Tag: espionage
-
SideWinder APT: A Decade of Evolution and Global Expansion
The SideWinder Advanced Persistent Threat (APT) group, also known as T-APT-04 or RattleSnake, has been a relentless actor in the global cyber espionage landscape since its emergence in 2012. Though... First seen on securityonline.info Jump to article: securityonline.info/sidewinder-apt-a-decade-of-evolution-and-global-expansion/
-
Earth Simnavaz Exploits Windows Kernel Flaw CVE-2024-30088 in Attacks on Critical Infrastructure
Trend Micro researchers have uncovered a series of advanced cyberattacks carried out by the threat group Earth Simnavaz, also known as APT34 or OilRig. This Iranian-linked cyber espionage group has... First seen on securityonline.info Jump to article: securityonline.info/earth-simnavaz-exploits-windows-kernel-flaw-cve-2024-30088-in-attacks-on-critical-infrastructure/
-
OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf
The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region.”The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for credentials theft, and exploiting vulnerabilities…
-
Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale
U.S. and U.K. cyber agencies warn that Russia-linked group APT29 is targeting vulnerable Zimbra and JetBrains TeamCity servers on a large scale. Russia-linked cyber espionage group APT29 (aka SVR group, BlueBravo, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes) target vulnerable Zimbra and JetBrains TeamCity servers as part of a mass scale campaign, U.S. and U.K. cyber agencies warned. The Federal Bureau…
-
NSA, FBI, and Allies Expose Ongoing Russian Cyber Espionage Operations
Recently, the National Security Agency (NSA), Federal Bureau of Investigation (FBI), the United States Cyber Command’s Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC)... First seen on securityonline.info Jump to article: securityonline.info/nsa-fbi-and-allies-expose-ongoing-russian-cyber-espionage-operations/
-
Russia’s SVR Targets Zimbra, TeamCity Servers for Cyber Espionage
Russian-backed APT29 has been spying on US and European organizations since at least 2021, a US-UK joint advisory said First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russias-svr-targets-zimbra/
-
NSA cyber chief: Espionage is now Russia’s focus for cyberattacks on Ukraine
First seen on therecord.media Jump to article: therecord.media/russia-ukraine-espionage-luber-nsa
-
NSA cyber director: Espionage is now Russia’s focus for cyberattacks on Ukraine
First seen on therecord.media Jump to article: therecord.media/russia-ukraine-espionage-luber-nsa
-
GoldenJackal Bypasses Air-Gaps in Sophisticated Espionage Campaigns
A new report by MatÃas Porolli, a malware researcher at ESET, has revealed a series of cyberespionage campaigns executed by the elusive Advanced Persistent Threat (APT) group known as GoldenJackal.... First seen on securityonline.info Jump to article: securityonline.info/goldenjackal-bypasses-air-gaps-in-sophisticated-espionage-campaigns/
-
Justice Department Seizes 41 Domains Used by Russian Intelligence in Massive Cyber Espionage Takedown
Yesterday, the Justice Department announced the seizure of 41 internet domains used by Russian intelligence agents to commit cyber fraud and espionage. The unsealing of the warrant marks a significant... First seen on securityonline.info Jump to article: securityonline.info/justice-department-seizes-41-domains-used-by-russian-intelligence-in-massive-cyber-espionage-takedown/
-
DOJ, Microsoft seize more than 100 domains used by the FSB
The simultaneous actions targeted the Star Blizzard espionage operation, which went after government and civil society groups around the world. First seen on cyberscoop.com Jump to article: cyberscoop.com/doj-microsoft-fsb-espionage-star-blizzard/
-
Weird Zimbra Vulnerability
Tags: attack, computer, email, espionage, exploit, hacker, infection, mail, ransomware, vulnerabilityHackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit. In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or espionage malware. The…
-
Python-Based Malware Slithers Into Systems via Legit VS Code
The prolific Chinese APT Mustang Panda is the likely culprit behind a sophisticated cyber-espionage attack that sets up persistent remote access to victim machines. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/python-malware-slithers-legit-vs-code
-
North Korean’s Stonefly shifts from espionage to ransomware, extortion
First seen on scworld.com Jump to article: www.scworld.com/news/north-koreans-stonefly-shifts-from-espionage-to-ransomware-extortion
-
Advanced Cyberattacks: Patchwork APT’s Nexe Backdoor Campaign Exposed
In a new report from Cyble Research and Intelligence Labs (CRIL), the notorious Patchwork APT group has once again demonstrated its cyber-espionage prowess with a sophisticated campaign deploying the >>Nexe
-
SloppyLemming’s Espionage Campaign Targets South Asia
A recent report from Cloudforce One has detailed a cyber espionage campaign orchestrated by a threat actor dubbed SloppyLemming, targeting government, defense, telecommunications, and energy sectors across South and East... First seen on securityonline.info Jump to article: securityonline.info/sloppylemmings-espionage-campaign-targets-south-asia/
-
Patchwork APT Group Unleashes Nexe Backdoor: A New Era in Cyber Espionage Tactics
Recent analyses by Cyble Research and Intelligence Labs (CRIL) have brought to light an ongoing cyber campaign orchestrated by the notorious Patchwork APT group. This campaign marks a new evolution in their tactics, leveraging a new backdoor dubbed “Nexe” to effectively evade detection mechanisms and execute sophisticated attacks, particularly against Chinese entities. First seen on…
-
China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)
China-linked threat actors compromised some U.S. internet service providers (ISPs) as part of a cyber espionage campaign code-named Salt Typhoon. China-linked threat actors have breached several U.S. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. The state-sponsored hackers aimed at gathering intelligence from the targets or carrying…
-
Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign
Nation-state threat actors backed by Beijing broke into a “handful” of U.S. internet service providers (ISPs) as part of a cyber espionage campaign orchestrated to glean sensitive information, The Wall Street Journal reported Wednesday.The activity has been attributed to a threat actor that Microsoft tracks as Salt Typhoon, which is also known as FamousSparrow and…
-
Russian Hackers Target Mobile Devices in New Espionage Wave
Cybersecurity researcher BushidoToken’s latest report reveals a disturbing trend: Russian state-backed hackers are increasingly focusing on mobile devices, exploiting them for espionage, stealing sensitive data, and even gathering intel for... First seen on securityonline.info Jump to article: securityonline.info/russian-hackers-target-mobile-devices-in-new-espionage-wave/
-
RomCom Malware Resurfaces With SnipBot Variant
The latest version of the evolving threat is a multistage attack demonstrating a move away from ransomware to purely espionage activities, typically targeting Ukraine and its supporters. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/romcom-malware-resurfaces-snipbot-variant
-
Passive Backdoors, Active Threat: UNC1860’s Espionage Tools Exposed
Mandiant has uncovered alarming evidence of a sophisticated Iranian state-sponsored cyber campaign orchestrated by UNC1860, a threat actor likely affiliated with Iran’s Ministry of Intelligence and Security (MOIS). Known for... First seen on securityonline.info Jump to article: securityonline.info/passive-backdoors-active-threat-unc1860s-espionage-tools-exposed/
-
North Korean APT Bypasses DMARC Email Policies in Cyber-Espionage Attacks
How the Kimsuky nation-state group and other threat actors are exploiting poor email security, and what organizations can do to defend themselves. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-korean-apt-bypasses-dmarc-email-cyber-espionage-attacks
-
Sophisticated Cyber Espionage: Earth Baxia Uses CVE-2024-36401 and Cobalt Strike to Infiltrate APAC
In a recent report from Trend Micro, the cyber espionage group Earth Baxia has been identified targeting government organizations in Taiwan and potentially other countries in the Asia-Pacific (APAC) region... First seen on securityonline.info Jump to article: securityonline.info/sophisticated-cyber-espionage-earth-baxia-uses-cve-2024-36401-and-cobalt-strike-to-infiltrate-apac/
-
Phishing Espionage Attack Targets US-Taiwan Defense Conference
Hackers sent a convincing lure document, but after 20 years of similar attacks, the target organization was well prepared. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/espionage-attack-us-taiwan-defense-conference
-
UNC2970 Hackers Attacking Job Seekers Using Weaponized PDF Reader
UNC2970, a North Korean cyber espionage group, used customized SumatraPDF trojans to deliver MISTPEN backdoors to victims through phishing emails pretending to be job recruiters. The group targeted the energy and aerospace industries, copying job descriptions and engaging with victims via email and WhatsApp. It modifies job descriptions to target specific victims in U.S. critical…
-
North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware
A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in energy and aerospace verticals and infect them with a previously undocumented backdoor dubbed MISTPEN.The activity cluster is being tracked by Google-owned Mandiant under the moniker UNC2970, which it said overlaps with a threat group known as TEMP.Hermit, which…
-
Chinese Engineer Indicted for Alleged Cyber Espionage Campaign Against US Aerospace Industry
A Chinese national, Song Wu, has been indicted on 14 counts of wire fraud and 14 counts of aggravated identity theft, stemming from an alleged multi-year spear phishing campaign to... First seen on securityonline.info Jump to article: securityonline.info/chinese-engineer-indicted-for-alleged-cyber-espionage-campaign-against-us-aerospace-industry/