Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation Balkan Toolset

An unknown attacker targeted the financial sector in the Balkans region with spear-phishing emails containing links to malicious documents. The campaigns focus was to drop both the BalkanRAT and BalkanDoor onto victims' computers. The operation used various techniques for persistence and to stay under the radar including disabling security tools, obfuscation, code signing, and process injection.
Name Modified Date Sources
Operation Balkan Toolset 2019-12-16