Tag: apt
-
FIN7 hackers launch deepfake nude generator sites to spread malware
The notorious APT hacking group known as FIN7 launched a network of fake AI-powered deepnude generator sites to infect visitors with information-steal… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fin7-hackers-launch-deepfake-nude-generator-sites-to-spread-malware/
-
Iranian APT caught acting as access broker for ransomware crews
by
in SecurityNewsMembers of Iran-backed Pioneer Kitten APT appear to be trying to supplement their pay packets by helping Russian-speaking ransomware gangs to access t… First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366609258/Iranian-APT-caught-acting-as-access-broker-for-ransomware-crews
-
Diehl Defence reportedly attacked by Kimsuky APT
by
in SecurityNews
Tags: aptFirst seen on scworld.com Jump to article: www.scworld.com/brief/diehl-defence-reportedly-attacked-by-kimsuky-apt
-
Thailändische Regierung von neuem APT CeranaKeeper angegriffen
by
in SecurityNewsFirst seen on heise.de Jump to article: www.heise.de/news/Neue-APT-Gruppe-CeranaKeeper-missbraucht-Dropbox-und-Github-9961562.html
-
North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence
by
in SecurityNewsNorth Korea-linked APT Kimsuky has been linked to a cyberattack on Diehl Defence, a German manufacturer of advanced military systems. North Korea-link… First seen on securityaffairs.com Jump to article: securityaffairs.com/169162/apt/kimsuky-apt-hit-diehl-defence.html
-
‘SloppyLemming’ APT Abuses Cloudflare Service in Pakistan Attacks
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/sloppylemming-apt-cloudflare-pakistan-attacks
-
Iranian APT Peach Sandstorm teases new Tickler malware
Peach Sandstorm, an Iranian state threat actor, has developed a dangerous new malware strain that forms a key element of a rapidly evolving attack seq… First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366609332/Iranian-APT-Peach-Sandstorm-teases-new-Tickler-malware
-
Patchwork APT Group Unleashes Nexe Backdoor: A New Era in Cyber Espionage Tactics
by
in SecurityNewsRecent analyses by Cyble Research and Intelligence Labs (CRIL) have brought to light an ongoing cyber campaign orchestrated by the notorious Patchwork… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/patchwork-apt-group/
-
Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East
by
in SecurityNewsAn Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an i… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/iranian-apt-unc1860-linked-to-mois.html
-
Why is Chinese threat actor APT 41 in a tearing hurry?
by
in SecurityNewsSince June 1st 2024, Chinese frontline threat actor APT 41 has been linked to as many as 63 events globally. These include attacks on Taiwanese resear… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/why-is-chinese-threat-actor-apt-41-in-a-tearing-hurry/
-
North Korean Hackers Gleaming Pisces Poisoned Python Packages Target Linux macOS
by
in SecurityNewsUnit 42 researchers have uncovered a new cyberattack campaign by the North Korean-affiliated APT group, Gleaming Pisces, targeting Linux and macOS sys… First seen on securityonline.info Jump to article: securityonline.info/north-korean-hackers-gleaming-pisces-poisoned-python-packages-target-linux-macos/
-
China’s ‘Earth Baxia’ Spies Exploit Geoserver to Target APAC Orgs
by
in SecurityNewsThe APT group uses spear-phishing and a vulnerability in a geospatial data-sharing server to compromise organizations in Taiwan, Japan, the Philippine… First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-earth-baxia-spies-geoserver-apac-orgs
-
US Disrupts Raptor Train Botnet Of Chinese APT Flax Typhoon
by
in SecurityNewsFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36383/US-Disrupts-Raptor-Train-Botnet-Of-Chinese-APT-Flax-Typhoon.html
-
China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)
China-linked threat actors compromised some U.S. internet service providers (ISPs) as part of a cyber espionage campaign code-named Salt Typhoon. Chin… First seen on securityaffairs.com Jump to article: securityaffairs.com/168941/apt/salt-typhoon-china-linked-threat-actors-breached-us-isp.html
-
ESET APT Activity Report Q4 2022Q1 2023
by
in SecurityNews
Tags: aptFirst seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2023/05/09/eset-apt-report-q4-2022-q1-2023/
-
North Korean APT Bypasses DMARC Email Policies in Cyber-Espionage Attacks
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-korean-apt-bypasses-dmarc-email-cyber-espionage-attacks
-
FBI Leads Takedown of Chinese Botnet Impacting 200K Devices
by
in SecurityNewsOnce a user’s device is infected as part of an ongoing Flax Typhoon APT campaign, the malware connects it to a botnet called Raptor Train, initiating … First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/fbi-takedown-chinese-botnet-200k-devices
-
Malicious Python packages help North Korean APT deliver PondRAT malware
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/malicious-python-packages-help-north-korean-apt-deliver-pondrat-malware
-
North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages
by
in SecurityNewsNorth Korea-linked APT group Gleaming Pisces is distributing a new malware called PondRAT through tainted Python packages. Unit 42 researchers uncover… First seen on securityaffairs.com Jump to article: securityaffairs.com/168781/apt/gleaming-pisces-malicious-python-packages.html
-
New EAGLEDOOR backdoor spread in suspected Chinese APT attacks against Asia-Pacific
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/new-eagledoor-backdoor-spread-in-suspected-chinese-apt-attacks-against-asia-pacific
-
Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw
by
in SecurityNewsSuspected China-linked APT Earth Baxia targeted a government organization in Taiwan by exploiting a recently patched OSGeo GeoServer GeoTools flaw. Tr… First seen on securityaffairs.com Jump to article: securityaffairs.com/168767/apt/earth-baxia-apt-targets-apac-geotools-flaw.html
-
Iranian APT Operating as Initial Access Provider to Networks in the Middle East
by
in SecurityNewsIranian state-sponsored threat actor UNC1860 is operating as an initial access provider to high-profile networks in the Middle East. The post Iranian … First seen on securityweek.com Jump to article: www.securityweek.com/iranian-apt-operating-as-initial-access-provider-to-networks-in-the-middle-east/
-
Iranian-Linked Group Facilitates APT Attacks on Middle East Networks
by
in SecurityNewsThe threat group UNC1860, linked to Iran’s security intelligence agency, gains initial access into networks around the region and hands that access of… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/iranian-linked-group-facilitates-apt-attacks-on-middle-east-networks/
-
UNC1860 provides Iran-linked APTs with access to Middle Eastern networks
Iran-linked APT group UNC1860 is operating as an initial access facilitator that provides remote access to Middle Eastern Networks. Mandiant researche… First seen on securityaffairs.com Jump to article: securityaffairs.com/168656/apt/unc1860-provides-iran-linked-apts-access-middle-east.html
-
Experts warn of China-linked APT’s Raptor Train IoT Botnet
by
in SecurityNewsResearchers warn of a new IoT botnet called Raptor Train that already compromised over 200,000 devices worldwide. Cybersecurity researchers from Lumen… First seen on securityaffairs.com Jump to article: securityaffairs.com/168563/malware/raptor-train-botnet-iot.html
-
US Disrupts ‘Raptor Train’ Botnet of Chinese APT Flax Typhoon
by
in SecurityNewsThe US government has announced the disruption of Raptor Train, a Flax Typhoon botnet powered by hacked consumer devices. The post US Disrupts ‘Raptor… First seen on securityweek.com Jump to article: www.securityweek.com/us-disrupts-raptor-train-botnet-of-chinese-apt-flax-typhoon/
-
Understanding ToddyCat APT
by
in SecurityNews
Tags: aptFirst seen on thefinalhop.com Jump to article: www.thefinalhop.com/understanding-toddycat-apt/
-
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
by
in SecurityNewsCVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML a software component used by various apps for rendering render web pages on Windows … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/16/cve-2024-43461-exploited/
-
Notorious Iranian Hackers Have Been Targeting the Space Industry With a New Backdoor
In addition to its longstanding password spraying attacks, Microsoft says Iran-backed hacker group Peach Sandstorm, or APT 33, has developed custom ma… First seen on wired.com Jump to article: www.wired.com/story/iran-peach-sandworm-tickler-backdoor/
-
Chinese Tag Team APTs Keep Stealing Asian Gov’t Secrets
by
in SecurityNewsA PRC threat cluster known as Crimson Palace is demonstrating the benefits of having specialized units carry out distinct stages of a wider attack cha… First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-tag-team-apts-keep-stealing-asian-govt-secrets