Tag: apt
-
China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors
China-linked APT Phantom Taurus targets government and telecom orgs with Net-Star malware for espionage, using unique tactics over two years. China-nexus APT Phantom Taurus has targeted government and telecom organizations for espionage, using Net-Star malware and distinct TTPs. Phantom Taurus is a previously undocumented Chinese APT, it has targeted entities in Africa, the Middle East,…
-
Chinese APT group Phantom Taurus targets gov and telecom organizations
mssq.bat that connects to an SQL database using the sa (system administrator) ID with a password previously obtained by the attackers. It then performs a dynamic search for specific keywords specified in the script, saving the results as a CSV file.”The threat actor used this method to search for documents of interest and information related…
-
Chinese APT Phantom Taurus Targeted MS Exchange Servers Over 3 Years
Cybersecurity researchers at Palo Alto Networks’ Unit 42 say Chinese APT Phantom Taurus breached Microsoft Exchange servers for years using a backdoor to spy on diplomats and defense data. First seen on hackread.com Jump to article: hackread.com/chinese-apt-phantom-taurus-ms-exchange-servers/
-
Patchwork APT: Leveraging PowerShell to Create Scheduled Tasks and Deploy Final Payload
Patchwork, the advanced persistent threat (APT) actor also known as Dropping Elephant, Monsoon, and Hangover Group, has been observed deploying a new PowerShell-based loader that abuses Windows Scheduled Tasks to execute its final payload. Active since at least 2015 and focused on political and military intelligence across South and Southeast Asia, Patchwork is renowned for…
-
New Chinese Nexus APT Group Targeting Organizations to Deploy NET-STAR Malware Suite
China-linked advanced persistent threat (APT) group Phantom Taurus has intensified espionage operations against government and telecommunications targets across Africa, the Middle East, and Asia, deploying a newly discovered .NET malware suite called NET-STAR. First tracked by Unit 42 in June 2023 as cluster CL-STA-0043 and temporarily designated TGR-STA-0043 (Operation Diplomatic Specter) in May 2024, the…
-
RedNovember: Chinese APT Expands Global Espionage to U.S. Defense, Aerospace, and Tech Firms
The post RedNovember: Chinese APT Expands Global Espionage to U.S. Defense, Aerospace, and Tech Firms appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/rednovember-chinese-apt-expands-global-espionage-to-u-s-defense-aerospace-and-tech-firms/
-
Iranian State Hackers Use SSL.com Certificates to Sign Malware
Security researchers say multiple threat groups, including Iran’s Charming Kitten APT offshoot Subtle Snail, are deploying malware with code-signing certificates from the Houston-based company. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/iranian-hackers-ssl-certificates-sign-malware
-
Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure
Cybersecurity company watchTowr Labs has disclosed that it has “credible evidence” of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a whole week before it was publicly disclosed.”This is not ‘just’ a CVSS 10.0 flaw in a solution long favored by…
-
Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure
Cybersecurity company watchTowr Labs has disclosed that it has “credible evidence” of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a whole week before it was publicly disclosed.”This is not ‘just’ a CVSS 10.0 flaw in a solution long favored by…
-
Chinese APT Drops ‘Brickstorm’ Backdoors on Edge Devices
The China-linked cyber-espionage group UNC5221 is compromising network appliances that cannot run traditional EDR agents to deploy new versions of the Brickstorm backdoor. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-apt-brickstorm-backdoors-edge-devices
-
Neue Aktivitäten der APT-Gruppe Nimbus Manticore in Europa
Check Point Software Technologies hat eine verstärkte Aktivität der iranischen APT-Gruppe Nimbus Manticore aufgedeckt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/apt-gruppe-nimbus-manticore-europa
-
Iranische APT-Gruppe Nimbus Manticore weitet Aktivitäten auf Europa aus
Check Point Software Technologies hat neue Aktivitäten der mit dem iranischen Staat verbundenen APT-Gruppe Nimbus Manticore aufgedeckt, die sich wiederum mit den Gruppen UNC1549 und Smoke-Sandstorm überschneidet. Der seit langer Zeit aktive Akteur, der sich bisher auf den Nahen Osten konzentriert hat, richtet sein Augenmerk nun auch auf Europa. Dort hat er kürzlich Kampagnen gegen…
-
Chinese APT Leans on Researcher PoCs to Spy on Other Countries
RedNovember is both lazy and punctual: always quick to do its homework on new vulnerabilities, but always getting the answers from cyber defenders. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-apt-oss-pocs-spy-countries
-
Chinese APT Leans on Researcher PoCs to Spy on Other Countries
RedNovember is both lazy and punctual: always quick to do its homework on new vulnerabilities, but always getting the answers from cyber defenders. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-apt-oss-pocs-spy-countries
-
Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs
The post Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/cisco-uncovers-new-plugx-backdoor-linked-to-chinese-apts/
-
Iranian APT >>Nimbus Manticore<< Intensifies Cyber Espionage in Europe
The post Iranian APT >>Nimbus Manticore
-
ESET uncovers GamaredonTurla collaboration in Ukraine cyberattacks
ESET found evidence that Russia-linked groups Gamaredon and Turla collaborated in cyberattacks on Ukraine between February and April 2025. ESET reported Russia-linked groups Gamaredon and Turla collaborated in cyberattacks against entities in Ukraine. The Russia-linked APT group Gamaredon (a.k.a. Shuckworm, Armageddon, Primitive Bear, ACTINIUM, Callisto) is known for targeting government, law enforcement, and defense organizations in Ukraine since 2013. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous…
-
Iranian State APT Blitzes Telcos & Satellite Companies
A Charming Kitten subgroup is performing some of the most bespoke cyberattacks ever witnessed in the wild, to down select high-value targets. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-state-apt-telcos-satellite-companies
-
Iranian State APT Blitzes Telcos & Satellite Companies
A Charming Kitten subgroup is performing some of the most bespoke cyberattacks ever witnessed in the wild, to down select high-value targets. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-state-apt-telcos-satellite-companies
-
MuddyWater APT Shifts Tactics to Custom Malware
The post MuddyWater APT Shifts Tactics to Custom Malware appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/muddywater-apt-shifts-tactics-to-custom-malware/
-
NSFOCUS Monthly APT Insights August 2025
Regional APT Threat Situation In August 2025, the global threat hunting system of Fuying Lab detected a total of 23 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, Eastern Europe, and West Asia, as shown in the following figure. Regarding the activity levels of different organizations, the most…The…
-
China-linked Mustang Panda deploys advanced SnakeDisk USB worm
China-linked APT group Mustang Panda has been spotted using a new USB worm called SnakeDisk along with a new version of known malware China-linked APT group Mustang Panda (aka Hive0154, Camaro Dragon, RedDelta or Bronze President) has been spotted using an updated version of the TONESHELL backdoor and a previously undocumented USB worm called SnakeDisk. Mustang Panda has been active since…
-
Hackers using generative AI “ChatGPT” to evade anti-virus defenses
The Kimsuky APT group has begun leveraging generative AI ChatGPT to craft deepfake South Korean military agency ID cards. Phishing lures deliver batch files and AutoIt scripts designed to evade anti-virus scanning through sophisticated obfuscation. Organizations must deploy endpoint detection and response (EDR) solutions to unmask hidden scripts and secure endpoints. On July 17, 2025,…
-
Sidewinder Hackers Exploit LNK Files to Deploy Malicious Scripts
In a striking evolution of its tactics, the Sidewinder advanced persistent threat (APT) group”, also known as APT-C-24 or “Rattlesnake””, has adopted a novel delivery mechanism leveraging Windows shortcut (LNK) files to orchestrate complex, multi-stage intrusions across South Asia. Active since at least 2012 and targeting governments, energy utilities, military installations, and mining operations in…
-
12 digital forensics certifications to accelerate your cyber career
Tags: access, apt, attack, browser, chrome, cloud, computer, corporate, cyber, cybercrime, cybersecurity, data, defense, detection, email, endpoint, exploit, google, government, group, hacker, hacking, Hardware, incident response, international, jobs, law, malicious, malware, microsoft, mobile, network, phone, service, skills, soc, technology, threat, tool, training, windowsCellebrite Certified Mobile Examiner (CCME)Certified Computer Examiner (CCE)CyberSecurity Forensic Analyst (CSFA)EC-Council Computer Hacking Forensic Investigator (CHFI)EnCase Certified Examiner (EnCE)Exterro AccessData Certified Examiner (ACE)GIAC Advanced Smartphone Forensics Certification (GASF)GIAC Certified Forensics Analyst (GCFA)GIAC Certified Forensic Examiner (GCFE)GIAC Cloud Forensic Responder (GCFR)GIAC Network Forensic Analysis (GNFA)Magnet Certified Forensics Examiner (MCFE) Cellebrite Certified Mobile Examiner (CCME) Out of…
-
EggStreme: New Fileless Malware from a Chinese APT Targets Philippine Military
The post EggStreme: New Fileless Malware from a Chinese APT Targets Philippine Military appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/eggstreme-new-fileless-malware-from-a-chinese-apt-targets-philippine-military/
-
Cyberattack on Kazakhstan’s Largest Oil Company Was ‘Simulation’
Researchers thought a Russian APT used a compromised employee email to attack Kazakhstan’s biggest oil company. The company later confirmed it was a pen test. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/russian-apt-kazakhstan-largest-oil-company
-
Chinese APT Actor Compromises Military Firm with Novel Fileless Malware Toolset
Bitdefender said the sophisticated multi-stage operation allowed attackers to maintain persistent access and steal sensitive data from a Philippines military company First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-apt-military-fileless/