LevelBlue Blog

We in cybersecurity just love new, buzzy acronyms. The latest is “XDR,” otherwise known as extended detection and response. No doubt, you’ve already read an article, watched a webinar, or listened to a podcast on XDR. Jon Olstik and Dave Gruber of cybersecurity research firm, ESG, wrote several articles in the summer of 2020 in which they… Read more →

Executive summary LevelBlue Labs™ has observed new activity that has been attributed to the Lazarus adversary group potentially targeting engineering job candidates and/or employees in classified engineering roles within the U.S. and Europe. This assessment is based on malicious documents believed to have been delivered by Lazarus during the last few months (spring 2021). However, historical analysis shows… Read more →

Executive summary LevelBlue Labs recently analyzed the Linux version of the Darkside ransomware, one of the most active ransomware in the last quarter. Shortly after hitting Colonial Pipeline, Darkside developers announced they would be closing operations. Key Points: Unlike common Linux ransomwares which mostly zip files with a password, Darkside encrypts files using crypto libraries. This likely makes recovery impossible… Read more →

Introduction If you work in security anywhere, you do a lot searching, analyzing, and alerting.  It’s the underpinning for almost any keyword you can use to describe the actions we take when working.  The minute any equation I’m working on comes down to “finding” or “analyzing”, I know what to… Read more →