Tag: apt
-
China-linked APT Salt Typhoon breached a ninth U.S. telecommunications firm
by
in SecurityNewsA White House official confirmed that China-linked threat actor Salt Typhoon breached a ninth U.S. telecommunications company. A White House official confirmed confirmed that China-linked APT group Salt Typhoon has breached a ninth U.S. telecoms company as part of a cyberespionage campaign aimed at telco firms worldwide. >>A White House official said Friday the US…
-
Operation DreamJob: Lazarus APT hat es auf die Nuklearindustrie abgesehen
by
in SecurityNewsMitglieder der vermutlich nordkoreanischen Hackergruppe Lazarus APT haben ihre Operation DreamJob mit einer neuen Kampagne fortgesetzt. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/operation-dreamjob-lazarus-apt-hat-es-auf-die-nuklearindustrie-abgesehen-306744.html
-
How are you securing your communications in the wake of the Volt Typhoon revelations?
by
in SecurityNews
Tags: access, advisory, android, apple, apt, attack, authentication, business, china, cisa, cisco, cloud, communications, computer, control, cyber, cybersecurity, detection, email, endpoint, espionage, exploit, firewall, firmware, government, group, Hardware, infrastructure, Internet, Intruder, microsoft, network, phishing, ransomware, risk, service, software, technology, threat, tool, update, vpn, vulnerability, windows, zero-dayThe FBI recently released information that text messages between Apple and Android texting systems were insecure and that attackers could listen in and access those communications, more fallout from the revelation that a Chinese-affiliated threat actor had breached telecommunications companies.The announcement that the group known as Salt Typhoon had compromised networks of major global telecommunications…
-
BellaCPP, Charming Kitten’s BellaCiao variant written in C++
Iran-linked APT group Charming Kitten has been observed using a new variant of the BellaCiao malware dubbed BellaCPP, Kaspersky researchers warn. The Iran-linked APT group Charming Kitten has been observed using a C++ variant of the BellaCiao malware, dubbed BellaCPP. BellaCiao, a .NET-based malware, combines webshell persistence with covert tunneling. The malicious code was first…
-
Lazarus APT targeted employees at an unnamed nuclear-related organization
by
in SecurityNewsNorth Korea-linked Lazarus Group targeted employees of an unnamed nuclear-related organization in January 2024. Kaspersky researchers observed the North Korea-linked Lazarus Group targeting at least two employees associated with the same nuclear-related organization over the course of one month. The experts believe the attacks are part the cyber espionage campaign Operation Dream Job (aka NukeSped),…
-
Earth Koshchei’s Rogue RDP Campaign: A Sophisticated APT Attack Targets Governments and Enterprises
by
in SecurityNewsTrend Micro has unveiled a large-scale rogue remote desktop protocol (RDP) campaign conducted by the threat group Earth Koshchei. Known for their espionage operations, Earth Koshchei leveraged spear-phishing emails and... First seen on securityonline.info Jump to article: securityonline.info/earth-koshcheis-rogue-rdp-campaign-a-sophisticated-apt-attack-targets-governments-and-enterprises/
-
New attacks launched by reemergent The Mask APT
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/new-attacks-launched-by-reemergent-the-mask-apt
-
The Mask APT is back after 10 years of silence
Kaspersky researchers linked a new wave of cyber attacks to the cyber espionage group tracked as The Mask. Kaspersky researchers linked several targeted attacks to a cyber espionage group known as The Mask. The APT group targeted an organization in Latin America in 2019 and 2022. Threat actors accessed an MDaemon email server and used…
-
Neue Angriffskette von TA397 verbreitet Spionage-RATs
by
in SecurityNewsDie Security-Experten von Proofpoint haben einen neuen Angriff der APT-Gruppe TA397 (auch unter dem Namen ‘Bitter” bekannt) näher analysiert. Die untersuchte Attacke richtete sich gegen eine Organisation aus der türkischen Rüstungsbranche und fand im November 2024 statt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/neue-angriffskette-von-ta397-verbreitet-spionage-rats
-
Espionage Campaign Targets Turkish Defense Industry
by
in SecurityNewsAPT Group Uses Sophisticated Attack Chain to Deploy WmRAT and MiyaRAT. A suspected South Asian threat actor targeted a Turkish defense organization, deploying malware via a RAR archive and using alternate data streams to deliver remote access Trojans. The group previously targeted multiple countries including China, India, Pakistan and Bangladesh. First seen on govinfosecurity.com Jump…
-
Espionage Campaign Targets Turkish Defense Industry
by
in SecurityNewsAPT Group Uses Sophisticated Attack Chain to Deploy WmRAT and MiyaRAT. A suspected South Asian threat actor targeted a Turkish defense organization, deploying malware via a RAR archive and using alternate data streams to deliver remote access Trojans. The group previously targeted multiple countries including China, India, Pakistan and Bangladesh. First seen on govinfosecurity.com Jump…
-
Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware
A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT.”The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine…
-
The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal
A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022.”The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007,” Kaspersky researchers Georgy Kucherin and Marc Rivero…
-
PHP backdoor looks to be work of Chinese-linked APT group
by
in SecurityNewsKnown as Glutton, researchers at QiAnXin’s XLab believe Winnti is responsible for the malware. First seen on cyberscoop.com Jump to article: cyberscoop.com/glutton-php-backdoor-winnti-apt-41-china/
-
Russian APT >>Secret Blizzard<< Leverages Cybercriminal Tools in Ukraine Attacks
by
in SecurityNewsA new report from Microsoft Threat Intelligence reveals that the Russian state-sponsored threat actor known as Secret Blizzard (also tracked as Turla, Waterbug, Venomous Bear, Snake, Turla Team, and Turla... First seen on securityonline.info Jump to article: securityonline.info/russian-apt-secret-blizzard-leverages-cybercriminal-tools-in-ukraine-attacks/
-
Careto APT Returns: Decade-Old Threat Resurfaces with New Sophistication
by
in SecurityNewsKaspersky Labs has unveiled research on the return of >>The Mask,
-
Experts discovered the first mobile malware families linked to Russia’s Gamaredon
by
in SecurityNewsThe Russia-linked APT Gamaredon used two new Android spyware tools called BoneSpy and PlainGnome against former Soviet states. Lookout researchers linked the BoneSpy and PlainGnome Android surveillance families to the Russian APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, and ACTINIUM). These are the first known mobile malware families linked to the Russian APT. The cyberespionage group is behind a…
-
APT60 Exploits Legitimate Services in Sophisticated Malware Attack Targeting Japanese Organizations
In August 2024, JPCERT/CC confirmed a targeted attack against a Japanese organization, believed to be the work of the threat group APT-C-60. This advanced campaign utilized legitimate services like Google... First seen on securityonline.info Jump to article: securityonline.info/apt-c-60-exploits-legitimate-services-in-sophisticated-malware-attack-targeting-japanese-organizations/
-
Gamaredon APT Deploys Two Russian Android Spyware Families: BoneSpy and PlainGnome
Researchers at the Lookout Threat Lab have uncovered two sophisticated Android spyware families, BoneSpy and PlainGnome, attributed to the Russian-aligned Advanced Persistent Threat (APT) group Gamaredon. Also known as Primitive... First seen on securityonline.info Jump to article: securityonline.info/gamaredon-apt-deploys-two-russian-android-spyware-families-bonespy-and-plaingnome/
-
Holding Back Salt Typhoon + Other Chinese APT CVEs
by
in SecurityNewsOver the past several years, US Federal Agencies and private sector companies have observed China-based threat actors targeting network and telecommunication critical infrastructure. A wave of recent reports have disclosed that these attacks have succeeded in compromising government and industry targets to a far greater extent than previously thought. As a result, CISA has issued……
-
Security researchers find deep flaws in CVSS vulnerability scoring system
by
in SecurityNewsThe industrywide method for assessing the severity of vulnerabilities in software and hardware needs to be revised because it provides potential misleading severity assessment, delegates at Black Hat Europe were told Thursday.The Common Vulnerability Scoring System (CVSS) makes use of various metrics to quantify vulnerability severity. A presentation at Black Hat by cybersecurity experts from…
-
Die wichtigsten Cybersecurity-Prognosen für 2025
by
in SecurityNews
Tags: access, ai, apple, apt, cloud, cyberattack, cybercrime, cybersecurity, cyersecurity, data, deep-fake, governance, incident response, jobs, kritis, malware, military, mobile, nis-2, ransomware, service, software, stuxnet, supply-chain -
Russia’s Secret Blizzard APT targets Ukraine with Kazuar backdoor
Russia-linked APT group Secret Blizzard is using Amadey Malware-as-a-Service to infect systems in Ukraine with the Kazuar backdoor. The Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) was spotted using the Amadey malware to deploy the KazuarV2 backdoor on devices in Ukraine. The experts observed threat actors using the Amadey bot malware between March and April 2024. Microsoft highlights…
-
Operation Digital Eye: Chinese APT Exploits Visual Studio Code Tunnels in High-Stakes Espionage Campaign
by
in SecurityNewsIn a sophisticated cyberespionage campaign dubbed Operation Digital Eye, SentinelOne and Tinexta Cyber uncovered activities linked to a Chinese Advanced Persistent Threat (APT) group targeting large business-to-business IT service providers... First seen on securityonline.info Jump to article: securityonline.info/operation-digital-eye-chinese-apt-exploits-visual-studio-code-tunnels-in-high-stakes-espionage-campaign/
-
Chinese APT Groups Targets European IT Companies
by
in SecurityNewsEvidence Mounts for Chinese Hacking ‘Quartermaster’. A probable Chinese nation-state threat actor compromised Visual Studio Code and Microsoft Azure cloud infrastructure to target Western technology firms for espionage, security firms Tinexta Cyber and SentinelLabs said. The companies call the campaign Operation Digital Eye. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-apt-groups-targets-european-companies-a-27030
-
North Korean APT blamed for Radiant Capital crypto heist
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/north-korean-apt-blamed-for-radiant-capital-crypto-heist
-
Patchwork APT Targets Chinese Scientific Research in Renewed Campaign
by
in SecurityNewsA new wave of cyberattacks targeting Chinese scientific organizations has been identified by cybersecurity researchers at Hunting Shadow Lab. The campaign, attributed to the Patchwork APT group (also known as... First seen on securityonline.info Jump to article: securityonline.info/patchwork-apt-targets-chinese-scientific-research-in-renewed-campaign/