Tag: apt
-
BITTER APT Uses Signal, Google, and Zoom Lures to Spread ProSpy Spyware
BITTER APT spreads ProSpy and ToSpy via Signal, Google, and Zoom lures, targeting journalists through LinkedIn and iMessage spearphishing. First seen on hackread.com Jump to article: hackread.com/bitter-apt-signal-google-zoom-prospy-spyware/
-
Security Affairs newsletter Round 572 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S. GlassWorm evolves with…
-
Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.
Tags: apt, attack, automation, cisa, cyberattack, data-breach, exploit, infrastructure, Internet, iran, technology, threatCensys researchers found 5,219 exposed Rockwell PLCs online, mostly in the U.S., urging defenders to secure or disconnect them. On April 7, 2026, U.S. agencies, including FBI, CISA, and NSA, warned of Iran-linked APTs exploiting internet-exposed Rockwell Automation PLCs. Threat actors are carrying out cyberattacks targeting internet-connected operational technology (OT) across multiple critical infrastructure sectors.…
-
Iranian APT alert: 5,219 Rockwell PLCs exposed online
Censys has warned that more than 5,000 Rockwell Automation/Allen-Bradley PLCs are currently exposed to the internet as Iranian-affiliated APT actors actively target these devices across U.S. critical infrastructure. The same operators were previously associated with a November 2023 campaign that compromised at least 75 Unitronics PLCs in U.S. water and wastewater facilities, showing a continuing…
-
Middle East Espionage Attack Uses Fake Secure Messaging Apps to Deliver ProSpy
Hackers are impersonating popular secure messaging apps to deploy a sophisticated Android spyware tool called ProSpy against journalists, activists, and political figures across the Middle East, in a hack”‘for”‘hire campaign linked to the BITTER APT group. The campaign has been active since at least 2022. It primarily targets civil society members and potentially government officials in countries…
-
Russia’s ‘Fancy Bear’ APT Continues Its Global Onslaught
Victims don’t need to match the cybercrime group’s technical sophistication, experts say. But patching and some form of zero trust are now non-negotiable. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russias-fancy-bear-apt-continues-global-onslaught
-
Middle East HackHire Operation Traced to South Asian Cyber Espionage Group
A spear-phishing campaign which spread across the Middle East between 2023 and 2024 has now been linked to Bitter APT group First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/middle-east-hack-operation-bitter/
-
Iran”‘linked PLC attacks cause real”‘world disruption at critical US infra sites
Tags: access, advisory, apt, attack, automation, ciso, control, cyber, group, healthcare, infrastructure, iran, switch, threatA recurring Iranian playbook: The advisory linked the current campaign to a pattern of Iranian state-affiliated targeting of US industrial control systems. The authoring agencies have previously reported similar activity by CyberAv3ngers, affiliated with Iran’s Islamic Revolutionary Guard Corps Cyber Electronic Command, which compromised at least 75 Unitronics PLC devices across water, wastewater, and other…
-
NSFOCUS Monthly APT Insights February 2026
Regional APT Threat Situation In February 2026, the global threat hunting system of FUYING Lab detected a total of 21 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, and Central Asia, as shown in the figure below. Regarding the activity levels of different groups, the most active APT…The…
-
Chinesische APT nutzt CitrixDay – Salt Typhoon: Systematischer und verdeckter Angriff
First seen on security-insider.de Jump to article: www.security-insider.de/salt-typhoon-systematischer-und-verdeckter-angriff-a-ce0e527281b7bb9a75b4623a5d628bb0/
-
Cisco fixes critical IMC auth bypass present in many products
Tags: access, ai, api, apt, attack, authentication, cisco, computing, credentials, cybersecurity, dns, email, exploit, firewall, firmware, flaw, group, infrastructure, linux, malicious, monitoring, network, password, ransomware, risk, router, vulnerability, zero-day[ Related: More Cisco news and insights ] The Cisco IMC is a baseboard management controller (BMC), a dedicated controller embedded into server motherboards with its own RAM and network interface that gives administrators monitoring and management capabilities as if they were physically connected to the server with a keyboard, monitor, and mouse (KVM). Because BMCs run…
-
Google links Axios npm supply chain attack to North Korea-linked APT UNC1069
Google links the Axios npm supply chain attack to North Korean threat group UNC1069, targeting financial gain. Google has attributed the recent Axios npm supply chain compromise to a North Korean threat group tracked as UNC1069. The attack, aimed at financial gain, exploited the package to target developers and organizations relying on Axios. John Hultquist…
-
Operation »Epic Fury» und die digitale Reaktion
Die geopolitische Cyberlage in Europa hat sich seit dem 28. Februar 2026 grundlegend verschärft. Mit der militärischen »Epic Fury«- Operation gegen den Iran hat sich eine latente Bedrohung zu einem aktiven Cyberkonflikt entwickelt. Währenddessen positionieren sich chinesische APT-Gruppen unbemerkt in kritischen Infrastrukturen. Die Cybersecurity-Expertinnen und Experten von InfoGuard berichten in ihrem quartalsweisen Threat Report,… First…
-
Iran Deploys ‘Pseudo-Ransomware,’ Revives Pay2Key Operations
Iranian APTs are blurring the lines between state-sponsored and cybercriminal activities to target high-impact US organizations. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/iran-pseudo-ransomware-pay2key-operations
-
Dark Web Market Lists Alleged 375TB Lockheed Martin Data for $600M
A dark web market known as Threat Market is listing 375TB of Lockheed Martin data, which it claims was provided by a group calling itself ‘APT Iran.’ First seen on hackread.com Jump to article: hackread.com/dark-web-market-375tb-lockheed-martin-data/
-
Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave
Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. The attacks rely on malicious emails to compromise iPhones, highlighting a growing threat from…
-
Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave
Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. The attacks rely on malicious emails to compromise iPhones, highlighting a growing threat from…
-
China-linked Red Menshen APT deploys stealthy BPFDoor implants in telecom networks
China-linked Red Menshen APT group used stealthy BPFDoor implants in telecom networks to spy on government targets. Rapid7 Labs uncovered a China-linked threat group known as Red Menshen has been running a long-term espionage campaign by infiltrating telecom networks, mainly in the Middle East and Asia. Active since at least 2021, the group uses highly…
-
China Upgrades the Backdoor It Uses to Spy on Telcos Globally
Chinese APT Red Menshen’s super-advanced BPFdoor malware defeats traditional cybersecurity protections. All telcos can do, really, is try hunting it down. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/china-upgrades-backdoor-spy-telcos
-
Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks
Telecommunications providers around the world have been dealing with the burrowing efforts of the China-linked APTs for many years now. To help them identify hard-to-detect … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/26/telecom-bpfdoor-detection-script/
-
Silver Fox Tax Audit Phishing Campaign Shifts from RATs to Python Stealers
Tags: apt, backdoor, china, cyber, cybercrime, exploit, group, intelligence, monitoring, phishing, rat, threat, vulnerabilityThreat intelligence teams have tracked Silver Fox (also known as Void Arachne), a China-based intrusion set that sits at the intersection of financially motivated cybercrime and APT-style espionage. Originally associated with large-scale, profit-driven campaigns, the group has steadily adopted more advanced tradecraft, including modular backdoors, rootkits, and the exploitation of vulnerable drivers. TDR’s monitoring between…
-
The espionage reality: Your infrastructure is already in the collection path
Tags: access, apt, attack, authentication, breach, ciso, cloud, country, cyber, data, detection, espionage, exploit, governance, government, group, identity, infrastructure, injection, insurance, intelligence, network, risk, risk-assessment, service, spyware, theft, threat, toolCommercial spyware as an intelligence channel: Criminal operators deploying Predator, a spyware suite sold by the sanctioned Intellexa consortium, have been documented across more than a dozen countries. US sanctions haven’t slowed them down an iota. Their targets are not random: journalists, activists, politicians, human”‘rights defenders, government employees and contractors, and other high”‘value individuals. Why?…
-
The espionage reality: Your infrastructure is already in the collection path
Tags: access, apt, attack, authentication, breach, ciso, cloud, country, cyber, data, detection, espionage, exploit, governance, government, group, identity, infrastructure, injection, insurance, intelligence, network, risk, risk-assessment, service, spyware, theft, threat, toolCommercial spyware as an intelligence channel: Criminal operators deploying Predator, a spyware suite sold by the sanctioned Intellexa consortium, have been documented across more than a dozen countries. US sanctions haven’t slowed them down an iota. Their targets are not random: journalists, activists, politicians, human”‘rights defenders, government employees and contractors, and other high”‘value individuals. Why?…
-
Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376
Russian APT exploits a critical XSS flaw in Zimbra, tracked as CVE-2025-66376, running scripts via HTML emails to target users in Ukraine. Russia-linked threat actor exploits a high-severity XSS vulnerability, tracked as CVE-2025-66376 (CVSS score of 7.2), in Zimbra Collaboration. Attackers exploited insufficiently sanitized HTML emails to run scripts when opened, targeting users in Ukraine.…
-
Iran-Linked Botnet Exposed After Open Directory Leak Reveals 15-Node Relay Network
A misconfigured open directory on an Iranian server has exposed a live censorship-bypass relay and SSH-based botnet operation, revealing how a single actor stitched together a 15-node network across Iran and Finland using commodity tools and sloppy operational security. The discovery shows how financially or personally motivated actors can reuse tradecraft seen in Iranian APT…
-
APT-Gruppe Camaro Dragon schlägt in Katar zu
Aktuelle Erkenntnisse von Check Point Research zeigen, wie eng Cyberangriffe inzwischen mit geopolitischen Entwicklungen verknüpft sind. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/apt-camaro-dragon-in-katar
-
APT-Gruppe Camaro Dragon schlägt in Katar zu
Aktuelle Erkenntnisse von Check Point Research zeigen, wie eng Cyberangriffe inzwischen mit geopolitischen Entwicklungen verknüpft sind. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/apt-camaro-dragon-in-katar
-
APT-Gruppe Camaro Dragon schlägt in Katar zu
Aktuelle Erkenntnisse von Check Point Research zeigen, wie eng Cyberangriffe inzwischen mit geopolitischen Entwicklungen verknüpft sind. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/apt-camaro-dragon-in-katar