Skip to main content
KASPERSKY EXPERTISE CENTERS

Global Research & Analysis Team

Established in 2008, GReAT operates at the heart of Kaspersky, uncovering APTs, cyber-espionage campaigns, major malware, ransomware and underground cyber-criminal activity worldwide. GReAT’s security experts lead the company’s anti-malware research and innovation, bringing deep technical expertise, passion and curiosity to the discovery and analysis of cyberthreats.

Learn more

35+ experts around the globe – in Europe, Latin America, Asia and the Middle East

GReAT: who we are

Rockstar researchers
  • We research the most complex, sophisticated threats and attacks
  • We discover zero-day vulnerabilities and share our findings with vendors for remediation
  • We track the activities of the most dangerous threat actors
Keen investigators
  • We investigate the most complex and impactful incidents worldwide
  • We work closely with law enforcement agencies around the world to make the digital world safer
Ingenious inventors
  • We develop proprietary tools to support Kaspersky’s threat research
  • We have built and maintain infrastructure to track the online assets of malicious actors
Educators and speakers
  • We educate security researchers in our unique methods and help develop training programs
  • We produce indepth, groundbreaking reports on cybercrime
  • We present and share our discoveries with the global IT security community
HEADLINE-GRABBING RESEARCH

Major discoveries and research

Access them all
Operation Triangulation
An APT campaign in which targets are infected via zero-click exploits through the iMessage platform. The malware runs with root privileges, giving attackers complete control over the device and access to user data.
Stuxnet
Widely considered to be the world’s first cyber weapon, Stuxnet was a highly sophisticated computer worm that exploited previously-unknown Windows zero-day vulnerabilities to infect target systems and spread to others. It was primarily designed to sabotage the centrifuges of Iran’s uranium enrichment facilities.
Flame
Flame is a sophisticated cyber-espionage toolkit. It functions as a backdoor and a Trojan, and has worm-like features that allow it to replicate within local networks and on removable media when instructed to do so by its operators.
Carbanak
An APT-style campaign that targeted up to 100 banks, e-payment systems and other financial institutions in around 30 countries, stealing approximately $1bn.
Equation group
One of the most sophisticated APT groups in the world, active for nearly two decades with operations affecting thousands of users across more than 30 countries.
WannaCry
WannaCry is an example of crypto ransomware, a type of malware used to extort money by encrypting valuable files or locking users out of their systems.
OlympicDestroyer
An advanced threat actor that hit the organizers, suppliers and partners of the Winter Olympic Games in Pyeongchang, South Korea, using a destructive network worm. The group is known for its extensive use of false flags to mislead investigators.
Shadow hammer
A sophisticated supply-chain attack in which malware disguised as a legitimate software update was distributed to around one million Windows computers. The malicious code was signed with a valid digital certificate, making it appear trustworthy.
FIGHTING CYBRECRIME

Expert help to support the fight against cybercrime

We participate in joint operations and cybercrime investigations with the global IT security community, international organizations such as INTERPOL and AFRIPOL, law enforcement agencies and CERTs worldwide.

EXPERT-LED CONTENT

Read the latest researches and discoveries from GReAT experts

Operation ForumTroll:
APT attack with a Google Chrome zero-day exploit chain
Operation SyncHole
Lazarus APT goes back to the well
Blockchain and Node.js abused by Tsundere
an emerging botnet
Evolution of the PipeMagic backdoor
from the RansomExx incident to CVE-2025-29824
Old tech, new vulnerabilities
NTLM abuse, ongoing exploitation in 2025
Mysterious Elephant
a growing threat
RevengeHotels:
a new wave of attacks leveraging LLMs and VenomRAT
The HoneyMyte APT
evolves with a kernel-mode rootkit and a ToneShell backdoor
CONTRIBUTIONS

Our research and investigations contribute to Kaspersky’s product and service portfolio

We help our major customers and authorities with incident investigation into the most sophisticated attacks.

We built and maintain a database of APT-related hosts used by multiple products and services. We produce premium reports on APTs and financial cybercrime, and help prepare private, tailored reports for enterprise customers

Kaspersky Expertise Centers

Explore the Kaspersky Expertise Centers

Learn More