Tag: apt
-
Lazarus APT targeted employees at an unnamed nuclear-related organization
by
in SecurityNewsNorth Korea-linked Lazarus Group targeted employees of an unnamed nuclear-related organization in January 2024. Kaspersky researchers observed the North Korea-linked Lazarus Group targeting at least two employees associated with the same nuclear-related organization over the course of one month. The experts believe the attacks are part the cyber espionage campaign Operation Dream Job (aka NukeSped),…
-
Earth Koshchei’s Rogue RDP Campaign: A Sophisticated APT Attack Targets Governments and Enterprises
by
in SecurityNewsTrend Micro has unveiled a large-scale rogue remote desktop protocol (RDP) campaign conducted by the threat group Earth Koshchei. Known for their espionage operations, Earth Koshchei leveraged spear-phishing emails and... First seen on securityonline.info Jump to article: securityonline.info/earth-koshcheis-rogue-rdp-campaign-a-sophisticated-apt-attack-targets-governments-and-enterprises/
-
New attacks launched by reemergent The Mask APT
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/new-attacks-launched-by-reemergent-the-mask-apt
-
The Mask APT is back after 10 years of silence
Kaspersky researchers linked a new wave of cyber attacks to the cyber espionage group tracked as The Mask. Kaspersky researchers linked several targeted attacks to a cyber espionage group known as The Mask. The APT group targeted an organization in Latin America in 2019 and 2022. Threat actors accessed an MDaemon email server and used…
-
Neue Angriffskette von TA397 verbreitet Spionage-RATs
by
in SecurityNewsDie Security-Experten von Proofpoint haben einen neuen Angriff der APT-Gruppe TA397 (auch unter dem Namen ‘Bitter” bekannt) näher analysiert. Die untersuchte Attacke richtete sich gegen eine Organisation aus der türkischen Rüstungsbranche und fand im November 2024 statt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/neue-angriffskette-von-ta397-verbreitet-spionage-rats
-
Espionage Campaign Targets Turkish Defense Industry
by
in SecurityNewsAPT Group Uses Sophisticated Attack Chain to Deploy WmRAT and MiyaRAT. A suspected South Asian threat actor targeted a Turkish defense organization, deploying malware via a RAR archive and using alternate data streams to deliver remote access Trojans. The group previously targeted multiple countries including China, India, Pakistan and Bangladesh. First seen on govinfosecurity.com Jump…
-
Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware
A suspected South Asian cyber espionage threat group known as Bitter targeted a Turkish defense sector organization in November 2024 to deliver two C++-malware families tracked as WmRAT and MiyaRAT.”The attack chain used alternate data streams in a RAR archive to deliver a shortcut (LNK) file that created a scheduled task on the target machine…
-
The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal
A little-known cyber espionage actor known as The Mask has been linked to a new set of attacks targeting an unnamed organization in Latin America twice in 2019 and 2022.”The Mask APT is a legendary threat actor that has been performing highly sophisticated attacks since at least 2007,” Kaspersky researchers Georgy Kucherin and Marc Rivero…
-
PHP backdoor looks to be work of Chinese-linked APT group
by
in SecurityNewsKnown as Glutton, researchers at QiAnXin’s XLab believe Winnti is responsible for the malware. First seen on cyberscoop.com Jump to article: cyberscoop.com/glutton-php-backdoor-winnti-apt-41-china/
-
Russian APT >>Secret Blizzard<< Leverages Cybercriminal Tools in Ukraine Attacks
by
in SecurityNewsA new report from Microsoft Threat Intelligence reveals that the Russian state-sponsored threat actor known as Secret Blizzard (also tracked as Turla, Waterbug, Venomous Bear, Snake, Turla Team, and Turla... First seen on securityonline.info Jump to article: securityonline.info/russian-apt-secret-blizzard-leverages-cybercriminal-tools-in-ukraine-attacks/
-
Careto APT Returns: Decade-Old Threat Resurfaces with New Sophistication
by
in SecurityNewsKaspersky Labs has unveiled research on the return of >>The Mask,
-
Experts discovered the first mobile malware families linked to Russia’s Gamaredon
by
in SecurityNewsThe Russia-linked APT Gamaredon used two new Android spyware tools called BoneSpy and PlainGnome against former Soviet states. Lookout researchers linked the BoneSpy and PlainGnome Android surveillance families to the Russian APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, and ACTINIUM). These are the first known mobile malware families linked to the Russian APT. The cyberespionage group is behind a…
-
APT60 Exploits Legitimate Services in Sophisticated Malware Attack Targeting Japanese Organizations
In August 2024, JPCERT/CC confirmed a targeted attack against a Japanese organization, believed to be the work of the threat group APT-C-60. This advanced campaign utilized legitimate services like Google... First seen on securityonline.info Jump to article: securityonline.info/apt-c-60-exploits-legitimate-services-in-sophisticated-malware-attack-targeting-japanese-organizations/
-
Gamaredon APT Deploys Two Russian Android Spyware Families: BoneSpy and PlainGnome
Researchers at the Lookout Threat Lab have uncovered two sophisticated Android spyware families, BoneSpy and PlainGnome, attributed to the Russian-aligned Advanced Persistent Threat (APT) group Gamaredon. Also known as Primitive... First seen on securityonline.info Jump to article: securityonline.info/gamaredon-apt-deploys-two-russian-android-spyware-families-bonespy-and-plaingnome/
-
Holding Back Salt Typhoon + Other Chinese APT CVEs
by
in SecurityNewsOver the past several years, US Federal Agencies and private sector companies have observed China-based threat actors targeting network and telecommunication critical infrastructure. A wave of recent reports have disclosed that these attacks have succeeded in compromising government and industry targets to a far greater extent than previously thought. As a result, CISA has issued……
-
Security researchers find deep flaws in CVSS vulnerability scoring system
by
in SecurityNewsThe industrywide method for assessing the severity of vulnerabilities in software and hardware needs to be revised because it provides potential misleading severity assessment, delegates at Black Hat Europe were told Thursday.The Common Vulnerability Scoring System (CVSS) makes use of various metrics to quantify vulnerability severity. A presentation at Black Hat by cybersecurity experts from…
-
Die wichtigsten Cybersecurity-Prognosen für 2025
by
in SecurityNews
Tags: access, ai, apple, apt, cloud, cyberattack, cybercrime, cybersecurity, cyersecurity, data, deep-fake, governance, incident response, jobs, kritis, malware, military, mobile, nis-2, ransomware, service, software, stuxnet, supply-chain -
Russia’s Secret Blizzard APT targets Ukraine with Kazuar backdoor
Russia-linked APT group Secret Blizzard is using Amadey Malware-as-a-Service to infect systems in Ukraine with the Kazuar backdoor. The Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) was spotted using the Amadey malware to deploy the KazuarV2 backdoor on devices in Ukraine. The experts observed threat actors using the Amadey bot malware between March and April 2024. Microsoft highlights…
-
Operation Digital Eye: Chinese APT Exploits Visual Studio Code Tunnels in High-Stakes Espionage Campaign
by
in SecurityNewsIn a sophisticated cyberespionage campaign dubbed Operation Digital Eye, SentinelOne and Tinexta Cyber uncovered activities linked to a Chinese Advanced Persistent Threat (APT) group targeting large business-to-business IT service providers... First seen on securityonline.info Jump to article: securityonline.info/operation-digital-eye-chinese-apt-exploits-visual-studio-code-tunnels-in-high-stakes-espionage-campaign/
-
Chinese APT Groups Targets European IT Companies
by
in SecurityNewsEvidence Mounts for Chinese Hacking ‘Quartermaster’. A probable Chinese nation-state threat actor compromised Visual Studio Code and Microsoft Azure cloud infrastructure to target Western technology firms for espionage, security firms Tinexta Cyber and SentinelLabs said. The companies call the campaign Operation Digital Eye. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-apt-groups-targets-european-companies-a-27030
-
North Korean APT blamed for Radiant Capital crypto heist
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/north-korean-apt-blamed-for-radiant-capital-crypto-heist
-
Patchwork APT Targets Chinese Scientific Research in Renewed Campaign
by
in SecurityNewsA new wave of cyberattacks targeting Chinese scientific organizations has been identified by cybersecurity researchers at Hunting Shadow Lab. The campaign, attributed to the Patchwork APT group (also known as... First seen on securityonline.info Jump to article: securityonline.info/patchwork-apt-targets-chinese-scientific-research-in-renewed-campaign/
-
APT53 Weaponizing LNK Files To Deploy Malware Into Target Systems
by
in CISOGamaredon, a persistent threat actor since 2013, targets the government, defense, diplomacy, and media sectors of their victims, primarily through cyberattacks, to gain sensitive information and disrupt operations. It continues to employ sophisticated tactics, leveraging malicious LNK and XHTML files alongside intricate phishing schemes to carry out cyberattacks. Phishing emails with four distinct attack payloads…
-
Turla targets Pakistani APT infrastructure for espionage
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/turla-targets-pakistani-apt-infrastructure-for-espionage
-
Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware
by
in SecurityNewsBlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using spearphishing emails with malicious HTML attachments to deliver GammaLoad malware. To evade detection, BlueAlpha is leveraging Cloudflare Tunnels to conceal their infrastructure and using DNS fast-fluxing for their C2 servers, as this ongoing campaign, active since early 2024, highlights the persistent…
-
8 biggest cybersecurity threats manufacturers face
by
in SecurityNews
Tags: access, ai, apt, attack, authentication, automation, awareness, business, china, cloud, computer, control, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, ddos, detection, email, encryption, exploit, extortion, firmware, framework, group, Hardware, india, infrastructure, intelligence, international, Internet, iot, iran, lazarus, leak, malicious, malware, monitoring, network, nis-2, north-korea, open-source, password, phishing, ransom, ransomware, regulation, risk, risk-analysis, risk-assessment, russia, service, software, strategy, supply-chain, technology, threat, update, vulnerability, windowsThe manufacturing sector’s rapid digital transformation, complex supply chains, and reliance on third-party vendors make for a challenging cyber threat environment for CISOs.Manufacturers, often prime targets for state-sponsored malicious actors and ransomware gangs, face the difficult task of maintaining cost-effective operations while modernizing their network infrastructure.”Many manufacturing systems rely on outdated technology that lacks modern…
-
Russia’s ‘BlueAlpha’ APT Hides in Cloudflare Tunnels
by
in SecurityNewsCloudflare Tunnels is just the latest legitimate cloud service that cybercriminals and state-sponsored threat actors are abusing to hide their tracks. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/russias-bluealpha-apt-cloudflare-tunnels