Tag: apt
-
North Korean APT Exploited IE Zero-Day in Supply Chain Attack
A Pyongyang-aligned APT was caught exploiting a recent zero-day in Internet Explorer in a supply chain attack. The post North Korean APT Exploited IE Zero-Day in Supply Chain Attack appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/north-korean-apt-exploited-ie-zero-day-in-supply-chain-attack/
-
SideWinder APT: A Decade of Evolution and Global Expansion
The SideWinder Advanced Persistent Threat (APT) group, also known as T-APT-04 or RattleSnake, has been a relentless actor in the global cyber espionage landscape since its emergence in 2012. Though... First seen on securityonline.info Jump to article: securityonline.info/sidewinder-apt-a-decade-of-evolution-and-global-expansion/
-
High-severity Windows vulnerability leveraged in new OilRig APT attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/high-severity-windows-vulnerability-leveraged-in-new-oilrig-apt-attacks
-
Iranian Cyberspies Exploiting Recent Windows Kernel Vulnerability
The Iran-linked APT OilRig has intensified cyber operations against the United Arab Emirates and the broader Gulf region. The post Iranian Cyberspies Exploiting Recent Windows Kernel Vulnerability appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/iranian-cyberspies-exploiting-recent-windows-kernel-vulnerability/
-
Awaken Likho APT leverages new tools in recent attacks against Russia
First seen on scworld.com Jump to article: www.scworld.com/brief/awaken-likho-apt-leverages-new-tools-in-recent-attacks-against-russia
-
Awaken Likho APT group targets Russian government with a new implant
A threat actor tracked as Awaken Likho is targeting Russian government agencies and industrial entities, reported cybersecurity firm Kaspersky. A recent investigation by Kaspersky researchers into the APT group Awaken Likho (aka Core Werewolf and PseudoGamaredon) uncovered a new campaign from June to August 2024, showing a shift from UltraVNC to the MeshCentral platform for…
-
GoldenJackal APT group breaches air-gapped systems in Europe
ESET researchers have discovered a series of attacks that took place in Europe from May 2022 to March 2024, where the attackers used a toolset capable of targeting air-gapped … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/09/goldenjackal-air-gapped-systems-compromise/
-
New Campaign by Awaken Likho APT Group: Changes in Software and Techniques
Kaspersky researchers have discovered a new campaign by the Awaken Likho APT group, also known as Core Werewolf, which has been active since at least July 2021. The group is... First seen on securityonline.info Jump to article: securityonline.info/new-campaign-by-awaken-likho-apt-group-changes-in-software-and-techniques/
-
European govt air-gapped systems breached using custom malware
An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/european-govt-air-gapped-systems-breached-using-custom-malware/
-
Likho Hackers Using MeshCentral For Remotely Managing Victim Systems
The Awaken Likho APT group launched a new campaign in June of 2024 with the intention of targeting Russian government agencies and businesses by targeting them. The group has abandoned its previous use of the UltraVNC module for remote access and adopted the MeshCentral agent instead, which highlights its adaptability and continuous efforts to evade…
-
North Korean APT Group Kimsuky Exploits DMARC Misconfigurations for Sophisticated Phishing Attacks
Email security has long been a critical pillar in defending organizations against cyberattacks, but recent reports reveal that even widely trusted protections like Domain-based Message Authentication, Reporting & Conformance (DMARC)... First seen on securityonline.info Jump to article: securityonline.info/north-korean-apt-group-kimsuky-exploits-dmarc-misconfigurations-for-sophisticated-phishing-attacks/
-
Salt Typhoon APT Subverts Law Enforcement Wiretapping: Report
The Chinese state-sponsored cyberattack threat managed to infiltrate the lawful intercept network connections that police use in criminal investigations. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/salt-typhoon-apt-subverts-law-enforcement-wiretapping
-
China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems
China-linked APT group Salt Typhoon breached U.S. broadband providers, potentially accessing systems for lawful wiretapping and other data. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor) breached U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data. According to the Wall Street Journal, which reported the news…
-
Microsoft, DOJ Dismantle Russian Hacker Group Star Blizzard
The successful disruption of notorious Russian hacker group Star Blizzard’s operations arrives one month out from the US presidential election, one of the APT’s prime targets. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/microsoft-doj-dismantle-russian-hacker-group-star-blizzard
-
Iranian APT Facilitating Remote Access To Target Networks
As per recent reports, an Iranian Advanced Persistent Threat (APT) hacker is now playing a facilitator role in aiding remote access to target networks. The Iranian APT hacker is believed to have affiliations with the Ministry of Intelligence and Security (MOIS). In this article, we’ll dive into these Middle East cyberattacks and uncover all the……
-
China-Backed APT Group Culling Thai Government Data
CeranaKeeper is bombarding Southeast Asia with data exfiltration attacks via file-sharing services such as Pastebin, OneDrive, and GitHub, researchers say. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/new-china-backed-apt-group-culling-thai-government-data
-
Thailändische Regierung von neuem APT CeranaKeeper angegriffen
Bei Angriffen auf thailändische Behörden erbeuteten Cyberkriminelle Daten, indem sie verschlüsselte Dateien zu Filesharing-Diensten hochluden. First seen on heise.de Jump to article: www.heise.de/news/Neue-APT-Gruppe-CeranaKeeper-missbraucht-Dropbox-und-Github-9961562.html
-
Private US companies targeted by Stonefly APT
Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/03/private-us-companies-targeted-by-stonefly-apt/
-
Neue APT-Gruppe CeranaKeeper missbraucht Dropbox und Github
Bei Angriffen auf thailändische Behörden erbeuteten Cyberkriminelle Daten, indem sie verschlüsselte Dateien zu Filesharing-Diensten hochluden. First seen on heise.de Jump to article: www.heise.de/news/Neue-APT-Gruppe-CeranaKeeper-missbraucht-Dropbox-und-Github-9961562.html
-
North Korea’s ‘Stonefly’ APT Swarms US Private Co’s. for Profit
Despite a $10 million bounty on one member, APT45 is not slowing down, pivoting from intelligence gathering to extorting funds for Kim Jong-Un’s regime. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/stonefly-apt-us-private-cos-north-korean-profit
-
Python-Based Malware Slithers Into Systems via Legit VS Code
The prolific Chinese APT Mustang Panda is the likely culprit behind a sophisticated cyber-espionage attack that sets up persistent remote access to victim machines. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/python-malware-slithers-legit-vs-code
-
FIN7 hackers launch deepfake nude “generator” sites to spread malware
The notorious APT hacking group known as FIN7 launched a network of fake AI-powered deepnude generator sites to infect visitors with information-stealing malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fin7-hackers-launch-deepfake-nude-generator-sites-to-spread-malware/
-
Stonefly Group Targets US Firms With New Malware Tools
North Korean APT Stonefly continues to launch cyber-attacks on US firms despite July indictment First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/stonefly-targets-us-firms-new/
-
Diehl Defence reportedly attacked by Kimsuky APT
Tags: aptFirst seen on scworld.com Jump to article: www.scworld.com/brief/diehl-defence-reportedly-attacked-by-kimsuky-apt
-
North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence
North Korea-linked APT Kimsuky has been linked to a cyberattack on Diehl Defence, a German manufacturer of advanced military systems. North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. Diehl Defence GmbH & Co. KG is a German weapon…
-
Transparent Tribe APT Group’s New Arsenal: Mythic Poseidon, Linux, and C2 Takedown
A recent report by CYFIRMA sheds light on the infrastructure supporting the activities of the Advanced Persistent Threat (APT) group known as Transparent Tribe, also referred to as APT36. This... First seen on securityonline.info Jump to article: securityonline.info/transparent-tribe-apt-groups-new-arsenal-mythic-poseidon-linux-and-c2-takedown/
-
Why is Chinese threat actor APT 41 in a tearing hurry?
Tags: apt, attack, backdoor, breach, china, control, cyber, data, data-breach, exploit, group, guide, india, infrastructure, intelligence, korea, leak, military, monitoring, network, risk, risk-assessment, soc, strategy, tactics, technology, threat, tool, trainingSince June 1st 2024, Chinese frontline threat actor APT 41 has been linked to as many as 63 events globally. These include attacks on Taiwanese research agencies in August and attacks on the shipping and logistics, utilities, media and entertainment, technology, and automobile sectors in countries such as Taiwan, Thailand, Italy, UAE, Spain, the United…
-
Advanced Cyberattacks: Patchwork APT’s Nexe Backdoor Campaign Exposed
In a new report from Cyble Research and Intelligence Labs (CRIL), the notorious Patchwork APT group has once again demonstrated its cyber-espionage prowess with a sophisticated campaign deploying the >>Nexe
-
Patchwork APT Group Unleashes Nexe Backdoor: A New Era in Cyber Espionage Tactics
Recent analyses by Cyble Research and Intelligence Labs (CRIL) have brought to light an ongoing cyber campaign orchestrated by the notorious Patchwork APT group. This campaign marks a new evolution in their tactics, leveraging a new backdoor dubbed “Nexe” to effectively evade detection mechanisms and execute sophisticated attacks, particularly against Chinese entities. First seen on…
-
China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)
China-linked threat actors compromised some U.S. internet service providers (ISPs) as part of a cyber espionage campaign code-named Salt Typhoon. China-linked threat actors have breached several U.S. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. The state-sponsored hackers aimed at gathering intelligence from the targets or carrying…