Collecting Cyber-News from over 60 sources

Tag: apt

North Korea-linked APT Moonstone used Qilin ransomware in limited attacks

Mar 10, 2025 1:54 PM

by

Andy Stern

in SecurityNews

Tags: apt, attack, group, korea, microsoft, north-korea, ransomware

Microsoft researchers reported that North Korea-linked APT tracked as Moonstone Sleet has employed the Qilin ransomware in limited attacks. Microsoft observed a North Korea-linked APT group, tracked as Moonstone Sleet, deploying Qilin ransomware in limited attacks since February 2025. The APT group uses Qilin ransomware after previously using custom ransomware. >>Moonstone Sleet has previously exclusively…
11 ruinöse Ransomware-Bedrohungen

Mar 7, 2025 6:53 AM

by

Andy Stern

in SecurityNews

Tags: ai, apt, cloud, cyberattack, cybercrime, encryption, exploit, extortion, fortinet, healthcare, kritis, leak, linux, lockbit, malware, moveIT, phishing, ransomware, service, social-engineering, supply-chain, usa, vmware, vpn, vulnerability, windows, zero-day

Für Unternehmen ist Ransomware weiterhin eine existenzielle Bedrohung, für Kriminelle ein immer einträglicheres (Service)geschäft.Ransomware bleibt branchenübergreifend auf dem Vormarsch und entwickelt sich beständig weiter vereinzelten behördlichen Erfolgen zum Trotz. Das ist unter anderem auch folgenden Trends zuzuschreiben:Ransomware-as-a-Service (RaaS)-Angebote senken die Zugangsbarrieren.Neue Erpressungstaktiken versprechen noch mehr kriminelle Gewinne.Künstliche Intelligenz (KI) wird bei Cyberkriminellen immer beliebter.Davon abgesehen,…
Under Pressure: US Charges China’s APTHire Hackers

Mar 7, 2025 12:53 AM

by

Andy Stern

in SecurityNews

Tags: apt, china, hacker, jobs

The US Justice Department on Wednesday announced charges against members of the Chinese-backed i-Soon secret APT and APT27, the latter implicated in January’s Treasury breach. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/us-charges-china-apt-for-hire-hackers
Chinese APT Silk Typhoon exploits IT supply chain weaknesses for initial access

Mar 6, 2025 11:53 PM

by

Andy Stern

in SecurityNews

Tags: access, apt, attack, authentication, china, citrix, cloud, control, corporate, credentials, data, detection, email, exploit, firewall, github, government, group, hacker, identity, Internet, ivanti, least-privilege, microsoft, network, password, service, software, supply-chain, threat, update, vpn, vulnerability, zero-day

Two-way lateral movement: Aside from abusing cloud assets and third-party services and software providers to gain access to local networks, the Silk Typhoon attackers are also proficient in jumping from on-premise environments into cloud environments. The group’s hackers regularly target Microsoft AADConnect (now Entra Connect) servers which are used to synchronize on-premise Active Directory deployments…
Hackers Deploy Advanced Social Engineering Tactics in Phishing Attacks

Mar 6, 2025 7:54 PM

by

Andy Stern

in SecurityNews

Tags: apt, attack, cyber, cybercrime, hacker, malicious, phishing, social-engineering, strategy, tactics, threat

Cybercriminals are evolving their phishing methods, employing more sophisticated social engineering tactics to deceive their targets. Recent findings from ESET’s APT Activity Report highlight a concerning trend where threat actors are establishing relationships with potential victims before deploying malicious content. This shift in strategy makes it increasingly challenging for employees to identify and avoid phishing…
China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain

Mar 5, 2025 5:34 PM

by

Andy Stern

in SecurityNews

Tags: apt, breach, china, data, hacker, supply-chain

Silk Typhoon APT caught using IT supply chain entry points to conduct reconnaissance, siphon data, and move laterally on victim networks. The post China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/china-hackers-behind-us-treasury-breach-caught-targeting-it-supply-chain/
Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants

Mar 5, 2025 1:34 PM

by

Andy Stern

in SecurityNews

Tags: apt, backdoor, china, government, threat

The threat actor known as Lotus Panda has been observed targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan with updated versions of a known backdoor called Sagerunex.”Lotus Blossom has been using the Sagerunex backdoor since at least 2016 and is increasingly employing long-term persistence command shells and developing…
The dirty dozen: 12 worst ransomware groups active today

Mar 5, 2025 10:34 AM

by

Andy Stern

in SecurityNews

Tags: access, ai, alphv, apt, attack, backup, breach, cloud, cyber, cybercrime, dark-web, data, detection, email, encryption, endpoint, exploit, extortion, finance, government, group, healthcare, infrastructure, intelligence, korea, law, leak, linux, lockbit, malicious, malware, moveIT, network, north-korea, organized, phishing, ransom, ransomware, russia, service, social-engineering, software, strategy, threat, tool, usa, vmware, vulnerability, windows, zero-day

Black Basta: History: Black Basta appeared on the ransomware scene in early 2022 and is believed to be a spin-off from Conti, a group notorious for attacking major organizations.How it works: Black Basta usually deploys malware through exploitation of known vulnerabilities and social engineering campaigns. “Employees in the target environment are email bombed and then…
Schutz vor APT-Angriffen Automobilindustrie im Visier

Mar 4, 2025 6:34 AM

by

Andy Stern

in SecurityNews

Tags: apt, hacker, zero-trust

Die Automobilindustrie ist nicht nur einer der größten Wirtschaftszweige der Welt, sie ist auch sehr attraktiv für Hacker, denn hier erhoffen sich die Cyberkriminellen den großen Fang. Es ist wichtig, dass die Automobilindustrie ihre OT-Sicherheitsstrategie verbessert und das Zero-Trust-Prinzip anwendet. First seen on ap-verlag.de Jump to article: ap-verlag.de/schutz-vor-apt-angriffen-automobilindustrie-im-visier/94034/
Military, Government, Face Escalating APT Attacks

Mar 3, 2025 9:34 PM

by

Andy Stern

in SecurityNews

Tags: apt, attack, government, military

First seen on scworld.com Jump to article: www.scworld.com/brief/military-government-face-escalating-apt-attacks
Military, government sectors face escalating APT attacks

Mar 3, 2025 9:34 PM

by

Andy Stern

in SecurityNews

Tags: apt, attack, government, military

First seen on scworld.com Jump to article: www.scworld.com/brief/military-government-sectors-face-escalating-apt-attacks
US Cybercom, CISA retreat in fight against Russian cyber threats: reports

Mar 3, 2025 7:34 PM

by

Andy Stern

in SecurityNews

Tags: apt, blizzard, china, cisa, cyber, cybersecurity, data, government, group, hacker, infrastructure, international, iran, lockbit, microsoft, ransomware, risk, risk-management, russia, threat

Purported shift at CISA away from reporting on Russian threats: Shortly after The Record issued its report, The Guardian reported that the US Cybersecurity and Infrastructure Security Agency (CISA) sent an internal memo setting out new priorities for the agency, including China but excluding Russia. One source said analysts at the agency were verbally informed…
Lumma Stealer spread by reemergent Angry Likho APT

Feb 28, 2025 10:34 PM

by

Andy Stern

in SecurityNews

Tags: apt

First seen on scworld.com Jump to article: www.scworld.com/brief/lumma-stealer-spread-by-reemergent-angry-likho-apt
Cyber Espionage in Thailand: Chinese APT Deploys Yokai Malware

Feb 28, 2025 5:34 AM

by

Andy Stern

in SecurityNews

Tags: apt, china, cyber, espionage, malware

Cado Security Labs has uncovered a new malware campaign targeting the Royal Thai Police, attributed to the Chinese First seen on securityonline.info Jump to article: securityonline.info/cyber-espionage-in-thailand-chinese-apt-deploys-yokai-malware/
Angry Likho APT Group Resurfaces with New Attacks and Advanced Malware Tactics

Feb 26, 2025 5:23 AM

by

Andy Stern

in SecurityNews

Tags: apt, attack, group, kaspersky, malware, tactics, threat

Kaspersky Labs has uncovered new activity from Angry Likho, an advanced persistent threat (APT) group that has been First seen on securityonline.info Jump to article: securityonline.info/angry-likho-apt-group-resurfaces-with-new-attacks-and-advanced-malware-tactics/
EU sanctioned the leader of North Korea-linked APT groups

Feb 25, 2025 4:22 PM

by

Andy Stern

in SecurityNews

Tags: apt, group, korea, north-korea, russia, ukraine

The European Union sanctioned the leader of North Korea-linked APT groups for aiding Russia in its war against Ukraine. The European Union announced sanctions against entities aiding Russia in the ongoing conflict with Ukraine, including Lee Chang Ho, who is the leader of North Korea-linked APT groups. Lee Chang Ho coordinated North Korean soldiers in…
Silver Fox APT Hides ValleyRAT in Trojanized Medical Imaging Software

Feb 25, 2025 3:23 PM

by

Andy Stern

in SecurityNews

Tags: apt, china, exploit, malware, software, threat

Chinese Silver Fox APT exploits trojanized medical imaging software to spread ValleyRAT malware, posing a serious threat to… First seen on hackread.com Jump to article: hackread.com/silver-fox-apt-valleyrat-trojanized-medical-imaging-software/
How APT Naming Conventions Make Us Less Safe

Feb 24, 2025 9:22 PM

by

Andy Stern

in SecurityNews

Tags: apt

Only by addressing the inefficiencies of current naming conventions can we create a safer, more resilient landscape for all defenders. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/how-apt-naming-conventions-make-us-less-safe
North Korean APT28 Expands Cyber Espionage Campaign

Feb 24, 2025 5:23 AM

by

Andy Stern

in CISO

Tags: apt, cyber, espionage, intelligence, north-korea, threat

A recent report from 360 Threat Intelligence Center has detailed the persistent cyber espionage activities of APT-C-28 (ScarCruft), First seen on securityonline.info Jump to article: securityonline.info/north-korean-apt-c-28-expands-cyber-espionage-campaign/
Security Affairs newsletter Round 512 by Pierluigi Paganini INTERNATIONAL EDITION

Feb 23, 2025 2:23 PM

by

Andy Stern

in SecurityNews

Tags: apple, apt, crypto, email, encryption, international, lazarus, WeeklyReview

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever Apple removes iCloud encryption in…
Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever

Feb 23, 2025 5:23 AM

by

Andy Stern

in SecurityNews

Tags: apt, attack, crypto, cyberattack, lazarus, threat

Crypto exchange Bybit was the victim of a sophisticated attack, and threat actors stole $1.5B worth of cryptocurrency from one of the company’s offline wallets. Crypto exchange Bybit suffered a sophisticated cyberattack, threat actors transferred over 400,000 ETH and stETH worth more than $1.5 billion to an unidentified address. The Bybit hack is the largest cryptocurrency…
Cisco Confirms Salt Typhoon Exploitation in Telecom Hits

Feb 21, 2025 11:23 PM

by

Andy Stern

in SecurityNews

Tags: apt, breach, china, cisco, credentials, cve, exploit, login, network

In addition to using CVE-2018-0171 and other Cisco bugs to break into telecom networks, the China-sponsored APT is also using stolen login credentials for initial access. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/cisco-salt-typhoon-exploitation-telecom
Russia-linked APTs target Signal messenger

Feb 19, 2025 11:46 PM

by

Andy Stern

in SecurityNews

Tags: apt, exploit, google, group, intelligence, russia, tactics, threat

Russia-linked threat actors exploit Signal ‘s >>linked devices
How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying

Feb 19, 2025 12:46 PM

by

Andy Stern

in SecurityNews

Tags: apt, exploit, hacker, mandiant, russia, spy

Mandiant warns that multiple Russian APTs are abusing a nifty Signal Messenger feature to surreptitiously spy on encrypted conversations. The post How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/how-russian-hackers-are-exploiting-signals-linked-devices-for-real-time-spying/
Chinese hackers abuse Microsoft APP-v tool to evade antivirus

Feb 18, 2025 7:46 PM

by

Andy Stern

in SecurityNews

Tags: antivirus, apt, china, detection, group, hacker, hacking, microsoft, tool

The Chinese APT hacking group “Mustang Panda” has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-abuse-microsoft-app-v-tool-to-evade-antivirus/
China-linked APT group Winnti targets Japanese organizations since March 2024

Feb 18, 2025 6:46 PM

by

Andy Stern

in SecurityNews

Tags: apt, china, cyberespionage, cybersecurity, group, threat

China-linked threat actor Winnti targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024 as part of a campaign dubbed RevivalStone. Researchers from cybersecurity firm LAC uncovered a new cyberespionage campaign, tracked as RevivalStone, carried out by the China-linked APT group Winnti in March 2024. Threat actors targeted Japanese companies in the manufacturing,…
Earth Preta APT Exploit Microsoft Utility Tool Bypass AV Detection to Control Windows

Feb 18, 2025 6:46 AM

by

Andy Stern

in SecurityNews

Tags: apt, control, cyber, cyberattack, detection, exploit, government, group, microsoft, threat, tool, windows

Researchers from Trend Micro’s Threat Hunting team have uncovered a sophisticated cyberattack campaign by the advanced persistent threat (APT) group Earth Preta, also known as Mustang Panda. The group has been leveraging new techniques to infiltrate systems and evade detection, primarily targeting government entities in the Asia-Pacific region, including Taiwan, Vietnam, Malaysia, and Thailand. Earth…
Earth Preta APT Group Evades Detection with Legitimate and Malicious Components

Feb 18, 2025 5:46 AM

by

Andy Stern

in SecurityNews

Tags: apt, detection, group, malicious, threat

Researchers from Trend Micro’s Threat Hunting team have discovered a new campaign by the advanced persistent threat (APT) First seen on securityonline.info Jump to article: securityonline.info/earth-preta-apt-group-evades-detection-with-legitimate-and-malicious-components/
New family of data-stealing malware leverages Microsoft Outlook

Feb 17, 2025 11:46 PM

by

Andy Stern

in SecurityNews

Tags: access, api, apt, attack, backdoor, breach, ciso, cloud, computer, control, credentials, data, email, github, group, linux, login, mail, malicious, malware, microsoft, network, ntlm, sans, service, tactics, threat, tool, windows

certutil application which handles certificates, to download files.Espionage seems to be the motive, says the report, and there are Windows and Linux versions of the malware. But fortunately the gang “exhibited poor campaign management and inconsistent evasion tactics,” it notes. Nevertheless, CISOs should be watching for signs of attack using this group’s techniques, because their…
4 Wege aus der Security-Akronymhölle

Feb 17, 2025 5:46 AM

by

Andy Stern

in SecurityNews

Tags: apt, cybersecurity, ddos, edr, iam, mail, mssp, siem, soc, threat

Gefangen im Buchstabensud?Bevor Elon Musk zum Trump-Sidekick mutierte, wurde er in erster Linie als visionärer Entrepreneur wahrgenommen. Damals, im Jahr 2010, ließ er den Mitarbeitern seines Raumfahrtunternehmens SpaceX ein Memo zukommen. Darin kritisierte er den übermäßigen, internen Gebrauch von Abkürzungen in gewohnt ausdrucksstarkem Stil: ‘Bei SpaceX gibt es eine schleichende Tendenz, erfundene Akronyme zu nutzen.…