Tag: apt
-
I-SOON’s ‘Chinese Fishmonger’ APT Targets Government Entities and NGOs
by
in SecurityNewsIn a recent development, the U.S. Department of Justice unsealed an indictment against employees of the Chinese contractor I-SOON, revealing their involvement in multiple global espionage operations. These operations are attributed to the FishMonger APT group, which is believed to be I-SOON’s operational arm. The group, also known as Earth Lusca, TAG-22, Aquatic Panda, or…
-
FishMonger APT Group Linked to I-SOON in Espionage Campaigns
by
in SecurityNewsThe FishMonger APT Group has been linked with I-SOON, targeting governments, NGOs and think tanks in cyber-espionage campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fishmonger-apt-group-linked-isoon/
-
India Is Top Global Target for Hacktivists, Regional APTs
by
in SecurityNewsGlobal politics and a growing economy draw the wrong kind of attention to India, with denial-of-service and application attacks both on the rise. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/india-tops-global-targets-hactivists-regional-apt
-
New Windows zero-day feared abused in widespread espionage for years
by
in SecurityNews.The zero-day vulnerability, tracked as ZDI-CAN-25373, has yet to be publicly acknowledged and assigned a CVE-ID by Microsoft. ZDI-CAN-25373 has to do with the way Windows displays the contents of .lnk files, a type of binary file used by Windows to act as a shortcut to a file, folder, or application, through the Windows UI.A…
-
Critical vulnerability in AMI MegaRAC BMC allows server’ takeover
by
in SecurityNews
Tags: access, advisory, api, apt, attack, authentication, control, credentials, cve, cyberespionage, cybersecurity, data, data-breach, endpoint, exploit, firewall, firmware, flaw, group, infrastructure, Internet, linux, malicious, malware, network, ransomware, supply-chain, technology, training, update, vulnerabilityth vulnerability that Eclypsium researchers found in MegaRAC, the BMC firmware implementation from UEFI/BIOS vendor American Megatrends (AMI). BMCs are microcontrollers present on server motherboards that have their own firmware, dedicated memory, power, and network ports and are used for out-of-band management of servers when their main operating systems are shut down.Administrators can access BMCs…
-
Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft
by
in SecurityNews11 state-sponsored APTs exploit malicious .lnk files for espionage and data theft, with ZDI uncovering 1,000 such files used in attacks. At least 11 state-sponsored threat groups have been abusing Windows shortcut files for espionage and data theft, according to an analysis by Trend Micro’s Zero Day Initiative (ZDI). Trend ZDI researchers discovered 1,000 malicious…
-
11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft
by
in SecurityNewsZDI has uncovered 1,000 malicious .lnk files used by state-sponsored and cybercrime threat actors to execute malicious commands. The post 11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/11-state-sponsored-apts-exploiting-lnk-files-for-espionage-data-theft/
-
Squid Werewolf APT Masquerades as Recruiters in Espionage Campaign Targeting Key Employees
by
in SecurityNewsThe BI.ZONE Threat Intelligence team has uncovered a new cyber-espionage campaign attributed to Squid Werewolf, also known as First seen on securityonline.info Jump to article: securityonline.info/squid-werewolf-apt-masquerades-as-recruiters-in-espionage-campaign-targeting-key-employees/
-
ClickFix Widely Adopted by Cybercriminals, APT Groups
by
in SecurityNewsThe ClickFix technique has been employed by cybercrime and APT groups for information stealer and other malware deployment. The post ClickFix Widely Adopted by Cybercriminals, APT Groups appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/clickfix-widely-adopted-by-cybercriminals-apt-groups/
-
Android spyware ‘KoSpy’ spread by suspected North Korean APT
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/android-spyware-kospy-spread-by-suspected-north-korean-apt
-
North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy
by
in SecurityNewsNorth Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. North Korea-linked threat actor ScarCruft (aka APT37, Reaper, and Group123) is behind a previously undetected Android surveillance tool named KoSpy that was used to target Korean and English-speaking users. ScarCruft has been active since at least 2012, it made the…
-
Blind Eagle Targets Organizations with Weaponized .URL Files to Steal User Hashes
by
in SecurityNewsIn a significant development in the cybersecurity landscape, APT-C-36, more commonly known as Blind Eagle, has intensified its operations targeting Colombian governmental, financial, and critical infrastructure organizations. Active since 2018, this Advanced Persistent Threat group has recently expanded its arsenal with sophisticated exploit techniques and malware, demonstrating an alarming ability to adapt to evolving security…
-
China-linked APT UNC3886 targets EoL Juniper routers
by
in SecurityNewsMandiant researchers warn that China-linked actors are deploying custom backdoors on Juniper NetworksJunos OS MX routers. In mid-2024, Mandiant identified custom backdoors on Juniper Networks’ Junos OS routers, and attributed the attacks to a China-linked espionage group tracked as UNC3886. These TINYSHELL-based backdoors had various capabilities, including active and passive access and a script to…
-
Volt Typhoon Strikes Massachusetts Power Utility
by
in SecurityNewsThe prolonged attack, which lasted 300+ days, is the first known compromise of the US electric grid by the Voltzite subgroup of the Chinese APT; during it, the APT attempted to exfiltrate critical OT infrastructure data. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/volt-typhoon-strikes-massachusetts-power-utility
-
SideWinder APT Group: Maritime Nuclear Targets, Evolved Malware
The SideWinder Advanced Persistent Threat (APT) group has expanded its cyber-espionage operations, targeting the maritime and nuclear sectors First seen on securityonline.info Jump to article: securityonline.info/sidewinder-apt-group-maritime-nuclear-targets-evolved-malware/
-
MirrorFace APT Using Custom Malware To Exploited Windows Sandbox Visual Studio Code
by
in SecurityNewsThe cybersecurity landscape witnessed a significant development when the National Police Agency (NPA) and the National center of Incident readiness and Strategy for Cybersecurity (NISC) released a security advisory on January 8, 2025. This advisory highlighted an Advanced Persistent Threat (APT) campaign conducted by a group known as >>MirrorFace,
-
Ivanti EPM vulnerabilities actively exploited in the wild, CISA warns
by
in SecurityNews
Tags: apt, china, cisa, cyberespionage, exploit, flaw, group, ivanti, remote-code-execution, vpn, vulnerability, zero-dayIvanti products in attackers’ crosshairs: Multiple Ivanti products have been targeted by attackers over the past year, especially by state-sponsored cyberespionage groups who developed zero-day exploits for them.Back in January Ivanti patched a critical remote code execution flaw in its Connect Secure SSL VPN appliance that a Chinese APT group had exploited as a zero-day…
-
Sidewinder APT shifts targeting in new intrusions
by
in SecurityNews
Tags: aptFirst seen on scworld.com Jump to article: www.scworld.com/brief/sidewinder-apt-shifts-targeting-in-new-intrusions
-
Cyber-Angriffe zielen vermehrt auf Atomkraftwerke
by
in SecurityNewsDie APT-Gruppe SideWinder ihre Angriffsstrategien erweitert und zielt nun auch auf Atomkraftwerke und Energieeinrichtungen ab. Betroffen sind vor allem Unternehmen in Afrika, Südostasien und Teilen Europas, darunter Österreich. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/kritis/cyber-angriffe-zielen-vermehrt-auf-atomkraftwerke/
-
Blind Eagle Hackers Exploit Google Drive, Dropbox GitHub to Evade Security Measures
by
in SecurityNewsIn a recent cyber campaign, the notorious threat actor group Blind Eagle, also known as APT-C-36, has been leveraging trusted cloud platforms like Google Drive, Dropbox, GitHub, and Bitbucket to distribute malware and evade traditional security defenses. This sophisticated approach allows them to bypass detection by disguising malicious files as harmless ones hosted on these…
-
1,600 Victims Hit by South American APT’s Malware
by
in SecurityNewsSouth American cyberespionage group Blind Eagle has infected over 1,600 organizations in Colombia in a recent campaign. The post 1,600 Victims Hit by South American APT’s Malware appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/1600-victims-hit-by-south-american-apts-malware/
-
SideWinder APT targets maritime and nuclear sectors with enhanced toolset
by
in SecurityNewsThe APT group SideWinder targets maritime and logistics companies across South and Southeast Asia, the Middle East, and Africa. Kaspersky researchers warn that the APT group SideWinder (also known as Razor Tiger, Rattlesnake, and T-APT-04) is targeting maritime, logistics, nuclear, telecom, and IT sectors across South Asia, Southeast Asia, the Middle East, and Africa. SideWinder(also…
-
SideWinder APT Deploys New Tools in Attacks on Military Government Entities
by
in SecurityNewsThe SideWinder Advanced Persistent Threat (APT) group has been observed intensifying its activities, particularly targeting military and government entities across various regions. This group, known for its aggressive expansion beyond traditional targets, has recently updated its toolset to include sophisticated malware designed for espionage. SideWinder’s primary targets have historically included entities in Pakistan, Sri Lanka,…
-
SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa
by
in SecurityNewsMaritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder.The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear…
-
APT ‘Blind Eagle’ Targets Colombian Government
by
in SecurityNewsThe South American-based advanced persistent threat group is using an exploit with a high infection rate, according to research from Check Point. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/apt-blind-eagle-targets-colombian-government
-
APT-Gruppe Sidewinder zielt auf Atomkraftwerke ab
by
in SecurityNewsLaut aktuellen Analysen von Kaspersky hat die berüchtigte Advanced-Persistent-Threat (APT) -Gruppe ihre Angriffsstrategien angepasst und ihre geografischen Ziele ausgeweitet. Im Rahmen der jüngsten Spionagekampagne richtet sich Sidewinder nun auch gegen Atomkraftwerke und Energieeinrichtungen. Betroffene Unternehmen finden sich überwiegend in Afrika und Südostasien, aber auch in Teilen Europas, darunter Österreich. Sidewinder ist seit mindestens 2012 […]…
-
Blind Eagle: “¦And Justice for All
by
in SecurityNewsey Points Introduction APT-C-36, also known as Blind Eagle, is a threat group that engages in both espionage and cybercrime. It primarily targets organizations in Colombia and other Latin American countries. Active since 2018, this Advanced Persistent Threat (APT) group focuses on government institutions, financial organizations, and critical infrastructure. Blind Eagle is known for employing…
-
North Korea-linked APT Moonstone used Qilin ransomware in limited attacks
by
in SecurityNewsMicrosoft researchers reported that North Korea-linked APT tracked as Moonstone Sleet has employed the Qilin ransomware in limited attacks. Microsoft observed a North Korea-linked APT group, tracked as Moonstone Sleet, deploying Qilin ransomware in limited attacks since February 2025. The APT group uses Qilin ransomware after previously using custom ransomware. >>Moonstone Sleet has previously exclusively…