Global Research & Analysis Team
Established in 2008, Global Research & Analysis Team (GReAT) operates at the very heart of Kaspersky, uncovering APTs, cyber-espionage campaigns, major malware, ransomware, and underground cyber-criminal trends across the world. Today GReAT consists of 40+ experts working globally – in Europe, Russia, Americas, Asia, Middle East. Talented security professionals provide company leadership in anti-malware research and innovation, bringing unrivaled expertise, passion and curiosity to the discovery and analysis of cyberthreats.
Costin specializes in analyzing advanced persistent threats and high-level malware attacks. He is leading the Global Research & Analysis Team (GReAT) at Kaspersky that researched the inner workings of Stuxnet, Duqu, Carbanak and more recently, Lazarus, BlueNoroff, Moonlight Maze and the Equation group. Costin’s work includes analyzing malicious websites, exploits and online banking malware.
Costin has over 24 years of experience in anti-virus technologies and security research. He is a member of the Virus Bulletin Technical Advisory Board, a member of the Computer AntiVirus Researchers’ Organization (CARO) and a reporter for the Wildlist Organization International. Before joining Kaspersky, Costin worked for GeCad as Chief Researcher and as a Data Security Expert with the RAV antivirus developers group.
Costin joined Kaspersky Lab in 2000 and became the Director of the Global Research & Analysis Team in 2010.
Some of his hobbies include chess, photography and the Science Fiction literature.
In 2022, Marco was appointed Deputy Director for the company’s Global Research & Analysis Team. Marco got promoted from the position of Director of Europe for the Global Research & Analysis Team at Kaspersky, that he has led since March 2013. Prior to becoming Director of Europe, Marco served as the head of Kaspersky’s Global Research & Analysis Team in Germany and senior security researcher. Marco has been working in the area of networking and IT security since the early 2000s. Having long term experience in his role, he is responsible for monitoring the threat landscape in Europe while specializing in threat intelligence, darknet research, password security, IoT security and privacy. In addition to research-related projects, Marco is a regular speaker at both closed and public events and maintains close contact with security partners.
Marco began his career with Kaspersky back in 2004 as a Technical Consultant, providing expert knowledge on Linux and Unix-based systems. He has also been involved in corporate sales management, before moving on to become the technical contact for the OEM department, supporting customized solutions. Marco worked extensively with the company’s product design and development teams and joined the research team as a Virus Analyst in 2009.
Fabio Assolini joined Kaspersky’s Global Research and Analysis Team (GReAT), which boasts the industry’s top analysts, in July 2009 to primarily focus on one of the most dynamic countries in Latin America: Brazil. Fabio’s responsibilities include the analysis of virus, cyber attacks, banking trojans and other types of malware that originate from Brazil and the rest of the region. He particularly focuses on the research and detection of banking trojans. In November 2012, he was promoted to senior security researcher.
Since 2006, Fabio has been a voluntary member of the security community Linha Defensiva (Defensive Line), a non-government organization. In addition, he is a member of the Alliance of Security Analysis Professionals (ASAP), a network of NGOs, professionals and individuals dedicated to providing security related support to end users. Fabio has more than five years of experience as a malware analyst and possesses a university degree in Computer Science.
Christian Funk has been head of the German Research and Analysis Team at Kaspersky since 2014. He joined the company in 2007 and was appointed as a Virus Analyst for Central Europe one year later.
His areas of expertise include malware trends, mobile threats, IoT technologies, social networking and observing the online gaming black market. His other responsibilities include conducting employee training and compiling IT security statistics. In addition, he is a regular keynote speaker at national and international technology trade shows and IT security events.
Christian Funk studied computer science with a focus on information management at the University of Applied Sciences in Ingolstadt.
Mohamad Amin Hasbini
Mohamad Amin Hasbini
Dr. Mohamad Amin Hasbini joined Kaspersky in 2013 as a Senior Security Researcher in the Global Research and Analysis Team (GReAT). He is now head of the same research center for the META region. Amin is responsible for Kaspersky’s expert positioning, research expansion, and knowledge maturity in four regional offices. He has a PHD in smart cities information security from the Brunel University in London.
Prior to joining Kaspersky, Amin was a senior consultant at Deloitte and Touche Middle East. Before that, he worked as a senior security Engineer at DataConsult in Lebanon.
Dr. Hasbini worked on numerous large-scale defensive infrastructure deployments, industrial and consulting projects for government entities, banks, service providers, oil and gas companies, and others. He has also taught security courses in forensics, malware analysis and ethical hacking.
Amin is specialized in wide-scale cyber-defense and anti-APT tools and techniques. He has written a number of publications on advanced malware operations and smart cities security, presented at more than 100 conferences worldwide and received numerous accolades.
Vitaly has been involved in research at Kaspersky since 2005. In 2008, he was appointed Senior Antivirus Expert, before becoming Director of the EEMEA Research Center in 2009. In 2014 he was seconded to INTERPOL, where for two years he worked in the Digital Crime Center, specializing in malware reverse engineering, digital forensics and cybercrime investigation. Currently Vitaly is based in Singapore and is leading a team of APAC threat researchers focused on targeted attacks investigation. He is the author of Kaspersky’s first open-source project, a remote digital forensics tool called Bitscout, made available on Github.
Vitaly has presented at many international security conferences as well as multiple invite-only security events. He is a trainer in malware analysis, YARA for malware hunters, and remote digital forensics.
Maria started working at Kaspersky in 2008 as a spam analyst before leaving briefly between 2012 and 2014. During her first period working at the company, she had dozens of blog posts published on Securelist, including several articles, about 30 spam reports and regular presentations on different events.
When Maria left in 2012, she joined one of the leading Russian game development teams - Allods Team, working there for over two years. While there, she took part in the creation of a large AAA MMORPG and returned to Kaspersky once the project had been launched.
Following her return in 2014, Maria worked on children's digital security and the Kaspersky Safe Kids product. During this period, there were dozens of articles published on the kids.kaspersky.ru website, and on third-party sites, as well as dozens of speeches made for children, parents, teachers, industry and government representatives and press conferences organized in different cities to raise awareness about digital security. Maria also published a textbook on digital security for Russian schools.
In late 2019, Maria joined the GReAT team as a security expert and part of a team organizing the Kaspersky SAS conference. A year later, Maria was appointed to the position of Head of GReAT Russia.
Igor joined Kaspersky in 2001 as a virus analyst. In 2009 he was appointed to the position of infrastructure group manager, where he led the development of our infrastructure for processing and detection of spam messages in the Anti-Spam division. In 2011 Igor joined the Global Research & Analysis Team at Kaspersky as a malware expert. In 2013 he became the principal security researcher in the team, and now he is a chief security researcher. Igor specializes in investigating malware campaigns and reverse engineering advanced malware.
Igor is a graduate of the Moscow State Institute of Radio Engineering, Electronics and Automation. He holds a master’s in Computing Machines, Complexes, Systems and Networks.
Kurt joined Kaspersky in 2010. He researches and reports on targeted attack activity, complex intrusions, and advanced malware. He focuses on privacy and cryptography technologies.
Kurt contributes to working groups and shares his findings with other members of various online communities. He regularly gives presentations on malware issues at international conferences and offers his thoughts to a variety of journalists and media about current cybersecurity matters.
Prior to joining Kaspersky, Kurt was VP of Behavioral Threat Research at Symantec for PC Tools’ ThreatFire. Originally joining ThreatFire when it was a startup in 2005, Kurt was as their sole researcher and led their research efforts through two successful acquisitions. Before Symantec, Kurt was Chief Threat Officer at Novatix and a Threat Analyst at SonicWALL.
David Emm is Principal Security Researcher at Kaspersky, a provider of security and threat management solutions.
David joined Kaspersky in 2004. He is a member of the company's Global Research & Analysis Team (GReAT) and has worked in the anti-malware industry since 1990 in a variety of roles, including that of Senior Technology Consultant at Dr Solomon's Software, and Systems Engineer and Product Manager at McAfee.
In his current role, David regularly delivers presentations on malware and other IT security threats at exhibitions and events, highlighting what organisations and consumers can do to stay safe online. He also provides comment to broadcast and print media on the ever-changing cyber-security and threat landscape. David has a strong interest in malware, ID theft and the human aspects of security, and is a knowledgeable advisor on all aspects of online security.
Victor Chebyshev graduated from the Moscow Institute of Electronics and Mathematics. During his studies, he became interested in reverse engineering and malware analysis. After graduating, he had several jobs before landing his position as information security specialist. Kaspersky hired Chebyshev as a junior malware researcher and then, in 2015, he was promoted to research development team lead. Today, Chebyshev is a lead security researcher and an experienced specialist. Kaspersky hired Chebyshev as a junior malware researcher and then, in 2015, he was promoted to research development team lead. Today, Chebyshev is a lead security researcher and an experienced specialist with deep knowledge of Android, Linux and Mac OS malware.
Boris Larin is a lead security researcher in the Global Research & Analysis Team (GReAT) at Kaspersky. Boris is very passionate about reverse engineering and has been working on it for the last decade, performing vulnerability research on software for different CPU architectures and systems. In his current role, Boris develops technologies for detection of supply chain attacks and zero-day exploits, and already discovered a few of them. In addition, Boris is the author of educational materials for Kaspersky Academy, and his latest writeups about zero-day exploits and the inner workings of commonly exploited software can be found on Securelist.com.
For seven years, Sergey was a senior security researcher on the Kaspersky Global Research and Analysis Team (GReAT), where he researched and published on financial threats, like Carbanak, Silence and Digital Doppelgangers. He also analyzed many nation-state advanced persistent threat (APT) samples. Based on this experience, Sergey created malware reverse engineering courses that teach the most effective methods for analyzing top malware threats. He’s trained beginner and experienced malware analysts, SOC analysts in various private and government organizations around the world as well as law enforcement officers. His cybersecurity research focuses on topics related to investigating and reverse engineering advanced persistent and financial threats.
Between 2019 and 2021, Sergey worked at JPMorgan Chase as a malware reverse engineer, focusing on APTs. In 2022, he returned to Kaspersky GReAT as a lead security researcher.
Giampaolo Dedola joined Kaspersky in 2017 as a security researcher in the Global Research & Analysis Team (GReAT). He has a passion for malware analysis, reverse engineering and incident response. His research is focused on sophisticate threats, APT, targeted attacks and threat hunting techniques. Now he is a senior security researcher.
Before joining Kaspersky, he worked for Telecom Italia, the main Italian ISP. He held the position of L3 SOC analyst, forensic analyst and principal malware analyst. More specifically, he was part of the Incident Response team and was focused on critical incidents. He worked also as consultant for an Italian military contractor and his activities were related to cyber-warfare. Giampaolo received a cybersecurity degree from the University of Milan.
As a computer-sciences engineer, Pierre walked his first miles on the cybersecurity road pentesting industrial systems, and designing security architectures, applications or operating systems for critical infrastructures.
He then worked for 8 years within French government (ANSSI, MoD), where he notably designed national cybersecurity crisis plans, conducted large-scale incident-response operations on critical infrastructures, managed a threat-intelligence team, and drove international partnerships. Pierre also worked as CISO for a multinational corporation.
Pierre is an organised and creative thinker, who likes tuning all the knobs to get actionable results - from embedded microcontrollers development to strategic partnerships. He joined Kaspersky GReAT in 2020 to get his hands back on threat-intelligence operations.
Dan Demeter is a senior security researcher at Kaspersky’s Global Research & Analysis Team.
Dan graduated from Imperial College London and holds a Master of Engineering in Software Engineering. He joined Kaspersky in 2014 where his work focuses on developing threat intelligence systems, processing big data and creating new technologies to fight advanced persistent threats.
When not meddling around with network cables or bricking routers he can be found playing board games and snowboarding on slopes around the world.
Dmitry Galov is a senior security researcher in the Kaspersky Global Research & Analysis Team (GReAT), responsible for researching non-Windows malware, APTs and IoT-threats. He joined Kaspersky in September 2015 and became part of GReAT in August 2018. Dmitry is currently completing his studies at Lomonosov Moscow State University, taking part in various capture the flag events as a member of the ‘Bushwhackers’ team. Dmitry has always been interested in programming and reverse-engineering and started participating in different international competitions while still at high school. Nowadays, Dmitry is an experienced specialist with a deep knowledge of Android malware. Some of his research, including on non-Windows malware and future connected healthcare, has been published on Securelist.
In 2008, He entered Kaspersky as a researcher of Japan office. He had been in charge of collecting and analyzing threat information such as Malware, Spam and Phishing in cyberspace. Subsequently, he has been joining in Global Research and Analysis Team (GReAT) APAC to research Advanced Persistent Threat (APT) and recent cyber threats in APAC region. Based on results of research, he made presentation in several security conferences such as AVTokyo 2012, HITCON pacific 2016, HITCON pacific 2017, JSAC 2018, FIRST TC Bali 2018 and Internet Week 2018. Now Suguru is a senior security researcher.
Jin Ye (Seth)
Jin Ye (Seth)
For five years from 2012, Seth worked in Kaspersky China as a malware analyst. While there, he was part of the former virus lab in Beijing, where Seth was responsible for detecting malware and conducting in-depth sample analysis for customers. He is experienced with the heuristic engine, BSS, and IDS rules.
Seth then spent three years at another cybersecurity company as Threat Analysis Expert. In this role he focused on DDoS botnet tracking, IOC extraction, and deeply analyzed IoT botnets.
In 2021, Seth rejoined Kaspersky as a senior security researcher in the Global Research and Analysis Team (GReAT). He currently plays an active role in the analysis of APT attacks targeting the Asian region, specifically China.
Ariel Jungheit is a security researcher on the Global Research and Analysis Team at Kaspersky. Based in Germany, Ariel’s interest in cybersecurity stems from his time in national military service, and before joining Kaspersky, he worked for FireEye and iSight as a senior security analyst and an intelligence analyst respectively. At Kaspersky, he`s contributing to GReAT’s mission by helping to investigate the most active and advanced threat actors, targeted attacks, attacker tools and more. Ariel’s professional passions includes reverse engineering malware, uncovering, tracking and analyzing APT campaigns and reporting all about it.
Ivan Kwiatkowski is an OSCP and OSCE-certified penetration tester and malware analyst who has been working as a senior security researcher in the Global Research & Analysis Team at Kaspersky since 2018.
He maintains an open-source dissection tool for Windows executables and his research has been presented during several cybersecurity conferences. As a digital privacy activist, he operates an exit node of the Tor network. Ivan also delivers Kaspersky’s reverse-engineering training in Europe.
Seongsu Park is a passionate researcher on malware, threat intelligence and incident response. He has extensive experience in information security, malware analysis, and the wider threat intelligence industry. He now works in the Kaspersky Global Research & Analysis Team as a senior security researcher and focuses on analyzing and tracking security threats in the APAC region.
Marc Rivero is a senior security researcher within Kaspersky GReAT (Global Research & Analysis Team). With more than 10 years of cybersecurity experience, he currently focuses on malware analysis, reverse engineering, and threat intelligence research. Previously, he carried out his tasks within an anti-fraud team, serving different financial institutions, governments, and CERT / CSIRT teams. He is a regular contributor to the community and a speaker at national and international conferences.
Noushin Shabab is a cybersecurity researcher based in Australia, specializing in reverse engineering and targeted attack investigations.
She joined Kaspersky in 2016 as a senior security researcher in the Global Research & Analysis Team (GReAT). Her research focuses on the investigation of advanced cyber-criminal activities and targeted attacks with a particular focus on local threats in the Asia Pacific region. Prior to joining Kaspersky, Noushin worked as a senior malware analyst and security software developer focusing on rootkit analysis and detection techniques as well as APT attack investigations.
Noushin is very active in the local cybersecurity community in Australia and New Zealand where she regularly presents at various security conferences and events and also delivers technical workshops. She is also a member of the Australian Women in Security Network (AWSN) which aims to connect, support, collaborate and inspire women in the Australian cybersecurity industry. She was the first mentor to provide technical workshops and mentorship in the AWSN cadets program. This initiative aims to bridge the gap between university and industry by bringing together female students from different universities interested in pursuing a career in the information security space.
Saurabh Sharma joined Kaspersky Lab in 2019 as a senior security researcher in the Global Research and Analysis Team (GReAT). He has a passion for malware analysis, reverse engineering and incident response. His researches are focused on sophisticate threats and specifically APT, targeted attacks and threats hunting techniques.
Before joining Kaspersky Lab he worked for Symantec STAR team as Security Researcher. He worked on reverse engineering of complex malware samples, tracking botnets, writing botnet clients, extracting DGA (Domain Generation Algorithms), and ransomware files decryption.
Jornt van der Wiel
Jornt van der Wiel
Jornt works as a local security expert for the BeNeLux region in Kaspersky’s Global Research and Analysis Team (GReAT). During his time at the company, Jornt has managed several different high-profile projects. For instance, he helped the Dutch police with the Coinvault case, that led to the arrest of two malware authors. After this success, Jornt was a driving force behind the NoMoreRansom project. Together with various law enforcement agencies, he identified several servers that held cryptographic keys of ransomware victims. As a result, more than 35,000 people got their files back without paying the criminals and the action prevented millions of dollars going into the pockets of criminals.
Jornt also speaks at national and international conferences, is a regular media commentator and alongside his malware research, offers malware reverse engineering training.
Before joining Kaspersky in 2014, Jornt worked as a researcher/developer for Security Matters. Whilst he was there, he implemented and designed detection modules for Intrusion Detection Systems that operate in an Industrial Control System (ICS) environment. Prior to that, Jornt worked as a security consultant for Digidentity, where he improved existing products by creating new software and cryptographic algorithms. He has also worked as a consultant at the Rijkswaterstaat Security Operations Center (the governmental institution responsible for roads and water management), where he was actively involved in securing ICS environments.
Maher Yamout joined Kaspersky in 2018 as a Senior Security Researcher in the Global Research & Analysis Team (GReAT). Maher is responsible for Kaspersky’s expert positioning in the Middle East, Turkey and Africa, as well as cyber threat research, threat intelligence development, and knowledge support of the regional office in Dubai, UAE.
Prior to joining Kaspersky, Maher was a Specialist Senior Manager at Deloitte & Touche M.E., preceded as Information Security Officer in the Lebanese Government. Maher lead and engaged in many security assessments, digital forensics and incident response activities for a multitude of clients and in several industries across UK, Middle East and the GCC region. The security assessments included but not limited to red teaming, penetration testing, industrial control systems security, mobile and web application security testing, physical security testing, and more. Maher also engaged in responding to many incidents such as phishing, ransomware attacks, cyber-espionage, APTs, POS malware, online banking thefts, fraud, and insider threat.
Maher is specialized in cyber threat intelligence, incident response and targeted attacks mitigation. He holds degrees in computer science and computer & communication, pursuing a Master degree in Intelligence Studies, and possess multiple certificates from GIAC, ISC2 and others.
Abdessabour Arous is a Security Researcher in the Global Research & Analysis Team (GReAT). His primary role is to track and expose Advanced Persistence Threats (APTs) targeting the Middle East, Turkey and Africa. Abdessabour has extensive experience in cybersecurity, with more than 14 years spent in various roles from malware analysis, incident response and digital forensics to cyber-intelligence and counter-intelligence. Abdessabour holds an Engineering Degree in Information Systems with multiple offensive and defensive security certifications.
Leonid joined Kaspersky in 2020 as an intern in the Global Research and Analysis Team (GReAT). Here, he played an active role in the development of internal tools and infrastructure as well as darknet research and assisted in training courses provided by GReAT.
In 2021, Leonid was invited to join GReAT as a junior security researcher. As part of his role, he is engaged in reverse engineering and malware analysis. In addition to this, Leonid has become one of the authors of Crimeware reports and dark web research publications. Based on his successful research he appears as a speaker in Kaspersky videos demonstrating his expertise in Threat Intelligence.
Leonid is currently enrolled in Lomonosov Moscow State University and studies Fundamental Informatics and Information Technology.