Tag: apt
-
North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors
North Korea-linked APT Konni posed as counselors to steal data and wipe Android phones via Google Find Hub in Sept 2025. Genians Security Center researchers warn that the North Korea-linked Konni APT group (aka Kimsuky, Earth Imp, TA406, Thallium, Vedalia, and Velvet Chollima) posed as counselors to hack Android and Windows, stealing data and wiping phones…
-
Ferocious Kitten APT Uses MarkiRAT for Keystroke and Clipboard Surveillance
Ferocious Kitten, a covert cyber-espionage group active since at least 2015, has emerged as a persistent threat to Persian-speaking dissidents and activists within Iran. The group, known for its careful targeting and evolving tactics, deploys its custom implant >>MarkiRAT
-
Ferocious Kitten APT Uses MarkiRAT for Keystroke and Clipboard Surveillance
Ferocious Kitten, a covert cyber-espionage group active since at least 2015, has emerged as a persistent threat to Persian-speaking dissidents and activists within Iran. The group, known for its careful targeting and evolving tactics, deploys its custom implant >>MarkiRAT
-
North Korea’s KONNI APT Hijacks Google Find Hub to Remotely Wipe and Track South Korean Android Devices
The post North Korea’s KONNI APT Hijacks Google Find Hub to Remotely Wipe and Track South Korean Android Devices appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-koreas-konni-apt-hijacks-google-find-hub-to-remotely-wipe-and-track-south-korean-android-devices/
-
Crypto-less Crypto Investment Scams: A California Case
Tags: access, apt, blockchain, breach, business, china, communications, control, crime, crypto, cybercrime, data, email, finance, group, intelligence, international, jobs, network, office, organized, scam, theft, tool, usaMy readers will know by now that I am addicted to PACER – the Public Access to Court Electronic Records. When I see headlines like this one, I am compelled to dive in and read every publicly released document related to the case. USAO Central California The headline last month was that Shengsheng He, a…
-
Crypto-less Crypto Investment Scams: A California Case
Tags: access, apt, blockchain, breach, business, china, communications, control, crime, crypto, cybercrime, data, email, finance, group, intelligence, international, jobs, network, office, organized, scam, theft, tool, usaMy readers will know by now that I am addicted to PACER – the Public Access to Court Electronic Records. When I see headlines like this one, I am compelled to dive in and read every publicly released document related to the case. USAO Central California The headline last month was that Shengsheng He, a…
-
APT Groups Target Construction Firms to Steal RDP, SSH, and Citrix Credentials
Tags: apt, china, citrix, credentials, cyber, cybercrime, group, iran, korea, network, north-korea, organized, ransomware, russia, threatThe construction industry has emerged as a primary target for sophisticated cyber adversaries in 2025, with threat actors including state-sponsored APT groups, ransomware operators, and organized cybercriminal networks actively targeting organizations across the building and construction sector. Nation-state actors from China, Russia, Iran, and North Korea are leveraging the industry’s rapid digital transformation and security…
-
APT Groups Target Construction Firms to Steal RDP, SSH, and Citrix Credentials
Tags: apt, china, citrix, credentials, cyber, cybercrime, group, iran, korea, network, north-korea, organized, ransomware, russia, threatThe construction industry has emerged as a primary target for sophisticated cyber adversaries in 2025, with threat actors including state-sponsored APT groups, ransomware operators, and organized cybercriminal networks actively targeting organizations across the building and construction sector. Nation-state actors from China, Russia, Iran, and North Korea are leveraging the industry’s rapid digital transformation and security…
-
China APT Infiltrates US Policy Nonprofit in Months-Long Espionage Campaign Using DLL Sideloading
The post China APT Infiltrates US Policy Nonprofit in Months-Long Espionage Campaign Using DLL Sideloading appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/china-apt-infiltrates-us-policy-nonprofit-in-months-long-espionage-campaign-using-dll-sideloading/
-
China-linked hackers target U.S. non-profit in long-term espionage campaign
A China-linked group targeted a U.S. non-profit to gain long-term access, part of wider attacks on U.S. entities tied to policy matters. China-linked hackers breached a U.S. policy-focused nonprofit in April 2025, maintaining weeks of access. They used DLL sideloading via vetysafe.exe, a tactic used by other Chinese APT groups like Space Pirates, Kelp, and…
-
ESET APT Activity Report Q2 2025-Q3 2025
Tags: aptESET gibt einen Überblick über die Aktivitäten ausgewählter APT-Gruppen im 2. und 3. Quartal 2025 First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/eset-apt-activity-report-q22025-q32025/
-
Russian APT abuses Windows Hyper-V for persistence and malware execution
Tags: apt, attack, authentication, cctv, defense, group, infrastructure, malware, password, powershell, russia, threat, tool, windowsOther malware tools: The researchers also found additional malware payloads left by the attackers on systems, including a custom PowerShell script used to inject a Kerberos ticket into LSASS to enable authentication and command execution on remote systems.Another PowerShell script was pushed to multiple systems via domain Group Policy to change the password of an…
-
Russia-linked APT InedibleOchotense impersonates ESET to deploy backdoor on Ukrainian systems
Russia-linked group InedibleOchotense used fake ESET installers in phishing attacks on Ukrainian targets in May 2025. Russia-linked group InedibleOchotense used trojanized ESET installers in phishing attacks against Ukrainian entities detected in May 2025. The campaign used emails and Signal messages to deliver trojanized ESET installers that installed both legitimate software and the Kalambur backdoor. >>Another…
-
Russia-linked APT InedibleOchotense impersonates ESET to deploy backdoor on Ukrainian systems
Russia-linked group InedibleOchotense used fake ESET installers in phishing attacks on Ukrainian targets in May 2025. Russia-linked group InedibleOchotense used trojanized ESET installers in phishing attacks against Ukrainian entities detected in May 2025. The campaign used emails and Signal messages to deliver trojanized ESET installers that installed both legitimate software and the Kalambur backdoor. >>Another…
-
Sandworm Hackers Target Ukrainian Organizations With Data-Wiping Malware
Russia-aligned threat actor Sandworm has intensified its destructive cyber operations against Ukrainian organizations, deploying data wiper malware to cripple critical infrastructure and weaken the nation’s economy. Unlike other Russia-aligned advanced persistent threat groups that primarily engage in cyberespionage activities, Sandworm’s operations are characterized by their explicitly destructive intent. According to the latest ESET APT Activity…
-
Russia-linked hackers intensify attacks as global APT activity shifts
State-aligned hacking groups have spent the past six months ramping up espionage, sabotage, and cybercrime campaigns across multiple regions, according to ESET’s APT Activity … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/06/global-apt-activity-report-2025/
-
Russia-linked hackers intensify attacks as global APT activity shifts
State-aligned hacking groups have spent the past six months ramping up espionage, sabotage, and cybercrime campaigns across multiple regions, according to ESET’s APT Activity … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/06/global-apt-activity-report-2025/
-
New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage
The post New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/new-iranian-linked-apt-unk_smudgedserpent-uses-rmm-tools-and-m365-spoofing-for-espionage/
-
Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM
The post Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/curly-comrades-apt-bypasses-edr-by-hiding-linux-backdoor-inside-covert-hyper-v-vm/
-
New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage
The post New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/new-iranian-linked-apt-unk_smudgedserpent-uses-rmm-tools-and-m365-spoofing-for-espionage/
-
APT60 Targets Japan: New SpyGlace Malware Uses VHDX LNK and GitHub Tasking for Persistent Espionage
The post APT-C-60 Targets Japan: New SpyGlace Malware Uses VHDX LNK and GitHub Tasking for Persistent Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/apt-c-60-targets-japan-new-spyglace-malware-uses-vhdx-lnk-and-github-tasking-for-persistent-espionage/
-
Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM
The post Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/curly-comrades-apt-bypasses-edr-by-hiding-linux-backdoor-inside-covert-hyper-v-vm/
-
APT ‘Bronze Butler’ Exploits Zero-Day to Root Japan Orgs
A critical security issue in a popular endpoint manager (CVE-2025-61932) allowed Chinese state-sponsored attackers to backdoor Japanese businesses. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/bronze-butler-apt-exploits-zero-day-vuln-root-japan
-
Iran’s Elusive SmudgedSerpent’ APT Phishes Influential US Policy Wonks
Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-apt-phishes-us-policy-wonks
-
Iran’s Elusive SmudgedSerpent’ APT Phishes Influential US Policy Wonks
Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-apt-phishes-us-policy-wonks
-
APT60 Campaign: Malicious VHDX Hosted on Google Drive Lures Job Applicants
JPCERT/CC has issued an urgent warning about ongoing attacks by the advanced persistent threat group APT-C-60, which continues to target recruitment professionals in Japan through sophisticated spear-phishing campaigns. The attack campaign specifically impersonates job seekers contacting recruitment staff, exploiting the natural workflow of human resources professionals who regularly review candidate submissions. Between June and August…
-
APT60 Campaign: Malicious VHDX Hosted on Google Drive Lures Job Applicants
JPCERT/CC has issued an urgent warning about ongoing attacks by the advanced persistent threat group APT-C-60, which continues to target recruitment professionals in Japan through sophisticated spear-phishing campaigns. The attack campaign specifically impersonates job seekers contacting recruitment staff, exploiting the natural workflow of human resources professionals who regularly review candidate submissions. Between June and August…
-
Elusive Iranian APT Phishes Influential US Policy Wonks
Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-apt-phishes-us-policy-wonks