Tag: apt
-
âš¡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs
Cyber threats don’t show up one at a time anymore. They’re layered, planned, and often stay hidden until it’s too late.For cybersecurity teams, the key isn’t just reacting to alerts”, it’s spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and…
-
SideWinder APT Caught Spying on India’s Neighbor Gov’ts
by
in SecurityNewsA recent spear-phishing campaign against countries in South Asia aligns with broader political tensions in the region. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/sidewinder-apt-spying-indias-neighbor-govts
-
Critical 0-Day: Cityworks Flaw Actively Exploited by Chinese APT UAT-6382
by
in SecurityNewsA newly identified Chinese-speaking threat actor cluster, tracked as UAT-6382, is actively exploiting a zero-day vulnerability in Cityworks First seen on securityonline.info Jump to article: securityonline.info/critical-0-day-cityworks-flaw-actively-exploited-by-chinese-apt-uat-6382/
-
Russische Cyber-Kampagne in Nato-Staaten aufgedeckt
by
in SecurityNewsWestliche Geheimdienste haben eine Cyber-Kampagne Russlands aufgedeckt, die gegen logistische und technologische Ziele in Nato-Staaten gerichtet ist. Wie das britische National Cyber Security Centre mitteilte, soll die Einheit 26165 des russischen Geheimdienstes GRU seit 2022 eine Kampagne gegen staatliche und private Organisationen durchgeführt haben. Dabei sollen auch solche ins Visier geraten sein, die mit der Koordination…
-
Im Schatten der Weltpolitik: Was APT-Gruppen im Halbjahr Q4 2024 bis Q1 2025 trieben
by
in SecurityNews
Tags: aptVon Peking bis Moskau, von Sabotage bis Spionage: Der neue ESET-Report zeigt, wie digitale Fronten entlang globaler Konflikte verlaufen und wer ins Visier gerät. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/im-schatten-der-weltpolitik-was-apt-gruppen-im-halbjahr-q4-2024-bis-q1-2025-trieben/
-
Pandas Galore: Chinese Hackers Boost Attacks in Latin America
Vixen Panda, Aquatic Panda, both Beijing-sponsored APTs and financially motivated criminal groups continued to pose the biggest threat to organizations in Central and South America last year, says CrowdStrike. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/pandas-galore-chinese-hackers-attacks-latin-america
-
New SideWinder APT attacks target South Asian ministries
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/new-sidewinder-apt-attacks-target-south-asian-ministries
-
Novel MarsSnake backdoor spread in Chinese APT attack
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/novel-marssnake-backdoor-spread-in-chinese-apt-attack
-
Dark Reading Confidential: The Day I Found an APT Group in the Most Unlikely Place
by
in SecurityNewsDark Reading Confidential Episode 6: Threat hunters Ismael Valenzuela and Vitor Ventura share stories about the tricks they used to track down advanced persistent threat groups, and the surprises they discovered along the way. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/the-day-i-found-an-apt-group-in-the-most-unlikely-place
-
The Day I Found an APT Group In the Most Unlikely Place
by
in SecurityNewsDark Reading Confidential Episode 6: Cyber researchers Ismael Valenzuela and Vitor Ventura share riveting stories about the creative tricks they used to track down advanced persistent threat groups, and the surprises they discovered along the way. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/the-day-i-found-an-apt-group-in-the-most-unlikely-place
-
SideWinder APT Hackers Exploits Legacy Office Vulnerabilities to Deploy Malware Undetected
by
in SecurityNews
Tags: apt, credentials, cyber, exploit, government, hacker, malware, microsoft, military, office, threat, vulnerabilityThe Acronis Threat Research Unit (TRU) has revealed an advanced campaign believed to be orchestrated by the SideWinder advanced persistent threat (APT) group. This operation, running through early 2025, has primarily targeted high-value government and military institutions across Sri Lanka, Bangladesh, and Pakistan, exploiting unpatched legacy Microsoft Office vulnerabilities to deploy credential-stealing malware while evading…
-
APT-Gruppen nehmen kritische Infrastrukturen ins Visier
by
in SecurityNewsIm Zeitraum von Oktober 2024 bis März 2025 haben internationale Hackergruppen ihre Aktivitäten deutlich intensiviert. Besonders im Fokus: die kritische Infrastruktur europäischer Staaten, allen voran in der Ukraine. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/apt-gruppen-kritische-infrastruktur
-
Nation-state APTs ramp up attacks on Ukraine and the EU
by
in SecurityNewsRussian APT groups intensified attacks against Ukraine and the EU, exploiting zero-day vulnerabilities and deploying wipers, according to ESET. Ukraine faces rising cyber … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/21/apt-groups-attacks-eu-ukraine/
-
Asia Produces More APT Actors, As Focus Expands Globally
by
in SecurityNewsChina and North Korea-aligned groups account for more than half of global attacks, and an increasing number of countries look to cyber to balance power in the region. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/asia-apt-actors-focus-expands-globally
-
Europe subjected to mounting Chinese APT intrusions
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/europe-subjected-to-mounting-chinese-apt-intrusions
-
Kimsuky APT Group Deploys PowerShell Payloads to Deliver XWorm RAT
by
in SecurityNewsCybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by the notorious Kimsuky Advanced Persistent Threat (APT) group, deploying intricately crafted PowerShell payloads to deliver the XWorm Remote Access Trojan (RAT). This operation showcases the group’s advanced tactics, leveraging encoded scripts and multi-stage attack chains to infiltrate systems, bypass traditional security mechanisms, and establish covert…
-
Russian APT Groups Intensify Attacks in Europe with Zero-Day Exploits and Wipers
Researchers at ESET observed strengthened cyber-offensive activity from Russian groups, especially against Ukrainian and European entities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-apt-intensify-cyber/
-
South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware
by
in SecurityNewsHigh-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder.”The attackers used spear phishing emails paired with geofenced payloads to ensure that only victims in specific countries received the malicious content,” Acronis researchers Santiago Pontiroli, Jozsef Gegeny, and Prakas…
-
China-linked UnsolicitedBooker APT used new backdoor MarsSnake in recent attacks
by
in SecurityNewsChina-linked UnsolicitedBooker used a new backdoor, MarsSnake, to target an international organization in Saudi Arabia. ESET researchers revealed that a China-linked APT, tracked as UnsolicitedBooker, targeted an international organization in Saudi Arabia using a new backdoor called MarsSnake. The experts uncovered the attacks in March 2023 and again in 2024, noting that the group used…
-
Chinese APT Hackers Target Organizations Using Korplug Loaders and Malicious USB Drives
Advanced persistent threat (APT) groups with ties to China have become persistent players in the cyber espionage landscape, with a special emphasis on European governmental and industrial entities, according to a thorough disclosure from ESET’s APT Activity Report for Q4 2024 to Q1 2025. The report, covering activities from October 2024 to March 2025, highlights…
-
âš¡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More
by
in SecurityNewsCybersecurity leaders aren’t just dealing with attacks”, they’re also protecting trust, keeping systems running, and maintaining their organization’s reputation. This week’s developments highlight a bigger issue: as we rely more on digital tools, hidden weaknesses can quietly grow. Just fixing problems isn’t enough anymore”, resilience needs to be built into everything from the ground up.…
-
BSI-Liste 2025: SECUINFRA ist qualifizierter APT-Response Dienstleister
by
in SecurityNewsDie SECUINFRA GmbH hat sich nach einem aufwendigen Prüfverfahren durch das Bundesamt für Sicherheit in der Informationstechnik (BSI) als Dienstleister für APT-Response qualifiziert [1]. Das Berliner Cybersecurity-Unternehmen erfüllt demnach die fachlichen und organisatorischen Anforderungen, um bei der Bekämpfung gezielter und komplexer Cyberangriffe sogenannter Advanced Persistent Threats (APTs) als vertrauenswürdiger Partner eingesetzt zu werden…. First seen…
-
SECUINFRA wird vom BSI als qualifizierter APT-Response Dienstleister anerkannt
by
in SecurityNewsDie BSI-Liste richtet sich insbesondere an Betreiber Kritischer Infrastrukturen also z.”¯B. Energieversorger, Krankenhäuser oder Verkehrsunternehmen die im Ernstfall schnell auf vertrauenswürdige Unterstützung angewiesen sind. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/secuinfra-wird-vom-bsi-als-qualifizierter-apt-response-dienstleister-anerkannt/a40827/
-
APT Group 123 Targets Windows Systems in Ongoing Malicious Payload Campaign
by
in SecurityNewsGroup123, a North Korean state-sponsored Advanced Persistent Threat (APT) group also known by aliases such as APT37, Reaper, and ScarCruft, continues to target Windows-based systems across multiple regions. Active since at least 2012, the group has historically focused on South Korea but has broadened its operations since 2017 to include Japan, Vietnam, the Middle East,…
-
Turkish APT Exploits Chat App Zero-Day to Spy on Iraqi Kurds
Even after their zero-day turned into an n-day, attackers known as Marbled Dust or Sea Turtle continued to spy on military targets that had failed to patch Output Messenger. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/turkish-apt-exploits-chat-app-zero-day-spy-iraqi-kurds
-
Inside Turla’s Uroboros Infrastructure and Tactics Revealed
by
in SecurityNewsIn a nation-state cyber espionage, a recent static analysis of the Uroboros rootkit, attributed to the infamous APT group Turla, uncovers a chilling display of sophistication and mastery over Windows kernel internals. With the sample identified by the MD5 hash ed785bbd156b61553aaf78b6f71fb37b, this malware-first linked to Turla around 2014-2015-stands as a testament to the group’s elite…
-
Earth Ammit Hackers Deploy New Tools to Target Military Drones
by
in SecurityNewsThe threat actor group known as Earth Ammit, believed to be associated with Chinese-speaking APTs, has emerged as a significant concern for military and industrial sectors in Eastern Asia. This group orchestrated two distinct campaigns-VENOM and TIDRONE-primarily targeting Taiwan and South Korea. Their focus on supply chain infiltration, particularly within the drone and military industries,…
-
Swan Vector Espionage Targets Japan Taiwan with Advanced Malware
by
in SecurityNewsThe Seqrite Labs APT-Team has uncovered a complex cyber-espionage operation dubbed Swan Vector, targeting educational institutions and the First seen on securityonline.info Jump to article: securityonline.info/swan-vector-espionage-targets-japan-taiwan-with-advanced-malware/
-
China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide
by
in SecurityNews
Tags: apt, breach, china, cve, exploit, flaw, infrastructure, remote-code-execution, sap, vulnerabilityA recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks.”Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE),” EclecticIQ researcher Arda Büyükkaya said in an analysis published today.Targets of the campaign First seen on thehackernews.com Jump to article:…