BlackBerry Cybersecurity Research

Additional Info

CompanyBlackBerry Limited
Company size (employees)1,000 to 4,999
Headquarters RegionNorth America
Type of solutionService


BlackBerry’s Threat Research and Intelligence Team is comprised of data scientists, engineers, threat researchers, and intelligence analysts dedicated to cutting edge research focused both internally on our own products and externally on the evolving threat landscape.

BlackBerry’s external-facing research reports cover a wide range of topics, from the latest ransomware to new developments in targeted, state-sponsored APT activity, to the company’s now quarterly Threat Report. These publications demonstrate BlackBerry’s unique understanding of the threat environment and the security problems its products and services address. Our team directly supports new and existing clients in identifying and hunting down threats, leveraging our EPP, EDOR and managed service offerings.

BlackBerry also recently announced a new CTI offering, a professional threat intelligence service to help customers prevent, detect, and effectively respond to cyberattacks. Delivered on a quarterly subscription basis, BlackBerry’s new CTI service provides actionable intelligence on targeted attacks and cybercrime-motivated threat actors and campaigns, as well as intelligence reports specific to industries, regions, and countries.

BlackBerry’s CTI team regularly collaborates and shares actionable threat intelligence with law enforcement and government agencies worldwide, and in a timely fashion, with the aim of protecting citizens and critical infrastructure from major attacks. BlackBerry research contributed to a Cybersecurity Alert (CSA) issued by the FBI and CISA in December 2022 to disseminate known Cuba Ransomware Group indicators of compromise and TTPs identified through FBI investigations.

BlackBerry researchers also engage with and give back to the wider security community through participation in information sharing groups, commentary in the press, the release of open-source tools, and invited briefings at key industry events, including Black Hat, RSA, and SANS Summits.

How we are different

• First-to-market research: BlackBerry’s Threat Research and Intelligence Team has released numerous first-to-market research reports over the past year leveraging BlackBerry’s data-driven digital ecosystem and analytical capabilities. These research reports have revealed new developments in the ransomware and malware space, and targeted, state-sponsored APT activity, including Symbiote, DCRat, Chaos Yashma ransomware and LokiLocker, all of which have been well-received by BlackBerry customers and the broader security community.

• Unique analysis in quarterly Threat Report: BlackBerry is uniquely positioned to uncover threats that affect industries that aren’t often discussed in other reports. BlackBerry’s latest Threat Report, now released on a quarterly basis, includes analysis of GuLoader and the BlackCat ransomware group, that targets small-to-medium sized enterprises, largely in the manufacturing sector, and threaten victims to ‘leak’ compromised data to further extort their ransom. In the report, BlackBerry also explores the pernicious threats targeting macOS, malicious codes that are sometimes even explicitly downloaded by users. BlackBerry researchers noted that 34 percent of client organizations using macOS had Dock2Master on their network, which collects user data from its own ads.

• Putting research into practice: In 2022, BlackBerry released Finding Beacons in the Dark: A Guide to Cyber Threat Intelligence, the most comprehensive collection of cyber threat intelligence (CTI) focused on Cobalt Strike team servers. The e-book educates organizations on what they can do to proactively protect their devices and networks from the growing threat of Cobalt Strike beacons and team servers by outlining key CTI concepts and how to build an effective CTI program. Highlights include tips for building detailed profiles of threat actors, broadening knowledge of existing threat groups, tackling ongoing and new threat actor campaigns, providing intelligence for SOC analysis and incident responders, fine-tuning security and IDS/IPS solutions, and ascertaining campaign timelines for future attacks and incident response engagements.