Tag: apt

What your firewall sees that your EDR doesn’t

Nov 27, 2025 7:49 PM

Tags: apt, credentials, edr, firewall, group, login, network, russia

The group known as Librarian Ghouls has infiltrated networks of technical universities and industrial organisations across Russia, Belarus and Kazakhstan, all without raising immediate alarms. They achieved this by leveraging legitimate logins to move laterally through internal networks, utilising valid credentials and avoiding alert triggers. Unlike many other APT groups, Librarian Ghouls does not rely…
Neues ToddyCat-Toolkit greift Outlook und Microsoft-Token an

Nov 27, 2025 2:49 PM

Tags: access, apt, backdoor, browser, chrome, cloud, cyberattack, exploit, governance, government, Internet, kaspersky, mail, microsoft, open-source, powershell, tool, update, vulnerability, windows

Die APT-Gruppe ToddyCat hat ihren Fokus auf den Diebstahl von Outlook-E-Mail-Daten und Microsoft 365-Zugriffstoken verlagert.Forscher von Kaspersky Labs haben festgestellt, dass sich die APT-Gruppe (Advanced Persistent Threat) ToddyCat jetzt darauf spezialisiert hat, Outlook-E-Mail-Daten und Microsoft 365-Zugriffstoken zu stehlen.Demnachhat die Hackerbande ihr Toolkit Ende 2024 und Anfang 2025 weiterentwickelt, um nicht nur wie bisher Browser-Anmeldedaten zu…
Rare APT Collaboration Emerges Between Russia and North Korea

Nov 26, 2025 8:49 PM

Tags: apt, infrastructure, korea, lazarus, north-korea, russia

Researchers say Russia’s Gamaredon and North Korea’s Lazarus may be sharing infrastructure, a rare APT collaboration. The post Rare APT Collaboration Emerges Between Russia and North Korea appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apt-collaboration-russia-north-korea/
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
Gamayun APT Exploits New MSC EvilTwin Vulnerability to Deliver Malicious Payloads

Nov 26, 2025 7:49 AM

Tags: apt, cyber, exploit, group, infrastructure, malicious, microsoft, powershell, social-engineering, threat, vulnerability, windows

Water Gamayun, a Russia”‘aligned advanced persistent threat (APT) group, has launched a new multi”‘stage intrusion campaign that weaponizes the recently disclosed MSC EvilTwin vulnerability in Windows Microsoft Management Console (MMC). Leveraging a blend of compromised infrastructure, social engineering, and heavily obfuscated PowerShell, the attackers exploited CVE”‘2025″‘26633 to inject malicious code into mmc.exe, ultimately delivering hidden…
Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack

Nov 26, 2025 12:49 AM

Tags: access, apt, attack, backdoor, cloud, control, credentials, cve, data, detection, exploit, government, group, infrastructure, intelligence, malicious, malware, network, open-source, password, powershell, risk, russia, social-engineering, supply-chain, tactics, theft, threat, tool, vulnerability, windows, zero-day, zero-trust

This blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability,…
Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack

Nov 26, 2025 12:49 AM

Tags: access, apt, attack, backdoor, cloud, control, credentials, cve, data, detection, exploit, government, group, infrastructure, intelligence, malicious, malware, network, open-source, password, powershell, risk, russia, social-engineering, supply-chain, tactics, theft, threat, tool, vulnerability, windows, zero-day, zero-trust

This blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability,…
Rare APT Collaboration Emerges Between Russia and North Korea

Nov 25, 2025 11:49 PM

Tags: apt, infrastructure, korea, lazarus, north-korea, russia

Researchers say Russia’s Gamaredon and North Korea’s Lazarus may be sharing infrastructure, a rare APT collaboration. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/news-russia-north-korea-apt-collab/
Telecommunications Network Security: Defending Against Nation State APTs with Unified AI Defense

Nov 25, 2025 5:49 PM

Tags: 5G, ai, apt, attack, breach, cloud, cyber, defense, iot, network, tool

The global telecommunications ecosystem has entered its most dangerous cyber era.As 5G, O RAN, cloud workloads, and massive IoT ecosystems expand, telecom networks have become the number one target for nation-state APTs. Attacks like Salt Typhoon, labeled the worst telecom breach in U.S. history, prove one reality: Traditional enterprise security tools cannot defend networks operating…
Telecommunications Network Security: Defending Against Nation State APTs with Unified AI Defense

Nov 25, 2025 5:49 PM

Tags: 5G, ai, apt, attack, breach, cloud, cyber, defense, iot, network, tool

The global telecommunications ecosystem has entered its most dangerous cyber era.As 5G, O RAN, cloud workloads, and massive IoT ecosystems expand, telecom networks have become the number one target for nation-state APTs. Attacks like Salt Typhoon, labeled the worst telecom breach in U.S. history, prove one reality: Traditional enterprise security tools cannot defend networks operating…
China-Nexus Autumn Dragon APT Exploits WinRAR Flaw to Deploy Telegram C2 Backdoor

Nov 25, 2025 1:49 AM

Tags: apt, backdoor, china, exploit, flaw

The post China-Nexus Autumn Dragon APT Exploits WinRAR Flaw to Deploy Telegram C2 Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/china-nexus-autumn-dragon-apt-exploits-winrar-flaw-to-deploy-telegram-c2-backdoor/
Attackers deliver ShadowPad via newly patched WSUS RCE bug

Nov 24, 2025 3:49 PM

Tags: access, apt, backdoor, china, exploit, flaw, group, intelligence, rce, remote-code-execution, threat

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
Attackers deliver ShadowPad via newly patched WSUS RCE bug

Nov 24, 2025 3:49 PM

Tags: access, apt, backdoor, china, exploit, flaw, group, intelligence, rce, remote-code-execution, threat

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
Attackers deliver ShadowPad via newly patched WSUS RCE bug

Nov 24, 2025 3:49 PM

Tags: access, apt, backdoor, china, exploit, flaw, group, intelligence, rce, remote-code-execution, threat

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
Attackers deliver ShadowPad via newly patched WSUS RCE bug

Nov 24, 2025 2:49 PM

Tags: access, apt, backdoor, china, exploit, flaw, group, intelligence, rce, remote-code-execution, threat

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
ToddyCat APT Targeting Internal Employee Communications at Organizations

Nov 24, 2025 12:49 PM

Tags: apt, communications, corporate, cyber, espionage, group, kaspersky, organized, threat

Advanced persistent threat actors continue to develop sophisticated techniques for compromising corporate communications, with the ToddyCat APT group demonstrating remarkable evolution in their operational capabilities. Recent research from Kaspersky reveals how this highly organized espionage group has refined methods for covertly accessing internal employee communications at target organizations throughout the second half of 2024 and…
ToddyCat APT Targeting Internal Employee Communications at Organizations

Nov 24, 2025 12:49 PM

Tags: apt, communications, corporate, cyber, espionage, group, kaspersky, organized, threat

Advanced persistent threat actors continue to develop sophisticated techniques for compromising corporate communications, with the ToddyCat APT group demonstrating remarkable evolution in their operational capabilities. Recent research from Kaspersky reveals how this highly organized espionage group has refined methods for covertly accessing internal employee communications at target organizations throughout the second half of 2024 and…
ToddyCat APT Targeting Internal Employee Communications at Organizations

Nov 24, 2025 12:49 PM

Tags: apt, communications, corporate, cyber, espionage, group, kaspersky, organized, threat

Advanced persistent threat actors continue to develop sophisticated techniques for compromising corporate communications, with the ToddyCat APT group demonstrating remarkable evolution in their operational capabilities. Recent research from Kaspersky reveals how this highly organized espionage group has refined methods for covertly accessing internal employee communications at target organizations throughout the second half of 2024 and…
ToddyCat APT Targeting Internal Employee Communications at Organizations

Nov 24, 2025 12:49 PM

Tags: apt, communications, corporate, cyber, espionage, group, kaspersky, organized, threat

Advanced persistent threat actors continue to develop sophisticated techniques for compromising corporate communications, with the ToddyCat APT group demonstrating remarkable evolution in their operational capabilities. Recent research from Kaspersky reveals how this highly organized espionage group has refined methods for covertly accessing internal employee communications at target organizations throughout the second half of 2024 and…
ToddyCat APT Targeting Internal Employee Communications at Organizations

Nov 24, 2025 12:49 PM

Tags: apt, communications, corporate, cyber, espionage, group, kaspersky, organized, threat

Advanced persistent threat actors continue to develop sophisticated techniques for compromising corporate communications, with the ToddyCat APT group demonstrating remarkable evolution in their operational capabilities. Recent research from Kaspersky reveals how this highly organized espionage group has refined methods for covertly accessing internal employee communications at target organizations throughout the second half of 2024 and…
State of Cybersecurity 2025 for USA MSPs/MSSPs: Challenges, Threats, and the Seceon Platform Solution

Nov 22, 2025 5:49 AM

Tags: apt, cybersecurity, group, ransomware, service, threat, tool, usa

Introduction: The Cybersecurity Crisis for Service Providers The landscape of cybersecurity for USA Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) in 2025 is defined by unprecedented complexity, operational frustration, and rapidly escalating threats. The “Best of Breed” tool stack, the evolution of nation-state APT groups, and the explosion in ransomware require a…
State of Cybersecurity 2025 for USA MSPs/MSSPs: Challenges, Threats, and the Seceon Platform Solution

Nov 22, 2025 5:49 AM

Tags: apt, cybersecurity, group, ransomware, service, threat, tool, usa

Introduction: The Cybersecurity Crisis for Service Providers The landscape of cybersecurity for USA Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) in 2025 is defined by unprecedented complexity, operational frustration, and rapidly escalating threats. The “Best of Breed” tool stack, the evolution of nation-state APT groups, and the explosion in ransomware require a…
North Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day Exploits

Nov 21, 2025 7:49 PM

Tags: apt, attack, blockchain, crypto, cyber, exploit, finance, framework, group, healthcare, infrastructure, intelligence, korea, lazarus, military, north-korea, threat, zero-day

North Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, this collaboration poses an unprecedented threat to critical infrastructure worldwide, with attacks targeting the military, financial, blockchain, energy, and healthcare sectors across the United…
North Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day Exploits

Nov 21, 2025 7:49 PM

Tags: apt, attack, blockchain, crypto, cyber, exploit, finance, framework, group, healthcare, infrastructure, intelligence, korea, lazarus, military, north-korea, threat, zero-day

North Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, this collaboration poses an unprecedented threat to critical infrastructure worldwide, with attacks targeting the military, financial, blockchain, energy, and healthcare sectors across the United…
Chinese APT Infects Routers to Hijack Software Updates

Nov 20, 2025 10:49 PM

Tags: apt, china, router, software, update

A unique take on the software update gambit has allowed PlushDaemon to evade attention as it mostly targets Chinese organizations. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/chinese-apt-routers-hijack-software-updates
Fake-Softwareupdates: Cyberspione verteilen Malware über manipulierten DNS-Traffic

Nov 20, 2025 12:49 PM

Tags: apt, backdoor, dns, malware, router

Eine APT-Gruppe leitet gezielt DNS-Traffic kompromittierter Router um, um Anwendern falsche Softwareupdates mit einer Backdoor unterzuschieben. First seen on golem.de Jump to article: www.golem.de/news/dns-traffic-umgeleitet-cyberspione-verbreiten-malware-ueber-manipulierte-updates-2511-202397.html
Chinese APT Group Exploits DLL Sideloading to Breach Government and Media Targets

Nov 20, 2025 9:49 AM

Tags: apt, attack, breach, china, cyber, espionage, exploit, government, group, threat

A China-nexus advanced persistent threat (APT) group has been conducting a sustained espionage campaign targeting government and media sectors across Southeast Asia, leveraging sophisticated DLL sideloading techniques as a primary attack vector. The threat actor, tracked as Autumn Dragon, has targeted multiple nations surrounding the South China Sea, including Indonesia, Singapore, the Philippines, Cambodia, and Laos,…
Iranian APT hacks helped direct missile strikes in Israel and the Red Sea

Nov 20, 2025 1:46 AM

Tags: access, advisory, apt, attack, cctv, cyber, cybersecurity, data, espionage, group, guide, infrastructure, intelligence, iran, military, network, russia, strategy, threat, ukraine

MuddyWater uses hacked CCTV cameras to help guide missiles: Amazon also found supporting threat intel evidence for another Iran-linked incident involving cyber espionage and missile strikes that has received some official confirmation.After the US strikes against Iran’s nuclear sites in June, Iran retaliated by launching a barrage of missiles against Israel, targeting cities such as…
Iranian APT UNC1549 Infiltrates Aerospace by Hijacking Trusted DLLs and Executing VDI Breakouts

Nov 19, 2025 5:49 AM

Tags: apt, iran

The post Iranian APT UNC1549 Infiltrates Aerospace by Hijacking Trusted DLLs and Executing VDI Breakouts appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/iranian-apt-unc1549-infiltrates-aerospace-by-hijacking-trusted-dlls-and-executing-vdi-breakouts/