Tag: apt
-
Southeast Asia targeted by Earth Kurma APT attacks
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/southeast-asia-targeted-by-earth-kurma-apt-attacks
-
SentinelOne warns of threat actors targeting its systems and high-value clients
by
in SecurityNewsSentinelOne warns China-linked APT group PurpleHaze attempted reconnaissance on its systems and high-value clients. Cybersecurity firm SentinelOne warns that a China-linked APT group, tracked as PurpleHaze, attempted to conduct reconnaissance on its infrastructure and high-value clients. The activity suggests targeted cyberespionage efforts aimed at gathering information for potential future attacks. SentinelOne first identified PurpleHaze’s activity…
-
Konni APT Deploys Multi-Stage Malware in Targeted Organizational Attacks
by
in SecurityNewsA sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent Threat (APT) group, has been identified targeting entities predominantly in South Korea. Cybersecurity experts have uncovered a meticulously crafted attack chain that leverages advanced obfuscation techniques and persistent mechanisms to compromise systems and exfiltrate sensitive data. This campaign underscores the persistent…
-
Enterprise-specific zero-day exploits on the rise, Google warns
by
in SecurityNews
Tags: access, apple, apt, attack, china, cisco, cloud, crime, crimes, cyberespionage, detection, endpoint, exploit, finance, flaw, google, group, Hardware, incident response, injection, Internet, ivanti, korea, lessons-learned, mandiant, microsoft, mitigation, network, north-korea, remote-code-execution, russia, service, strategy, technology, threat, tool, update, vpn, vulnerability, zero-daySurge in network edge device exploitation: Of the 33 zero-day vulnerabilities in enterprise-specific products, 20 targeted hardware appliances typically located at the network edge, such as VPNs, security gateways, and firewalls. Notable targets last year included Ivanti Cloud Services Appliance, Palo Alto Networks’ PAN-OS, Cisco Adaptive Security Appliance, and Ivanti Connect Secure VPN.Targeted attacks against…
-
Earth Kurma APT Targets Southeast Asia with Stealthy Cyberespionage
by
in SecurityNewsIn a newly released report, Trend Research has unveiled the operations of an advanced persistent threat (APT) group, First seen on securityonline.info Jump to article: securityonline.info/earth-kurma-apt-targets-southeast-asia-with-stealthy-cyberespionage/
-
Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia
by
in SecurityNews
Tags: apt, business, cloud, credentials, data, data-breach, espionage, government, malware, risk, theft, threatEarth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia. Trend Research exposed the Earth Kurma APT campaign targeting Southeast Asia’s government and telecom sectors. Threat actors use custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration, posing a high business risk with advanced evasion…
-
Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia
by
in SecurityNews
Tags: apt, business, cloud, credentials, data, data-breach, espionage, government, malware, risk, theft, threatEarth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia. Trend Research exposed the Earth Kurma APT campaign targeting Southeast Asia’s government and telecom sectors. Threat actors use custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration, posing a high business risk with advanced evasion…
-
Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia
by
in SecurityNews
Tags: apt, business, cloud, credentials, data, data-breach, espionage, government, malware, risk, theft, threatEarth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia. Trend Research exposed the Earth Kurma APT campaign targeting Southeast Asia’s government and telecom sectors. Threat actors use custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration, posing a high business risk with advanced evasion…
-
19 APT Hackers Target Asia-based Company Servers Using Exploited Vulnerabilities and Spear Phishing Email
by
in SecurityNews
Tags: apt, attack, cyber, email, espionage, exploit, government, hacker, infrastructure, phishing, spear-phishing, threat, vulnerabilityThe NSFOCUS Fuying Laboratory’s global threat hunting system identified 19 sophisticated Advanced Persistent Threat (APT) attack campaigns, predominantly targeting regions across South Asia, East Asia, Eastern Europe, and South America. These incursions highlighted a continuation of targeted cyber espionage and sabotage activities, primarily focusing on government agencies, critical infrastructure, and prominent industry sectors through a…
-
NSFOCUS APT Monthly Briefing March 2025
Regional APT Threat Situation Overview In March 2025, the global threat hunting system of NSFOCUS Fuying Laboratory discovered a total of 19 APT attack activities. These activities were mainly distributed in South Asia, East Asia, Eastern Europe, and South America, as shown in the following figure. In terms of group activity, the most active APT…The…
-
Darcula phishing toolkit gets AI boost, democratizing cybercrime
by
in SecurityNews
Tags: ai, apt, attack, automation, awareness, china, credentials, cybercrime, defense, detection, endpoint, finance, google, government, group, infrastructure, malicious, network, phishing, resilience, risk, service, skills, smishing, threat, tool, training, updateAI creates push-button phishing attacks: With the latest update to the “darcula-suite” toolkit, users can now generate phishing pages using generative AI that mimics websites with near-perfect accuracy, and in any language.”Users provide a URL of a legitimate brand or service, and the tool automatically visits that website, downloads all of its assets, and renders…
-
Operation SyncHole: Lazarus APT targets supply chains in South Korea
by
in SecurityNewsThe North Korea-linked Lazarus Group targeted at least six firms in South Korea in a cyber espionage campaign called Operation SyncHole. Kaspersky researchers reported that the North Korea-linked APT group Lazarus targeted at least six firms in South Korea in a cyber espionage campaign tracked as Operation SyncHole. The campaign has been active since at…
-
Lazarus APT Targets Organizations by Exploiting One-Day Vulnerabilities
by
in SecurityNewsA recent cyber espionage campaign by the notorious Lazarus Advanced Persistent Threat (APT) group, tracked as >>Operation SyncHole,
-
Chinese APT Mustang Panda Debuts 4 New Attack Tools
The notorious nation-state-backed threat actor has added two new keyloggers, a lateral movement tool, and an endpoint detection and response (EDR) evasion driver to its arsenal. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/chinese-apt-mustang-panda-4-attack-tools
-
IronHusky APT Resurfaces with Evolved MysterySnail RAT
by
in SecurityNewsIn a newly released report, Kaspersky’s Global Research and Analysis Team (GReAT) has revealed the resurgence of IronHusky, First seen on securityonline.info Jump to article: securityonline.info/ironhusky-apt-resurfaces-with-evolved-mysterysnail-rat/
-
China-linked APT Mustang Panda upgrades tools in its arsenal
China-linked APT group Mustang Panda deployed a new custom backdoor, MQsTTang, in recent attacks targeting Europe, Asia, and Australia. China-linked APT group Mustang Panda (aka Camaro Dragon, RedDelta or Bronze President). deployed a new custom backdoor, tracked as MQsTTang, in recent attacks targeting entities in Europe, Asia, and Australia. Mustang Panda has been active since…
-
Bösartige Kampagne der APT-Gruppe UNC5174 kombiniert Snowlight und VShell
by
in SecurityNewsDas Threat-Research-Team (TRT) von Sysdig hat eine laufende Kampagne der chinesischen APT-Gruppe UNC5174 aufgedeckt, die auf Linux-basierte Systeme in westlichen Ländern und im asiatisch-pazifischen Raum abzielt. Die Angreifer kombinieren dabei die bereits bekannte Snowlight-Malware mit dem Remote-Access-Trojaner (RAT) VShell, einem Open-Source-Tool, das als besonders schwer detektierbar gilt. Die initiale Infektion erfolgt über ein Bash-Skript, das…
-
Prophylactic Cybersecurity for Healthcare
by
in SecurityNewsHow to Be Proactive in a Reactive World In healthcare, preventative medicine is always more effective, less costly, and has better outcomes than waiting until after a serious heart incident occurs. It’s an apt analogy for cybersecurity as well. Prophylactic (preventative) care in cybersecurity yields far better outcomes than constantly scrambling to respond to critical……
-
China-Nexus APT Exploits Ivanti Connect Secure VPN in Global Cyber Espionage Campaign
A recent report by TeamT5 has uncovered a widespread cyber espionage campaign targeting Ivanti Connect Secure VPN appliances. First seen on securityonline.info Jump to article: securityonline.info/china-nexus-apt-exploits-ivanti-connect-secure-vpn-in-global-cyber-espionage-campaign/
-
Advanced device code phishing leveraged by Russian APT
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/advanced-device-code-phishing-leveraged-by-russian-apt
-
Chinese APTs Exploit EDR ‘Visibility Gap’ for Cyber Espionage
by
in SecurityNewsBlind spots in network visibility, including in firewalls, IoT devices, and the cloud, are being exploited by Chinese state-backed threat actors with increasing success, according to new threat intelligence. Here’s how experts say you can get eyes on it all. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-apt-exploit-edr-visibility-gap-cyber-espionage
-
Chinese APT Group Targets Ivanti VPN Vulnerabilities to Breach Networks
by
in SecurityNews
Tags: apt, attack, breach, china, cyber, cybersecurity, data-breach, group, ivanti, network, threat, vpn, vulnerabilityIn a concerning report from cybersecurity firm TeamT5, it has been revealed that a Chinese Advanced Persistent Threat (APT) group leveraged critical vulnerabilities in Ivanti Connect Secure VPN appliances to launch a global cyberattack. The breach affected nearly 20 industries across 12 countries, leaving networks exposed and under persistent threat. Global Victimology The widespread attack…
-
Brass Typhoon: The Chinese Hacking Group Lurking in the Shadows
Though less well-known than groups like Volt Typhoon and Salt Typhoon, Brass Typhoon, or APT 41, is an infamous, longtime espionage actor that foreshadowed recent telecom hacks. First seen on wired.com Jump to article: www.wired.com/story/brass-typhoon-china-cyberspies/
-
GOFFEE APT: New PowerModul Implant and Tactics Target Russian Organizations
by
in SecurityNewsThe APT group GOFFEE has resurfaced with a revamped arsenal, launching targeted cyberattacks across Russia’s strategic sectors. According First seen on securityonline.info Jump to article: securityonline.info/goffee-apt-new-powermodul-implant-and-tactics-target-russian-organizations/
-
Russian Shuckworm APT is back with updated GammaSteel malware
by
in SecurityNewsfiles.lnk, launched from an external drive. This was recorded under the UserAssist key in the Registry, which stores a record of files, links, applications, and objects accessed by the current user through Windows Explorer.After that file was executed, it launched mshta.exe, a Windows binary that can be used to execute VBScript and JScript locally on…
-
An APT group exploited ESET flaw to execute malware
by
in SecurityNewsAt least one APT group has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security measures. Kaspersky researchers reported that an APT group, tracked as ToddyCat, has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security. The vulnerability, tracked as CVE-2024-11859, is a DLL Search Order Hijacking issue that potentially allow…
-
Ihr werdet den Tag nie vergessen, an dem ihr FamousSparrow geschnappt habt
by
in SecurityNewsESET Forscher decken Werkzeuge der APT-Gruppe FamousSparrow auf. Darunter sind zwei nicht dokumentierte Versionen der von der Gruppe entwickelten Backdoor “SparrowDoor”. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/ihr-werdet-den-tag-nie-vergessen-an-dem-ihr-famoussparrow-geschnappt-habt/
-
Russian APT Hackers Use Device Code Phishing Technique to Bypass MFA
by
in SecurityNews
Tags: apt, authentication, cyber, exploit, government, group, hacker, intelligence, mfa, microsoft, phishing, russia, threatRussian state-backed advanced persistent threat (APT) group Storm-2372 has exploited device code phishing to bypass multi-factor authentication (MFA) and infiltrate high-value targets across governments, NGOs, and critical industries. Since August 2024, this group has weaponized the OAuth device authorization flow”, a legitimate authentication mechanism”, to hijack user sessions and exfiltrate sensitive data. Microsoft Threat Intelligence…
-
SideCopy APT Hackers Impersonate Government Officials to Deploy Open-Source XenoRAT Tool
by
in SecurityNewsThe Pakistan-linked Advanced Persistent Threat (APT) group known as SideCopy has significantly expanded its targeting scope since late December 2024. Initially, the group focused on infiltrating India’s government, defense, maritime sectors, and university students. Recent developments indicate an inclusion of crucial sectors like railways, oil & gas, and external affairs ministries into their cyber activities.…