses = { "btc": "bc1qxpz2e8taktzesd0sd53lzmj87m5nkvu3fp82rk", "eth": "0x1842082Ff98E91495BDE6C6F9162F17AB9A9d3Cd", "ltc": "LVCC3oZgciRWWBENTvwXPPgsw2KKpmVR7x", "trx": "TUBGZiWupRrbAJ61Yhwh2LVHUf5x4nresE", "bch": "", "xmr": "", "xrp": "rfcHfi5xqD64Z5PwwLnm9Lh3aafWMz6K9g", "zcash": "t1JCPe5jCsn9aYSnSuvd7GXNKLK5PkHj3R3", "doge": "DEzLhvQQZm3qhwJvEpXRB7mnrNDYFJmNmT", "sol": "BCxiZdQiAddhZWnSt7hzYZhftbNcF9aV33ZyXCGfk6bj" }

The malicious payloads are downloaded from 196.251.81[.]229 (2.txt, clippa.txt, and svchost.bat). clippa.txt is a clipper that uses the Pyperclip library to replace clipboard content with attacker-controlled addresses from its config.

🚨We just discovered 3 malicious Python packages uploaded to PyPI today that are typosquatting the popular crypto library fernet. The payload chain drops several files including a clipper that swaps BTC, ETH, SOL & many other wallet addresses. Details and IOCs in the thread 👇

Thrilled to announce we got 2nd place 🥈 with @ProjectSEKAIctf as P1G SEKAI last weekend and made it to the SAS CTF 2025 final! 🚀 Big shoutout to @TheSAScon for the amazing organization and innovative challenges 🧩 Can't wait to see everyone in Thailand! 🇹🇭🔥

We qualified for the SAS CTF finals by @TheSAScon once again this year🥳!! Looking forward to seeing everyone else in Thailand for the finals

Secured 2nd place at SAS CTF Quals with @r3kapig this weekend🎉Thanks to @TheSAScon for organizing the event and look forward to the finals in Thailand!

🚨 Less than 10 days until the SAS CTF 2025 Quals kick off! 🚨 Register your team now and claim the spot in the top 8 to compete for a share of the $18,000 prize pot at the on-site finals at the SAS conference in Thailand. Register: ctf.thesascon.com

🔐 Ready to test your skills? The SAS CTF 2025 qualifiers are open! Compete for a share of $18,000 and a spot at the Security Analyst Summit in Thailand. 🌏💻 ⏳ Online qualifiers: May 17 🏆 Finals: Oct 26–29 @ SAS 2025 Last year: 800+ teams battled—only 8 advanced. Will you make the cut? 🔗 Register now: kas.pr/8qiz #Cybersecurity #Hacking #Kaspersky

I'm really happy to announce that we've just opened registration for the SAS CTF 2025 qualifying round!⛳️ This year's top 8 teams will qualify for the onsite finals to compete for a share of the $18.000 prize pool at the Security Analyst Summit conference in Khao Lak, Thailand on 25-28 October 2025. Secure your spot: ctf.thesascon.com/register #TheSAS2025