Tag: apt
-
China-linked FamousSparrow APT group resurfaces with enhanced capabilities
ESET investigated suspicious activity on the network of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/26/famoussparrow-cyberespionage-attacks-united-states/
-
Pakistan APT Hackers Weaponize malicious IndiaPost Site to Target Windows and Android Users
by
in SecurityNewsA Pakistan-based Advanced Persistent Threat (APT) group, likely APT36, has launched a multi-platform cyberattack campaign targeting Indian users through a fraudulent website impersonating the Indian Post Office. The attack, discovered by CYFIRMA researchers, exploits both Windows and Android vulnerabilities, demonstrating a significant evolution in the group’s tactics. Sophisticated Attack Leverages Youth Laptop Scheme The malicious…
-
Google Hastily Patches Chrome Zero-Day Exploited by APT
by
in SecurityNewsResearchers at Kaspersky discovered cyber-espionage activity that used the vulnerability in a one-click phishing attack to deliver malware. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/google-patches-chrome-zero-day-exploited-apt
-
APT Hackers Exploit Google Chrome Zero-Day in Operation ForumTroll to Bypass Sandbox Protections
by
in SecurityNewsIn mid-March 2025, Kaspersky researchers uncovered a sophisticated APT attack, dubbed Operation ForumTroll, which leveraged a previously unknown zero-day exploit in Google Chrome. This exploit allowed attackers to bypass Chrome’s sandbox protections, a critical security feature designed to isolate and contain malicious code. The attack was initiated through personalized phishing emails, which directed victims to…
-
North Korean Kimsuky Hackers Deploy New Tactics and Malicious Scripts in Recent Attacks
by
in SecurityNewsSecurity researchers have uncovered a new attack campaign by the North Korean state-sponsored APT group Kimsuky, also known as >>Black Banshee.
-
Unmasking Kimsuky’s Latest Tactics: A Deep Dive into Malicious Scripts and Payloads
by
in SecurityNewsRecently, K7 Labs provided an insightful analysis of a campaign attributed to the North Korean APT group Kimsuky, First seen on securityonline.info Jump to article: securityonline.info/unmasking-kimsukys-latest-tactics-a-deep-dive-into-malicious-scripts-and-payloads/
-
Multi-year telco hack conducted by Chinese APT
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/multi-year-telco-hack-conducted-by-chinese-apt
-
Chinese APT Weaver Ant Targeting Telecom Providers in Asia
by
in SecurityNewsWeaver Ant, a cyberespionage-focused APT operating out of China, is targeting telecom providers for persistent access. The post Chinese APT Weaver Ant Targeting Telecom Providers in Asia appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chinese-apt-weaver-ant-targeting-telecom-providers-in-asia/
-
Chinese Hacker Group Tracked Back to iSoon APT Operation
by
in SecurityNewsThe group, called FishMonger or Aquatic Panda, is working under contract for the Chinese government to steal data from governmental organizations, Catholic charities, NGOs, think tanks, and more. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-espionage-hacker-group-isoon-apt-operation
-
Chinese APT Weaver Ant infiltrated a telco in Asia for over four years
China-linked APT Weaver Ant infiltrated the network of a telecommunications services provider for over four years. The China-linked threat actor Weaver Ant infiltrated the network of a telecom provider in Asia for over four years. During a forensic investigation, Sygnia researchers observed multiple alerts that revealed a re-enabled threat actor account by a service account…
-
China-Nexus APT ‘Weaver Ant’ Caught in Yearslong Web Shell Attack
by
in SecurityNewsThe persistent threat actor was caught using sophisticated Web shell techniques against an unnamed telecommunications company in Asia. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-nexus-apt-weaver-ant-caught-yearslong-web-shell-attack
-
UAT-5918 ATP group targets critical Taiwan
by
in SecurityNewsCisco Talos found UAT-5918, active since 2023, using web shells and open-source tools for persistence, info theft, and credential harvesting. Cisco Talos uncovered UAT-5918, an info-stealing threat actor active since 2023, using web shells and open-source tools for persistence and credential theft. The APT UAT-5918 targets Taiwan, exploiting N-day vulnerabilities in unpatched servers for long-term…
-
25 Prozent der Unternehmen waren 2024 von APT-Angriffen betroffen
by
in SecurityNewsDie Bedrohung durch Advanced Persistent Threats (APTs) hat im vergangenen Jahr stark zugenommen. Jedes vierte Unternehmen (25 Prozent) geriet ins Visier dieser hochentwickelten Angriffe, die für 43 Prozent aller schwerwiegenden Sicherheitsvorfälle verantwortlich waren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/25-prozent-2024-apt-angriffe
-
Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley
by
in SecurityNewsThe FishMonger APT group, a subdivision of Chinese cybersecurity firm I-Soon, compromised seven organizations in a 2022 campaign. The post Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chinese-i-soon-hackers-hit-7-organizations-in-operation-fishmedley/
-
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families
by
in SecurityNewsThe China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a “global espionage campaign” that took place in 2022 targeting seven organizations.These entities include governments, catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States. The activity, which took place First seen…
-
I-SOON’s ‘Chinese Fishmonger’ APT Targets Government Entities and NGOs
by
in SecurityNewsIn a recent development, the U.S. Department of Justice unsealed an indictment against employees of the Chinese contractor I-SOON, revealing their involvement in multiple global espionage operations. These operations are attributed to the FishMonger APT group, which is believed to be I-SOON’s operational arm. The group, also known as Earth Lusca, TAG-22, Aquatic Panda, or…
-
FishMonger APT Group Linked to I-SOON in Espionage Campaigns
by
in SecurityNewsThe FishMonger APT Group has been linked with I-SOON, targeting governments, NGOs and think tanks in cyber-espionage campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fishmonger-apt-group-linked-isoon/
-
India Is Top Global Target for Hacktivists, Regional APTs
by
in SecurityNewsGlobal politics and a growing economy draw the wrong kind of attention to India, with denial-of-service and application attacks both on the rise. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/india-tops-global-targets-hactivists-regional-apt
-
New Windows zero-day feared abused in widespread espionage for years
by
in SecurityNews.The zero-day vulnerability, tracked as ZDI-CAN-25373, has yet to be publicly acknowledged and assigned a CVE-ID by Microsoft. ZDI-CAN-25373 has to do with the way Windows displays the contents of .lnk files, a type of binary file used by Windows to act as a shortcut to a file, folder, or application, through the Windows UI.A…
-
Critical vulnerability in AMI MegaRAC BMC allows server’ takeover
by
in SecurityNews
Tags: access, advisory, api, apt, attack, authentication, control, credentials, cve, cyberespionage, cybersecurity, data, data-breach, endpoint, exploit, firewall, firmware, flaw, group, infrastructure, Internet, linux, malicious, malware, network, ransomware, supply-chain, technology, training, update, vulnerabilityth vulnerability that Eclypsium researchers found in MegaRAC, the BMC firmware implementation from UEFI/BIOS vendor American Megatrends (AMI). BMCs are microcontrollers present on server motherboards that have their own firmware, dedicated memory, power, and network ports and are used for out-of-band management of servers when their main operating systems are shut down.Administrators can access BMCs…
-
Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft
by
in SecurityNews11 state-sponsored APTs exploit malicious .lnk files for espionage and data theft, with ZDI uncovering 1,000 such files used in attacks. At least 11 state-sponsored threat groups have been abusing Windows shortcut files for espionage and data theft, according to an analysis by Trend Micro’s Zero Day Initiative (ZDI). Trend ZDI researchers discovered 1,000 malicious…
-
11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft
by
in SecurityNewsZDI has uncovered 1,000 malicious .lnk files used by state-sponsored and cybercrime threat actors to execute malicious commands. The post 11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/11-state-sponsored-apts-exploiting-lnk-files-for-espionage-data-theft/
-
Squid Werewolf APT Masquerades as Recruiters in Espionage Campaign Targeting Key Employees
by
in SecurityNewsThe BI.ZONE Threat Intelligence team has uncovered a new cyber-espionage campaign attributed to Squid Werewolf, also known as First seen on securityonline.info Jump to article: securityonline.info/squid-werewolf-apt-masquerades-as-recruiters-in-espionage-campaign-targeting-key-employees/
-
ClickFix Widely Adopted by Cybercriminals, APT Groups
by
in SecurityNewsThe ClickFix technique has been employed by cybercrime and APT groups for information stealer and other malware deployment. The post ClickFix Widely Adopted by Cybercriminals, APT Groups appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/clickfix-widely-adopted-by-cybercriminals-apt-groups/
-
Android spyware ‘KoSpy’ spread by suspected North Korean APT
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/android-spyware-kospy-spread-by-suspected-north-korean-apt
-
North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy
by
in SecurityNewsNorth Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. North Korea-linked threat actor ScarCruft (aka APT37, Reaper, and Group123) is behind a previously undetected Android surveillance tool named KoSpy that was used to target Korean and English-speaking users. ScarCruft has been active since at least 2012, it made the…
-
Blind Eagle Targets Organizations with Weaponized .URL Files to Steal User Hashes
by
in SecurityNewsIn a significant development in the cybersecurity landscape, APT-C-36, more commonly known as Blind Eagle, has intensified its operations targeting Colombian governmental, financial, and critical infrastructure organizations. Active since 2018, this Advanced Persistent Threat group has recently expanded its arsenal with sophisticated exploit techniques and malware, demonstrating an alarming ability to adapt to evolving security…
-
China-linked APT UNC3886 targets EoL Juniper routers
by
in SecurityNewsMandiant researchers warn that China-linked actors are deploying custom backdoors on Juniper NetworksJunos OS MX routers. In mid-2024, Mandiant identified custom backdoors on Juniper Networks’ Junos OS routers, and attributed the attacks to a China-linked espionage group tracked as UNC3886. These TINYSHELL-based backdoors had various capabilities, including active and passive access and a script to…