Tag: apt
-
Russian APT RomCom combines Firefox and Windows zero-day flaws in drive-by exploit
by
in SecurityNews
Tags: access, antivirus, apt, attack, backdoor, browser, business, computer, cve, cybercrime, cyberespionage, defense, endpoint, exploit, flaw, germany, government, group, insurance, intelligence, malicious, microsoft, msp, password, powershell, russia, software, threat, ukraine, vulnerability, windows, zero-dayA Russia-aligned group that engages in both cybercrime and cyberespionage operations used a zero-click exploit chain last month that combined previously unknown and unpatched vulnerabilities in Firefox and Windows.The campaign, whose goal was to deploy the group’s RomCom backdoor on computers, targeted users from Europe and North America. The APT group, also known as Storm-0978,…
-
Attack Group APT60 Targets Japan Using Trusted Platforms
APT-C-60 targets Japan with phishing emails, using job application ruse and malware via Google Drive First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/aptc60-targets-japan-using-trusted/
-
APT60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign
The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor.That’s according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August…
-
APT60 Exploits WPS Office Vulnerability to Deploy SpyGlace Backdoor
by
in CISOThe threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor.That’s according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August…
-
Russian RomCom APT Group Leverages Zero-Day Flaws in Firefox and Windows
by
in SecurityNewsRussia-backed hackers, known as RomCom, have exploited critical zero-day vulnerabilities in Mozilla Firefox and Windows to launch targeted attacks First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/romcom-apt-zeroday-flaws-firefox/
-
Russian APT Chained Firefox and Windows Zero-Days Against US and European Targets
The Russia-linked RomCom APT has been observed chaining two zero-days in Firefox and Windows for backdoor delivery. The post Russian APT Chained Firefox and Windows Zero-Days Against US and European Targets appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-apt-chained-firefox-and-windows-zero-days-against-us-and-european-targets/
-
CVE-2024-21887 and More: How Earth Estries APT Group Exploits VPNs Servers
In a detailed report from Trend Micro, the Chinese advanced persistent threat (APT) group Earth Estries, also known by aliases like Salt Typhoon and GhostEmperor, has emerged as a significant... First seen on securityonline.info Jump to article: securityonline.info/cve-2024-21887-and-more-how-earth-estries-apt-group-exploits-vpns-servers/
-
‘RomCom’ APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor
by
in SecurityNewsThe innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/romcom-apt-zero-day-zero-click-browser-escapes-firefox-tor
-
Salt Typhoon Builds Out Malware Arsenal With GhostSpider
by
in SecurityNewsThe APT, aka Earth Estries, is one of China’s most effective threat actors, performing espionage for sometimes years on end against telcos, ISPs, and governments before being detected. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/salt-typhoon-malware-arsenal-ghostspider
-
Chinese APT Hackers Using Multiple Tools And Vulnerabilities To Attack Telecom Orgs
by
in SecurityNews
Tags: apt, attack, backdoor, china, control, cyber, exploit, government, group, hacker, infrastructure, rat, tool, vulnerabilityEarth Estries, a Chinese APT group, has been actively targeting critical sectors like telecommunications and government entities since 2023. They employ advanced techniques, including exploiting vulnerabilities, lateral movement, and deploying multiple backdoors like GHOSTSPIDER, SNAPPYBEE, and MASOL RAT, which have impacted Southeast Asia significantly. The group makes use of a sophisticated command and control infrastructure…
-
Aggressive Chinese APT Group Targets Governments with New Backdoors
by
in SecurityNewsA Trend Micro analysis of Earth Estries found that the Chinese threat actor is using new backdoors to avoid detection during espionage operations First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-apt-governments-backdoors/
-
RomCom hackers chained Firefox and Windows zero-days to deliver backdoor
by
in SecurityNewsRussia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/26/romcom-backdoor-cve-2024-9680-cve-2024-49039/
-
Unveiling the >>Nearest Neighbor Attack<<: A Russian APT's Covert Tactic to Weaponize Wi-Fi
by
in SecurityNewsVolexity, a leading cybersecurity firm, has revealed a novel attack technique employed by the Russian APT group GruesomeLarch (also known as APT28, Fancy Bear, etc.). Dubbed the >>Nearest Neighbor Attack,
-
Mysterious Elephant Using Hajj-Themed Bait in Attacks
Group Deploys Upgraded Malware Disguised as Microsoft File on Pilgrimage Goers. A South Asian threat actor identified as Mysterious Elephant or APT-K-47 by Knownsec 404 researchers is using a Hajj-themed lure to trick victims into malicious payload disguised as a Windows file. The hacker is using upgraded Asyncshell malware disguised as a Microsoft Compiled HTML…
-
Fancy Bear ‘Nearest Neighbor’ Attack Uses Nearby Wi-Fi Network
by
in SecurityNewsIn a new class of attack, the Russian APT breached a target in Washington, DC, by credential-stuffing wireless networks in close proximity to it and daisy-chaining a vector together in a resourceful and creative way, according to researchers. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/fancy-bear-nearest-neighbor-attack-wi-fi
-
Russia-linked APT TAG-110 uses targets Europe and Asia
by
in SecurityNewsRussia-linked threat actors TAG-110 employed custom malware HATVIBE and CHERRYSPY to target organizations in Asia and Europe. Insikt Group researchers uncovered an ongoing cyber-espionage campaign by Russia-linked threat actor TAG-110 that employed custom malware tools HATVIBE and CHERRYSPY. The campaign primarily targeted government entities, human rights groups, and educational institutions in Central Asia, East Asia,…
-
WolfsBane: Gelsemium APT Group’s Linux Backdoor Debut
ESET researchers have unveiled WolfsBane, the Linux counterpart to the Windows-based Gelsevirine backdoor, marking a significant milestone in the evolution of the Gelsemium Advanced Persistent Threat (APT) group. Known for... First seen on securityonline.info Jump to article: securityonline.info/wolfsbane-gelsemiums-linux-backdoor-debut/
-
Asyncshell: The Evolution of APT47’s Cyber Arsenal
by
in SecurityNewsThe Knownsec 404 Advanced Threat Intelligence team has uncovered a sophisticated and evolving threat from the APT-K-47 group, also known as Mysterious Elephant. This South Asia-based Advanced Persistent Threat (APT)... First seen on securityonline.info Jump to article: securityonline.info/asyncshell-the-evolution-of-apt-k-47s-cyber-arsenal/
-
Security Affairs newsletter Round 499 by Pierluigi Paganini INTERNATIONAL EDITION
by
in SecurityNewsA new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A cyberattack on gambling giant IGT disrupted portions of its IT systems China-linked APT Gelsemiumuses a new Linux…
-
China-linked APT Gelsemium uses a new Linux backdoor dubbed WolfsBane
China-linked APT Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane in attacks targeting East and Southeast Asia. China-linked APT Gelsemium has deployed a previously unknown Linux backdoor, WolfsBane, in attacks targeting East and Southeast Asia, according to ESET. Victims include entities in Taiwan, the Philippines, and Singapore, as seen in VirusTotal samples from…
-
Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks
Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as >>GruesomeLarch>Nearest Neighbor Attack.
-
APT47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell.The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published…
-
In Other News: Nvidia Fixes Critical Flaw, Chinese Linux Backdoor, New Details in WhatsApp-NSO Lawsuit
by
in SecurityNewsNoteworthy stories that might have slipped under the radar: Nvidia fixes vulnerability with rare ‘critical’ severity, Chinese APT’s first Linux backdoor, new details emerge from the WhatsApp-NSO lawsuit. The post In Other News: Nvidia Fixes Critical Flaw, Chinese Linux Backdoor, New Details in WhatsApp-NSO Lawsuit appeared first on SecurityWeek. First seen on securityweek.com Jump to…
-
Chinese APTs Shift Tactics to Evade Detection and Maintain Stealth
In light of increasing global tensions and heightened scrutiny, Chinese Advanced Persistent Threat (APT) groups are adapting their strategies to avoid detection and maintain stealth in their cyber espionage operations.... First seen on securityonline.info Jump to article: securityonline.info/chinese-apts-shift-tactics-to-evade-detection-and-maintain-stealth/
-
Volt Typhoon: Chinese State-Sponsored APT Targets U.S. Critical Infrastructure
by
in SecurityNewsThe Tenable Security Response Team has uncovered critical details about Volt Typhoon, a state-sponsored Advanced Persistent Threat (APT) group linked to the People’s Republic of China. The group has been... First seen on securityonline.info Jump to article: securityonline.info/volt-typhoon-chinese-state-sponsored-apt-targets-u-s-critical-infrastructure/
-
Chinese APT Gelsemium Deploys ‘Wolfsbane’ Linux Variant
In a sign of the times, a backdoor malware whose ancestors date back to 2005 has morphed to target Linux systems. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-apt-gelsemium-wolfsbane-linux-variant
-
Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
by
in SecurityNewsThe China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia.That’s according to findings from cybersecurity firm ESET based on multiple Linux samples uploaded to the VirusTotal platform from Taiwan, the Philippines, and Singapore in…
-
Linux Malware WolfsBane and FireWood Linked to Gelsemium APT
New Linux malware WolfsBane and FireWood have been linked to Gelsemium APT, a cyber-espionage group targeting critical systems First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/linux-malware-wolfsbane-firewood/
-
China’s ‘Liminal Panda’ APT Attacks Telcos, Steals Phone Data
by
in SecurityNewsIn US Senate testimony, a CrowdStrike exec explained how this advanced persistent threat penetrated telcos in Asia and Africa, gathering SMS messages, unique identifiers, and other metadata along the way. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/china-liminal-panda-telcos-phone-data