Tag: apt
-
Sandworm APT Hackers Weaponize Microsoft KMS Activation Tools To Compromise Windows
by
in SecurityNewsIn a sophisticated cyber-espionage operation, the Russian state-sponsored hacking group Sandworm (APT44), linked to the GRU (Russia’s Main Intelligence Directorate), has been exploiting pirated Microsoft Key Management Service (KMS) activation tools to target Ukrainian Windows users. The campaign, which began in late 2023, leverages trojanized KMS activators and fake Windows updates to deploy malware, including…
-
Sandworm APT Exploits Trojanized KMS Tools to Target Ukrainian Users in Cyber Espionage Campaign
by
in SecurityNewsThe notorious Sandworm APT (APT44), a Russian-state-sponsored threat actor affiliated with the GRU (Russia’s Main Intelligence Directorate), has First seen on securityonline.info Jump to article: securityonline.info/sandworm-apt-exploits-trojanized-kms-tools-to-target-ukrainian-users-in-cyber-espionage-campaign/
-
Microsoft’s February 2025 Patch Tuesday Addresses 55 CVEs (CVE-2025-21418, CVE-2025-21391)
by
in SecurityNews
Tags: access, advisory, android, apt, attack, authentication, best-practice, cve, cyber, data, exploit, firmware, flaw, group, Internet, lazarus, linux, malicious, microsoft, network, north-korea, ntlm, office, rce, remote-code-execution, service, technology, tool, update, vulnerability, windows, zero-day3Critical 52Important 0Moderate 0Low Microsoft addresses 55 CVEs with three rated critical and four zero-day vulnerabilities, including two that were exploited in the wild. Microsoft patched 55 CVEs in its February 2025 Patch Tuesday release, with three rated critical and 52 rated as important. Our counts omitted one vulnerability reported by HackerOne. This month’s update…
-
EARLYCROW: Detecting APT Malware Command and Control Activities Over HTTPS
by
in SecurityNews
Tags: apt, communications, control, cyber, cyberattack, detection, malware, network, tactics, threatAdvanced Persistent Threats (APTs) represent a sophisticated and stealthy category of cyberattacks targeting critical organizations globally. Unlike common malware, APTs employ evasive tactics, techniques, and procedures (TTPs) to remain undetected for extended periods. Their command-and-control (C&C) communications often mimic legitimate web traffic, making detection particularly challenging for traditional Network Intrusion Detection Systems (NIDS). To address…
-
Security Affairs newsletter Round 510 by Pierluigi Paganini INTERNATIONAL EDITION
by
in SecurityNewsA new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. PlayStation Network outage has been going on for over 24 hours Kimsuky APT group used custom RDP Wrapper…
-
Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer
by
in SecurityNews
Tags: apt, attack, control, group, intelligence, kaspersky, korea, north-korea, phishing, spear-phishingResearchers spotted North Korea’s Kimsuky APT group launching spear-phishing attacks to deliver forceCopy info-stealer malware. Researchers from AhnLab Security Intelligence Center (ASEC) observed North Korea’s Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware. Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium, Velvet Chollima, APT43) was first spotted by Kaspersky researchers in 2013. The group works under the control…
-
SolarWinds to Go Private for $4.4B
Five years after a Russian APT infiltrated a software update to gain access to thousands of SolarWinds customers, the board has voted unanimously to sell at a top valuation and plans for uninterrupted operations. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/solarwinds-private-billions
-
Kimsuky Group Leverages RDP Wrapper for Persistent Cyber Espionage
by
in SecurityNewsThe notorious North Korean APT group Kimsuky has continued its cyber espionage operations, leveraging spear-phishing attacks and remote First seen on securityonline.info Jump to article: securityonline.info/kimsuky-group-leverages-rdp-wrapper-for-persistent-cyber-espionage/
-
GreenSpot APT Phishes 163.com Users with Spoofed Domains
by
in SecurityNewsA recent report from Threat Hunting Platform Hunt.io has exposed an ongoing phishing campaign orchestrated by GreenSpot First seen on securityonline.info Jump to article: securityonline.info/greenspot-apt-phishes-163-com-users-with-spoofed-domains/
-
North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials
by
in SecurityNews
Tags: apt, attack, credentials, email, group, hacking, intelligence, korea, malware, microsoft, north-korea, office, phishing, spear-phishing, windowsThe North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC).The attacks commence with phishing emails containing a Windows shortcut (LNK) file that’s disguised as a Microsoft Office or PDF document. First…
-
Lazarus APT targets crypto wallets using cross-platform JavaScript stealer
by
in SecurityNewsThe North Korea-linked APT group Lazarus uses a cross-platform JavaScript stealer to target crypto wallets in a new hacking campaign. Bitdefender researchers reported that the North Korea-linkedLazarus groupuses fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver a cross-platform JavaScript stealer to target crypto wallets in a new hacking campaign. Scammers lure…
-
MacOS Ferret operators add a deceptive bite to their malware family
by
in SecurityNewsThe macOS Ferret family, variants of malware used by North Korean APTs for cyber espionage, has received a new member as samples of a detection-resistant variant, Flexible-Ferret, appear in the wild.The discovery of the samples was made by SentinelOne researchers who noted the variant’s capability to evade the recent XProtect signature update that Apple pushed…
-
Google reveals Gemini AI use by more than 40 state-sponsored APTs
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/google-reveals-gemini-ai-use-by-more-than-40-state-sponsored-apts
-
CL0048: Chinese-Linked APT Targets Telecoms in South Asia
by
in SecurityNewsA newly identified cyberespionage campaign, tracked as CL-STA-0048, has been uncovered by Unit 42 researchers targeting high-value organizations First seen on securityonline.info Jump to article: securityonline.info/cl-sta-0048-chinese-linked-apt-targets-telecoms-in-south-asia/
-
Hacker nutzen Google Gemini zur Verstärkung von Angriffen
by
in SecurityNews
Tags: access, ai, apt, chatgpt, ciso, cyber, cyberattack, ddos, framework, google, governance, government, group, hacker, intelligence, LLM, microsoft, military, north-korea, openai, phishing, threat, tool, vulnerability, zero-day -
Adversarial Misuse of Generative AI: How APTs Are Experimenting with AI for Cyber Operations
by
in SecurityNewsA new Google Threat Intelligence Group (GTIG) report titled “Adversarial Misuse of Generative AI” provides a detailed analysis First seen on securityonline.info Jump to article: securityonline.info/adversarial-misuse-of-generative-ai-how-apts-are-experimenting-with-ai-for-cyber-operations/
-
5 Encrypted Attack Predictions for 2025
by
in SecurityNews
Tags: access, ai, apt, attack, automation, cloud, communications, computer, computing, control, cryptography, cyber, cyberattack, cybercrime, data, data-breach, defense, detection, email, encryption, exploit, government, group, india, infrastructure, intelligence, Internet, malicious, malware, network, phishing, ransomware, risk, service, tactics, technology, threat, update, vpn, zero-trustThe cyberthreat landscape of 2024 was rife with increasingly sophisticated threats, and encryption played a pivotal role”, a staggering 87.2% of threats were hidden in TLS/SSL traffic. The Zscaler cloud blocked 32.1 billion attempted encrypted attacks, a clear demonstration of the growing risk posed by cybercriminals leveraging encryption to evade detection. ThreatLabz reported that malware…
-
Google details adversarial AI activity on Gemini
by
in SecurityNewsGoogle identified APTs from more than 20 nations misusing its Gemini AI chatbot but noted that threat actors were unsuccessful in finding novel techniques or vulnerabilities. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366618357/Google-details-adversarial-AI-activity-on-Gemini
-
New Hacker Group Using 7z UltraVNC Tool to Deploy Malware Evading Detection
by
in SecurityNewsA sophisticated cyber campaign targeting Russian-speaking entities has been identified by cybersecurity researchers, unveiling a deceptive operation imitating the Tactics, Techniques, and Procedures (TTPs) of the Gamaredon APT group. The attackers believed to be part of the GamaCopy group, exploited military-related content as bait, leveraging open-source tools to obscure their activities. The attacks utilized 7z…
-
Silent Lynx APT Group: A New Espionage Threat Targeting Central Asia
by
in SecurityNewsSeqrite Labs APT-Team has uncovered two sophisticated campaigns orchestrated by a newly identified threat group, Silent Lynx. This First seen on securityonline.info Jump to article: securityonline.info/silent-lynx-apt-group-a-new-espionage-threat-targeting-central-asia/
-
Privacy Roundup: Week 4 of Year 2025
by
in SecurityNews
Tags: access, ai, apt, attack, backup, botnet, breach, cctv, cve, cybersecurity, data, data-breach, detection, email, exploit, firmware, flaw, google, group, identity, infrastructure, korea, lazarus, leak, login, malicious, malware, north-korea, phishing, phone, privacy, regulation, remote-code-execution, risk, router, scam, service, software, startup, technology, threat, tool, update, virus, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 19 JAN 2025 – 25 JAN 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
GamaCopy targets Russia mimicking Russia-linked Gamaredon APT
by
in SecurityNewsNew threat actor GamaCopy mimics Russia-linked Gamaredon APT in attacks on Russian-speaking targets. The Knownsec 404 Advanced Threat Intelligence team recently analyzed attacks on Russian-speaking targets using military-themed bait, 7z SFX for payloads, and UltraVNC, mimicking Gamaredon’s TTPs. The researchers linked the activity to the APT Core Werewolf (aka Awaken Likho, PseudoGamaredon), it mimics Gamaredon…
-
Lazarus Group Deploys Electron-Based Malware to Target Cryptocurrency Enthusiasts
The APT-C-26 group, commonly known as Lazarus, has intensified its campaigns, focusing on cryptocurrency professionals worldwide. A recent First seen on securityonline.info Jump to article: securityonline.info/lazarus-group-deploys-electron-based-malware-to-target-cryptocurrency-enthusiasts/
-
Chinese PlushDaemon APT Targets S. Korean IPany VPN with Backdoor
by
in SecurityNewsCybersecurity firm ESET uncovers PlushDaemon, a previously unknown APT group targeting South Korea, deploying a SlowStepper backdoor. This… First seen on hackread.com Jump to article: hackread.com/chinese-plushdaemon-apt-south-korean-vpn-backdoor/
-
Angriff der Plüschdämonen
by
in SecurityNewsESET Forscher entdecken Supply-Chain-Angriff gegen einen VPN-Anbieter in Südkorea durch neue APT-Gruppe “PlushDaemon” First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/angriff-der-pluschdamonen/
-
Google Cloud Security Threat Horizons Report #11 Is Out!
by
in SecurityNews
Tags: access, api, apt, attack, authentication, breach, business, cloud, corporate, credentials, cybersecurity, data, detection, exploit, extortion, google, identity, intelligence, leak, mfa, password, phishing, ransomware, service, tactics, theft, threat, tool, vulnerabilityThis is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat Horizons Report, #11 (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9 and #10). My favorite quotes from the report follow below:…
-
PlushDaemon APT Targeted South Korean VPN Software
PlushDaemon APT hacked South Korean VPN software with SlowStepper backdoor as part of a 2023 espionage campaign First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/plushdaemon-apt-targeted-south/
-
PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack
by
in SecurityNewsA previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private network (VPN) provider in 2023, according to new findings from ESET.”The attackers replaced the legitimate installer with one that also deployed the group’s signature implant that we have named SlowStepper…
-
China-aligned PlushDaemon APT compromises supply chain of Korean VPN
by
in SecurityNewsESET researchers have uncovered a supply chain attack targeting a South Korean VPN provider, carried out by PlushDaemon, a newly identified China-aligned APT group. In this … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/22/plushdaemon-apt-slowstepper-supply-chain-compromise/