Tag: apt
-
Chinese Cyber Operations Shift From APT Groups to Composite Responsibility Model
Chinese state-linked cyber activity has moved decisively away from the neat, single-actor narratives that dominated early attribution toward an ecosystem model in which responsibility is distributed across military units, intelligence services, private firms, and criminal-style intermediaries. Official advisories characterized some companies as providers of cyber-related products and services to Chinese intelligence; the UK’s NCSC said…
-
APT-Report: Russische Cyberangriffe auf Ukraine eskalieren weiter
Der Bericht ‘Nation-Aligned APTs in 2025″ von TrendAI, dem Cybersecurity-Bereich von Trend Micro, zeichnet ein deutlich verschärftes Bild der globalen Bedrohungslage. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/apt-russische-cyberangriffe-ukraine
-
Sednit ist wieder da
Tags: aptWie eine der berüchtigtsten APT-Gruppen Russlands wieder auflebt First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/sednit-ist-wieder-da/
-
Ghostwriter APT Uses Fake Gmail Login Panels to Steal Passwords and 2FA Codes
Ghostwriter (UNC1151) has escalated its long-standing phishing operations by deploying convincing fake Gmail login panels that harvest both passwords and two-factor authentication (2FA) codes, CERT Polska reports. The group historically focused on Polish email providers such as Onet, Wirtualna Polska and Interia shifted in March 2026 to high-volume Gmail-targeted campaigns. Attackers send professionally worded Polish-language…
-
OceanLotus: Von der Spionage im Ausland bis hin zu Angriffen im Inland
Tags: aptMit Vietnam verbündete APT-Gruppe verändert ihren modus operandi signifikant. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/oceanlotus-von-der-spionage-im-ausland-bis-hin-zu-angriffen-im-inland/
-
OceanLotus Targets Stock Investors in FireAnt MetaKit Supply-Chain Hack
OceanLotus APT has executed a precision supply”‘chain operation that implanted its SPECTRALVIPER backdoor into FireAnt MetaKit, a popular Vietnamese market”‘data component. Telemetry collected from mid”‘2024 through early 2026 shows OceanLotus (aka APT32) conducting two distinct campaigns: a long”‘running espionage intrusion against a Vietnamese infrastructure and transport construction company, and a targeted supply”‘chain compromise of FireAnt…
-
OceanLotus Targets Stock Investors in FireAnt MetaKit Supply-Chain Hack
OceanLotus APT has executed a precision supply”‘chain operation that implanted its SPECTRALVIPER backdoor into FireAnt MetaKit, a popular Vietnamese market”‘data component. Telemetry collected from mid”‘2024 through early 2026 shows OceanLotus (aka APT32) conducting two distinct campaigns: a long”‘running espionage intrusion against a Vietnamese infrastructure and transport construction company, and a targeted supply”‘chain compromise of FireAnt…
-
OceanLotus Targets Stock Investors in FireAnt MetaKit Supply-Chain Hack
OceanLotus APT has executed a precision supply”‘chain operation that implanted its SPECTRALVIPER backdoor into FireAnt MetaKit, a popular Vietnamese market”‘data component. Telemetry collected from mid”‘2024 through early 2026 shows OceanLotus (aka APT32) conducting two distinct campaigns: a long”‘running espionage intrusion against a Vietnamese infrastructure and transport construction company, and a targeted supply”‘chain compromise of FireAnt…
-
Chinese APTs have made identity part of the intrusion path
First seen on scworld.com Jump to article: www.scworld.com/perspective/chinese-apts-have-made-identity-part-of-the-intrusion-path
-
Chinese APT deploys new malware to keep access to hacked networks
A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-apt-deploys-new-malware-to-keep-access-to-hacked-networks/
-
Chinese APT VerdantBamboo Targets Appliances with BRICKSTORM Malware
BRICKSTORM is a modular remote access trojan (RAT) originally seen in Golang and later in Rust. It uses a wssoft library with pluggable “tasks” for shell commands, a Socks5 proxy, and a simple web server for file listing. An incident response engagement that began after suspicious network traffic was observed from a Linux-based virtual machine…
-
North Korean APT Targets macOS to Steal Crypto Wallets and SSH Keys
A newly uncovered macOS intrusion campaign attributed to the North Korean state-sponsored threat group Sapphire Sleet, also known as BlueNoroff or UNC1069, is targeting high-value organizations in the financial and cryptocurrency sectors. The operation focuses on venture capital firms, Web3 developers, and crypto platforms, highlighting a continued shift in North Korean cyber operations toward financially…
-
Mustang Panda Uses LNK, PowerShell Chain to Deploy PlugX RAT
Mustang Panda is using a fake “Browser Updater” and a multi”‘stage LNKPowerShell loader to sideload PlugX through a legitimate G DATA antivirus binary, ultimately beaconing over HTTPS to a hard”‘coded C2 while hiding configuration and strings behind layered encryption and API hashing. Mustang Panda is a China”‘nexus APT group, long associated with PlugX remote access…
-
ESET APT Activity Report Q4 2025Q1 2026
Tags: aptEin Überblick über die Aktivitäten ausgewählter APT-Gruppen, die von ESET Research im vierten Quartal 2025 und im ersten Quartal 2026 untersucht und analysiert wurden First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/eset-apt-activity-report-q4-2025q1-2026/
-
China-nahe APT-Gruppe Webworm nimmt europäische Behörden ins Visier – EchoCreep und GraphWorm verstecken Angriffsbefehle in Cloud-Diensten
First seen on security-insider.de Jump to article: www.security-insider.de/webworm-echocreep-graphworm-backdoor-discord-graph-api-europa-a-8bd6e43eba9a87a50c79849b64e1b607/
-
Lazarus APT unveils fileless remote access Trojan designed to evade detection
North Korea-linked Lazarus APT Group is using a stealthy memory-only RAT that leaves almost no forensic traces behind. North Korea-linked APT group Lazarus has never been shy about its ambitions, the threat actor has been tied to some of the most audacious financial heists in recent memory, draining hundreds of millions from cryptocurrency exchanges and…
-
APT Group Patches termsrv.dll to Enable Multiple RDP Sessions
A sustained cyber espionage campaign attributed to the Cloud Atlas advanced persistent threat (APT) group has introduced a stealthy technique that modifies the Windows termsrv.dll library to enable multiple Remote Desktop Protocol (RDP) sessions on compromised systems. Observed throughout 2025 and continuing into 2026, the activity primarily targets government and commercial entities in Russia and…
-
Iranian APT Uses SEO Poisoning to Spread Fake SQL Developer Malware
A newly observed cyber campaign linked to the Iranian IRGC-affiliated threat group Nimbus Manticore (also tracked as UNC1549) highlights an evolution in both delivery tactics and malware sophistication. The activity, uncovered during the ongoing geopolitical conflict tied to Operation Epic Fury launched on February 28, 2026, shows the group adopting SEO poisoning malware for the…
-
Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets
Ghostwriter targeted Ukrainian government agencies with phishing emails delivering malware and Cobalt Strike payloads. The Belarus-nexus APT group Ghostwriter (also tracked as UAC-0057 and UNC1151) has resurfaced with a new phishing campaign targeting Ukrainian government organizations. This time the lure is Prometheus, a legitimate Ukrainian online learning platform that many government employees actually use. Using…
-
Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
Showboat doesn’t show off, but clearly it doesn’t need to, as it’s long helped China spy on small market communications providers. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-apts-linux-backdoor-telco-attacks
-
Webworm APT targets European government organizations with new backdoors
ESET has released an analysis of the 2025 activity of Webworm, a China-aligned APT group tracked as Space Pirates and UAT-8302. Active since at least 2022, the group initially … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/20/webworm-apt-campaign-targets-europe/
-
China-Linked Webworm APT Evolves Tactics, Expands to European Targets
China-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage tactics, according to ESET research First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/webworm-apt-evolves-tactics/
-
Chinese APT FamousSparrow Weaponizes Evolved Deed RAT Against Azerbaijani Energy Infrastructure
The post Chinese APT FamousSparrow Weaponizes Evolved Deed RAT Against Azerbaijani Energy Infrastructure appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/famoussparrow-deed-rat-azerbaijan-energy-exchange-vulnerability/
-
Paper Werewolf APT Spreads EchoGather RAT via Fake Adobe Installer
A sophisticated Russian-language threat cluster known asPaper Werewolf(also tracked as GOFFEE) has launched a fresh wave of targeted cyberattacks against Russian industrial, financial, and transport organizations between March and April 2026. The attack begins with a phishing email carrying a PDF attachment. Embedded inside the PDF is a URL pointing to a ZIP archive named…
-
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution
Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection…
-
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution
Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection…
-
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution
Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection…
-
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution
Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection…
-
Ghostwriter group resumes attacks on Ukrainian Government targets
ESET uncovered new Ghostwriter (aka FrostyNeighbor) activity targeting Ukrainian government organizations in a campaign active since March 2026. ESET researchers published a new report documenting fresh activity attributed to the APT group FrostyNeighbor, aka Ghostwriter, active since at least March 2026, targeting Ukrainian governmental organizations. The campaign is similar to previous FrostyNeighbor’s campaigns. The threat…