Tag: apt

APT-Gruppe Camaro Dragon schlägt in Katar zu

Mar 18, 2026 8:09 AM

Tags: apt, cyberattack

Aktuelle Erkenntnisse von Check Point Research zeigen, wie eng Cyberangriffe inzwischen mit geopolitischen Entwicklungen verknüpft sind. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/apt-camaro-dragon-in-katar
APT-Gruppe Camaro Dragon schlägt in Katar zu

Mar 18, 2026 8:09 AM

Tags: apt, cyberattack

Aktuelle Erkenntnisse von Check Point Research zeigen, wie eng Cyberangriffe inzwischen mit geopolitischen Entwicklungen verknüpft sind. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/apt-camaro-dragon-in-katar
APT-Gruppe Camaro Dragon schlägt in Katar zu

Mar 18, 2026 8:09 AM

Tags: apt, cyberattack

Aktuelle Erkenntnisse von Check Point Research zeigen, wie eng Cyberangriffe inzwischen mit geopolitischen Entwicklungen verknüpft sind. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/apt-camaro-dragon-in-katar
Operation Epic Fury: Why exposure data changes everything about Iran’s cyber-kinetic campaign

Mar 18, 2026 5:10 AM

Tags: access, ai, api, apt, attack, backdoor, breach, cctv, cisa, cloud, country, cve, cvss, cyber, cybersecurity, data, data-breach, ddos, detection, dns, espionage, exploit, firewall, flaw, fortinet, government, group, healthcare, identity, infrastructure, intelligence, Internet, iot, iran, kev, malware, microsoft, military, network, office, phishing, radius, remote-code-execution, risk, strategy, supply-chain, technology, threat, unauthorized, update, vpn, vulnerability, warfare, windows

Iran’s retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable’s exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn’t the headline threat, it’s a Microsoft Word N-day affecting nearly 14 million assets. Key takeaways: Exposure data rebalances the threat picture. A Microsoft…
Operation Epic Fury: Why exposure data changes everything about Iran’s cyber-kinetic campaign

Mar 18, 2026 5:10 AM

Tags: access, ai, api, apt, attack, backdoor, breach, cctv, cisa, cloud, country, cve, cvss, cyber, cybersecurity, data, data-breach, ddos, detection, dns, espionage, exploit, firewall, flaw, fortinet, government, group, healthcare, identity, infrastructure, intelligence, Internet, iot, iran, kev, malware, microsoft, military, network, office, phishing, radius, remote-code-execution, risk, strategy, supply-chain, technology, threat, unauthorized, update, vpn, vulnerability, warfare, windows

Iran’s retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable’s exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn’t the headline threat, it’s a Microsoft Word N-day affecting nearly 14 million assets. Key takeaways: Exposure data rebalances the threat picture. A Microsoft…
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

Mar 18, 2026 5:10 AM

Tags: access, ai, apt, attack, awareness, backdoor, cctv, cisa, cloud, control, cve, cyber, cyberattack, data, data-breach, detection, email, endpoint, exploit, flaw, fortinet, google, government, group, healthcare, identity, infrastructure, intelligence, Internet, iran, kev, malicious, malware, microsoft, mitigation, network, office, phishing, remote-code-execution, risk, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings. Key takeaways: CVE-2026-21514 is a Microsoft Word n-day that bypasses OLE and Mark-of-the-Web protections, executing payloads silently without triggering user security prompts Tenable’s…
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

Mar 18, 2026 5:10 AM

Tags: access, ai, apt, attack, awareness, backdoor, cctv, cisa, cloud, control, cve, cyber, cyberattack, data, data-breach, detection, email, endpoint, exploit, flaw, fortinet, google, government, group, healthcare, identity, infrastructure, intelligence, Internet, iran, kev, malicious, malware, microsoft, mitigation, network, office, phishing, remote-code-execution, risk, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings. Key takeaways: CVE-2026-21514 is a Microsoft Word n-day that bypasses OLE and Mark-of-the-Web protections, executing payloads silently without triggering user security prompts Tenable’s…
Iranian Hackers Use Compromised Cameras for Regional Surveillance

Mar 17, 2026 3:10 PM

Tags: apt, cctv, cyber, exploit, group, hacker, infrastructure, intelligence, Internet, iran, middle-east

Iranian cyber actors are expanding operations targeting US organizations while also exploiting internet-connected cameras across the Middle East for intelligence collection and battlefield awareness. Recent incidents tied to APT group MuddyWater, camera”‘focused infrastructure, and hacktivist collective Handala point to an ecosystem that is operational but constrained, prioritizing persistence, visibility, and selective disruption over large”‘scale, coordinated cyber campaigns.…
CL1087 targets military capabilities since 2020

Mar 17, 2026 2:10 PM

Tags: apt, china, espionage, group, intelligence, military

China-linked APT group CL-STA-1087 has targeted Southeast Asian militaries since 2020 using AppleChris and MemFun. A suspected China-linked espionage campaign, tracked as CL-STA-1087, has targeted Southeast Asian military organizations since at least 2020, using AppleChris and MemFun malware. >>The activity demonstrated strategic operational patience and a focus on highly targeted intelligence collection, rather than bulk…
Chinesische APT-Gruppe Camaro Dragon nutzt Nahost-Konflikt für Malware-Kampagne gegen Katar aus

Mar 17, 2026 1:09 PM

Tags: apt, cyberattack, mail, malware, software

Check Point Research (CPR), die Sicherheitsforschungsabteilung von Check Point Software Technologies hat eine Malware-Kampagne beobachtet, die sich an Ziele in Katar richtet und Foto-Archive mit Bildern aus dem Konflikt in Nahost als Lockmittel nutzt, um Malware einzuschleusen. Kurz nach Beginn der Angriffe am 1. März beobachtete CPR gezielte, mutmaßlich per E-Mail durchgeführte Kampagnen gegen Einrichtungen…
Russia-linked APT uses DRILLAPP backdoor to spy on Ukrainian targets

Mar 16, 2026 10:10 PM

Tags: apt, backdoor, group, malware, microsoft, russia, spy, threat, ukraine

Russia-linked threat actors target Ukrainian entities with DRILLAPP backdoor and use Edge debugging for stealth. A new DRILLAPP backdoor campaign targets Ukrainian organizations, abusing Microsoft Edge debugging to evade detection. Observed in February 2026, it shows links to previous Russian-aligned operations by Laundry Bear APT group (aka UAC-0190, Void Blizzard) using the PLUGGYAPE malware family…
Konni Hijacks KakaoTalk Accounts in Spear-Phishing Malware Campaign

Mar 16, 2026 8:09 AM

Tags: access, apt, cyber, malicious, malware, phishing, spear-phishing

Konni APT recently ran a multi-stage malware operation that hijacked KakaoTalk accounts to spread remote access trojans (RATs) through highly targeted spear”‘phishing.”‹ The message used contextual content aligned with the victim’s role to build trust and trick them into opening an attached archive. That archive contained a malicious LNK shortcut masquerading as a document; once…
Iran MOIS Colludes With Criminals to Boost Cyberattacks

Mar 12, 2026 11:10 PM

Tags: apt, cyberattack, cybercrime, iran

Iranian APTs have long pretended to be cybercriminal groups. Now they’re working with actual cybercriminal groups. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/iran-mois-criminals-cyberattacks
Iranian APT Hack Targets US Airport Bank and Software Company

Mar 10, 2026 10:48 PM

Tags: apt, cyber, finance, group, infrastructure, iran, software, threat

Critical infrastructure organizations continue to face sustained pressure from nation-state cyber operations. Airports, financial institutions, and software companies represent high-value targets because of the operational and economic disruption that a successful intrusion can create. New reporting from SecurityWeek details how an Iranian advanced persistent threat group conducted cyber intrusions against organizations, including a U.S. airport,…
Google Cloud Security Threat Horizons Report #13 (H1 2026) Is Out!

Mar 10, 2026 9:48 PM

Tags: access, ai, apt, attack, cloud, credentials, cybersecurity, data, email, exploit, extortion, google, incident response, injection, intelligence, LLM, metric, phishing, ransomware, rce, remote-code-execution, saas, service, social-engineering, software, theft, threat, vulnerability, zero-day

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Cloud Threat Horizons Report, #13 (full version, no info to enter!) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9, #10, #11 and #12).…
Exploiting the Crisis: Chinese APTs Weaponize Middle East Tensions to Target Qatar with PlugX

Mar 10, 2026 8:47 AM

Tags: apt, china, exploit, middle-east

The post Exploiting the Crisis: Chinese APTs Weaponize Middle East Tensions to Target Qatar with PlugX appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/exploiting-the-crisis-chinese-apts-weaponize-middle-east-tensions-to-target-qatar-with-plugx/
Chinese APT Campaign Uses Middle East Lures to Target Qatar With PlugX

Mar 10, 2026 8:47 AM

Tags: apt, china, cyber, espionage, exploit, group, middle-east, threat

Chinese state-linked cyber espionage groups are actively exploiting geopolitical tensions in the Middle East to target organizations in Qatar, according to new findings. The campaign began almost immediately after the recent escalation in the region, highlighting how quickly advanced persistent threat (APT) groups adapt to real-world events to conduct cyber operations. Researchers from Check Point…
My Really Fun RSA 2026 Presentations!

Mar 10, 2026 5:47 AM

Tags: ai, apt, automation, cyber, cybersecurity, data, detection, google, governance, guide, lessons-learned, malware, soc, strategy, threat

This blog is perhaps a little bit more like an ad, so if you don’t want to check the ads, consider not reading it. a very cyber image (Gemini) But this year at RSA 2026, I’m speaking on three topics: securing AI, using AI for SOC, and sharing lessons about how Google applies AI and other technologies…
Iran-Linked Hackers Target U.S. Critical Infrastructure Amid Rising Cyber Threats

Mar 9, 2026 1:47 PM

Tags: apt, backdoor, cyber, group, hacker, infrastructure, iran, network, threat

Iran-linked threat actors are escalating cyber operations against U.S. and allied networks, with Seedworm recently deploying new backdoors against critical infrastructure and high-value organizations amid the current regional conflict. Activity associated with the Iranian APT group Seedworm (aka MuddyWater, Temp Zagros, Static Kitten) has been observed on the networks of multiple U.S. organizations since early…
Rogues gallery: 15 worst ransomware groups active today

Mar 9, 2026 10:47 AM

Tags: access, ai, alphv, apt, attack, backup, breach, cloud, cyber, cybercrime, dark-web, data, data-breach, defense, detection, email, encryption, endpoint, exploit, extortion, finance, government, group, healthcare, infrastructure, insurance, intelligence, korea, law, leak, linux, lockbit, malicious, malware, moveIT, network, north-korea, organized, phishing, ransom, ransomware, russia, service, social-engineering, software, strategy, threat, tool, usa, vmware, vpn, vulnerability, windows, zero-day

Black Basta: History: Black Basta appeared on the ransomware scene in early 2022 and is believed to be a spin-off from Conti, a group notorious for attacking major organizations.How it works: Black Basta usually deploys malware through exploitation of known vulnerabilities and social engineering campaigns. “Employees in the target environment are email bombed and then…
Escalation in the Shadows: Iranian APT Seedworm Deploys ‘Dindoor’ Backdoor in New Cyberoffensive

Mar 9, 2026 5:46 AM

Tags: apt, backdoor, iran

The post Escalation in the Shadows: Iranian APT Seedworm Deploys ‘Dindoor’ Backdoor in New Cyberoffensive appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/escalation-in-the-shadows-iranian-apt-seedworm-deploys-dindoor-backdoor-in-new-cyberoffensive/
Torrent of Threats: China-Nexus APT UAT-9244 Hijacks South American Telecoms with PeerTime Backdoor

Mar 9, 2026 5:46 AM

Tags: apt, backdoor, china, threat

The post Torrent of Threats: China-Nexus APT UAT-9244 Hijacks South American Telecoms with PeerTime Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/torrent-of-threats-china-nexus-apt-uat-9244-hijacks-south-american-telecoms-with-peertime-backdoor/
Iran-linked MuddyWater deploys Dindoor malware against U.S. organizations

Mar 6, 2026 10:46 PM

Tags: apt, backdoor, finance, group, iran, malware, network, threat

Iran-linked APT MuddyWater targeted U.S. organizations, deploying the new Dindoor backdoor across sectors including banks, airports, and nonprofits. Broadcom’s Symantec Threat Hunter Team uncovered a campaign by the Iran-linked MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) APT group targeting several U.S. organizations. >>Activity associated with Iranian APT group Seedworm has been spotted on the networks of multiple…
Middle East Conflict Fuels Opportunistic Cyber Attacks

Mar 6, 2026 9:47 PM

Tags: access, advisory, api, apt, attack, authentication, awareness, backdoor, best-practice, breach, browser, business, chrome, cloud, crypto, cyber, cybercrime, cybersecurity, data, defense, endpoint, exploit, fraud, google, government, identity, infection, Internet, iran, iraq, malicious, malware, mfa, middle-east, military, monitoring, network, password, phishing, PurpleTeam, radius, risk, risk-assessment, scam, service, software, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

IntroductionThreat actors often take advantage of major global events to fuel interest in their malicious activities. Zscaler ThreatLabz is diligently tracking a surge in cybercriminal activity that capitalizes on the elevated political climate in the Middle East. This increased malicious activity includes discoveries that are directly tied to the ongoing conflict, alongside other related findings. ThreatLabz…
North Korean APTs Use AI to Enhance IT Worker Scams

Mar 6, 2026 7:50 PM

Tags: ai, apt, north-korea, scam, tool

DPRK worker scams are old hat, but they’re still working, thanks to AI tools that help with everything from face swapping to daily emails. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-korean-apts-ai-it-worker-scams
Iran-linked APT targets US critical sectors with new backdoors

Mar 6, 2026 3:48 PM

Tags: apt, backdoor, group, hacking, iran, network

An Iran-linked hacking group has been active inside the networks of several US organizations since early February, raising concerns that the activity could precede broader … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/06/seedworm-muddywater-backdoors-victims/
Iran-nexus APT Dust Specter targets Iraq officials with new malware

Mar 6, 2026 12:47 PM

Tags: apt, country, email, government, group, iran, iraq, malware, phishing, threat

A campaign by Iran-linked group Dust Specter is targeting Iraqi officials with phishing emails delivering new malware families. Zscaler ThreatLabz researchers linked the Iran-nexus group Dust Specter to a campaign targeting Iraqi government officials. Threat actors impersonated the country’s Ministry of Foreign Affairs in phishing messages that delivered previously unseen malware, including SPLITDROP, TWINTASK, TWINTALK,…
Russian APT targets Ukraine with BadPaw and MeowMeow malware

Mar 5, 2026 5:47 PM

Tags: apt, attack, email, malware, phishing, russia, ukraine

Researchers uncovered a Russian campaign targeting Ukrainian entities with new malware families BadPaw and MeowMeow delivered through phishing emails. Researchers reported a phishing campaign linked to Russia that targets Ukrainian organizations using two new malware families, BadPaw and MeowMeow. The attack chain begins with a phishing email carrying a link to a ZIP archive. When…
Nation-State Hackers Play the Vibes

Mar 5, 2026 5:47 PM

Tags: apt, flaw, hacker, malware, vulnerability, zero-day

Who Knew APT Hackers Liked Emojis So Much?. All the nation-state hackers are vibe coding. Vibeware won’t win any coding awards. It’s not pretty. It doesn’t target any zero-day vulnerabilities or known flaws in innovative new ways – but it does allow polyglot malware to be generated at scale. First seen on govinfosecurity.com Jump to…
Spionagekampagne gegen Südkorea Angriff missbraucht Microsoft VS Code für Spionage

Mar 5, 2026 1:47 PM

Tags: apt, cyberattack, microsoft

First seen on security-insider.de Jump to article: www.security-insider.de/apt-angriff-vs-code-spionage-suedkorea-dprk-a-72b28bd8c65fb0d7f3021b27ce2ab586/