Tag: apt
-
Operation HollowQuill Unveiled: Weaponized Documents Infiltrate Russia’s Defense Sector
by
in SecurityNewsA recent report by SEQRITE Labs APT-Team has shed light on a sophisticated campaign, dubbed Operation HollowQuill, targeting First seen on securityonline.info Jump to article: securityonline.info/operation-hollowquill-unveiled-weaponized-documents-infiltrate-russias-defense-sector/
-
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
by
in SecurityNewsA suspected Chinese APT group has exploited CVE-2025-22457 a buffer overflow bug that was previously thought not to be exploitable to compromise appliances … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/03/ivanti-vpn-customers-targeted-via-unrecognized-rce-vulnerability-cve-2025-22457/
-
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances
by
in SecurityNewsIvanti misdiagnoses a remote code execution vulnerability and Mandiant reports that Chinese hackers are launching in-the-wild exploits. The post Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/
-
Operation HollowQuill Uses Malicious PDFs to Target Academic and Government Networks
by
in SecurityNewsA newly uncovered cyber-espionage campaign, dubbed Operation HollowQuill, has been identified as targeting academic, governmental, and defense-related networks in Russia using weaponized PDF documents. The operation, tracked by SEQRITE Labs APT-Team, leverages decoy research invitations to infiltrate systems associated with the Baltic State Technical University (BSTU “VOENMEKH”), a key institution for defense and aerospace research…
-
Operation HollowQuill Uses Malicious PDFs to Target Academic and Government Networks
by
in SecurityNewsA newly uncovered cyber-espionage campaign, dubbed Operation HollowQuill, has been identified as targeting academic, governmental, and defense-related networks in Russia using weaponized PDF documents. The operation, tracked by SEQRITE Labs APT-Team, leverages decoy research invitations to infiltrate systems associated with the Baltic State Technical University (BSTU “VOENMEKH”), a key institution for defense and aerospace research…
-
China’s FamousSparrow APT Hits Americas with SparrowDoor Malware
by
in SecurityNewsChina-linked APT group FamousSparrow hits targets in the Americas using upgraded SparrowDoor malware in new cyberespionage campaign, ESET reports. First seen on hackread.com Jump to article: hackread.com/china-famoussparrow-apt-americas-sparrowdoor-malware/
-
Earth Alux APT Group: Unveiling Its Espionage Toolkit
by
in SecurityNewsResearchers at Trend Micro detail a highly sophisticated cyber-espionage group actively targeting the Asia-Pacific and Latin American regions. First seen on securityonline.info Jump to article: securityonline.info/earth-alux-apt-group-unveiling-its-espionage-toolkit/
-
CISA spots spawn of Spawn malware targeting Ivanti flaw
Resurge an apt name for malware targeting hardware maker that has security bug after security bug First seen on theregister.com Jump to article: www.theregister.com/2025/04/01/cisa_ivanti_warning/
-
>>Lazarus Hackers Group<< No Longer Refer to a Single APT Group But a Collection of Many Sub-Groups
The term >>Lazarus Group,>Lazarus>Lazarus Hackers Group
-
News brief: China-linked APTs and Russian access broker
by
in SecurityNewsCheck out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366621697/News-brief-China-linked-APTs-and-Russian-access-broker
-
Russia-linked Gamaredon targets Ukraine with Remcos RAT
by
in SecurityNews
Tags: apt, attack, cyberespionage, group, phishing, powershell, rat, russia, spear-phishing, ukraineRussia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, ACTINIUM, Callisto) targets Ukraine with a phishing campaign. The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukrainian entities, and organizations related…
-
Salt Typhoon may have upgraded backdoors for efficiency and evasion
by
in SecurityNewsCrowDoor and attributed to the Earth Estries APT group in November 2024.”GhostSparrow, aka Salt Typhoon (Microsoft), Earth Estries (Trend Micro), Ghost Emperor (Kaspersky Labs), and UNC2286 (Mandiant), has escalated cyber espionage, breaching US telecom networks and accessing data on over a million individuals. One of the key features ESET reported on the two previously unseen…
-
Pakistan-Linked APT Exploits Youth Laptop Scheme in Cyberattack Targeting India
by
in SecurityNewsA new cybersecurity report by CYFIRMA has uncovered a sophisticated cyberattack campaign targeting Indian users, allegedly orchestrated by First seen on securityonline.info Jump to article: securityonline.info/pakistan-linked-apt-exploits-youth-laptop-scheme-in-cyberattack-targeting-india/
-
New FamousSparrow Malware Targets Hotels and Engineering Firms with Custom Backdoor
ESET researchers have uncovered new activity from the China-aligned APT group FamousSparrow, revealing two previously undocumented versions of their custom SparrowDoor backdoor. The group, thought to be inactive since 2022, compromised a US-based trade organization in the financial sector and a Mexican research institute in July 2024. The first variant closely resembles the CrowDoor malware…
-
China-linked FamousSparrow APT group resurfaces with enhanced capabilities
ESET investigated suspicious activity on the network of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/26/famoussparrow-cyberespionage-attacks-united-states/
-
Pakistan APT Hackers Weaponize malicious IndiaPost Site to Target Windows and Android Users
by
in SecurityNewsA Pakistan-based Advanced Persistent Threat (APT) group, likely APT36, has launched a multi-platform cyberattack campaign targeting Indian users through a fraudulent website impersonating the Indian Post Office. The attack, discovered by CYFIRMA researchers, exploits both Windows and Android vulnerabilities, demonstrating a significant evolution in the group’s tactics. Sophisticated Attack Leverages Youth Laptop Scheme The malicious…
-
Google Hastily Patches Chrome Zero-Day Exploited by APT
by
in SecurityNewsResearchers at Kaspersky discovered cyber-espionage activity that used the vulnerability in a one-click phishing attack to deliver malware. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/google-patches-chrome-zero-day-exploited-apt
-
APT Hackers Exploit Google Chrome Zero-Day in Operation ForumTroll to Bypass Sandbox Protections
by
in SecurityNewsIn mid-March 2025, Kaspersky researchers uncovered a sophisticated APT attack, dubbed Operation ForumTroll, which leveraged a previously unknown zero-day exploit in Google Chrome. This exploit allowed attackers to bypass Chrome’s sandbox protections, a critical security feature designed to isolate and contain malicious code. The attack was initiated through personalized phishing emails, which directed victims to…
-
North Korean Kimsuky Hackers Deploy New Tactics and Malicious Scripts in Recent Attacks
by
in SecurityNewsSecurity researchers have uncovered a new attack campaign by the North Korean state-sponsored APT group Kimsuky, also known as >>Black Banshee.
-
Unmasking Kimsuky’s Latest Tactics: A Deep Dive into Malicious Scripts and Payloads
by
in SecurityNewsRecently, K7 Labs provided an insightful analysis of a campaign attributed to the North Korean APT group Kimsuky, First seen on securityonline.info Jump to article: securityonline.info/unmasking-kimsukys-latest-tactics-a-deep-dive-into-malicious-scripts-and-payloads/
-
Multi-year telco hack conducted by Chinese APT
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/multi-year-telco-hack-conducted-by-chinese-apt
-
Chinese APT Weaver Ant Targeting Telecom Providers in Asia
by
in SecurityNewsWeaver Ant, a cyberespionage-focused APT operating out of China, is targeting telecom providers for persistent access. The post Chinese APT Weaver Ant Targeting Telecom Providers in Asia appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chinese-apt-weaver-ant-targeting-telecom-providers-in-asia/
-
Chinese Hacker Group Tracked Back to iSoon APT Operation
by
in SecurityNewsThe group, called FishMonger or Aquatic Panda, is working under contract for the Chinese government to steal data from governmental organizations, Catholic charities, NGOs, think tanks, and more. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-espionage-hacker-group-isoon-apt-operation
-
Chinese APT Weaver Ant infiltrated a telco in Asia for over four years
China-linked APT Weaver Ant infiltrated the network of a telecommunications services provider for over four years. The China-linked threat actor Weaver Ant infiltrated the network of a telecom provider in Asia for over four years. During a forensic investigation, Sygnia researchers observed multiple alerts that revealed a re-enabled threat actor account by a service account…
-
China-Nexus APT ‘Weaver Ant’ Caught in Yearslong Web Shell Attack
by
in SecurityNewsThe persistent threat actor was caught using sophisticated Web shell techniques against an unnamed telecommunications company in Asia. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-nexus-apt-weaver-ant-caught-yearslong-web-shell-attack
-
UAT-5918 ATP group targets critical Taiwan
by
in SecurityNewsCisco Talos found UAT-5918, active since 2023, using web shells and open-source tools for persistence, info theft, and credential harvesting. Cisco Talos uncovered UAT-5918, an info-stealing threat actor active since 2023, using web shells and open-source tools for persistence and credential theft. The APT UAT-5918 targets Taiwan, exploiting N-day vulnerabilities in unpatched servers for long-term…
-
25 Prozent der Unternehmen waren 2024 von APT-Angriffen betroffen
by
in SecurityNewsDie Bedrohung durch Advanced Persistent Threats (APTs) hat im vergangenen Jahr stark zugenommen. Jedes vierte Unternehmen (25 Prozent) geriet ins Visier dieser hochentwickelten Angriffe, die für 43 Prozent aller schwerwiegenden Sicherheitsvorfälle verantwortlich waren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/25-prozent-2024-apt-angriffe
-
Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley
by
in SecurityNewsThe FishMonger APT group, a subdivision of Chinese cybersecurity firm I-Soon, compromised seven organizations in a 2022 campaign. The post Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chinese-i-soon-hackers-hit-7-organizations-in-operation-fishmedley/