Tag: apt
-
Pandas Galore: Chinese Hackers Boost Attacks in Latin America
Vixen Panda, Aquatic Panda, both Beijing-sponsored APTs and financially motivated criminal groups continued to pose the biggest threat to organizations in Central and South America last year, says CrowdStrike. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/pandas-galore-chinese-hackers-attacks-latin-america
-
New SideWinder APT attacks target South Asian ministries
First seen on scworld.com Jump to article: www.scworld.com/brief/new-sidewinder-apt-attacks-target-south-asian-ministries
-
Novel MarsSnake backdoor spread in Chinese APT attack
First seen on scworld.com Jump to article: www.scworld.com/brief/novel-marssnake-backdoor-spread-in-chinese-apt-attack
-
Dark Reading Confidential: The Day I Found an APT Group in the Most Unlikely Place
Dark Reading Confidential Episode 6: Threat hunters Ismael Valenzuela and Vitor Ventura share stories about the tricks they used to track down advanced persistent threat groups, and the surprises they discovered along the way. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/the-day-i-found-an-apt-group-in-the-most-unlikely-place
-
The Day I Found an APT Group In the Most Unlikely Place
Dark Reading Confidential Episode 6: Cyber researchers Ismael Valenzuela and Vitor Ventura share riveting stories about the creative tricks they used to track down advanced persistent threat groups, and the surprises they discovered along the way. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/the-day-i-found-an-apt-group-in-the-most-unlikely-place
-
SideWinder APT Hackers Exploits Legacy Office Vulnerabilities to Deploy Malware Undetected
Tags: apt, credentials, cyber, exploit, government, hacker, malware, microsoft, military, office, threat, vulnerabilityThe Acronis Threat Research Unit (TRU) has revealed an advanced campaign believed to be orchestrated by the SideWinder advanced persistent threat (APT) group. This operation, running through early 2025, has primarily targeted high-value government and military institutions across Sri Lanka, Bangladesh, and Pakistan, exploiting unpatched legacy Microsoft Office vulnerabilities to deploy credential-stealing malware while evading…
-
APT-Gruppen nehmen kritische Infrastrukturen ins Visier
Im Zeitraum von Oktober 2024 bis März 2025 haben internationale Hackergruppen ihre Aktivitäten deutlich intensiviert. Besonders im Fokus: die kritische Infrastruktur europäischer Staaten, allen voran in der Ukraine. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/apt-gruppen-kritische-infrastruktur
-
Nation-state APTs ramp up attacks on Ukraine and the EU
Russian APT groups intensified attacks against Ukraine and the EU, exploiting zero-day vulnerabilities and deploying wipers, according to ESET. Ukraine faces rising cyber … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/21/apt-groups-attacks-eu-ukraine/
-
Asia Produces More APT Actors, As Focus Expands Globally
China and North Korea-aligned groups account for more than half of global attacks, and an increasing number of countries look to cyber to balance power in the region. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/asia-apt-actors-focus-expands-globally
-
Europe subjected to mounting Chinese APT intrusions
First seen on scworld.com Jump to article: www.scworld.com/brief/europe-subjected-to-mounting-chinese-apt-intrusions
-
Kimsuky APT Group Deploys PowerShell Payloads to Deliver XWorm RAT
Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by the notorious Kimsuky Advanced Persistent Threat (APT) group, deploying intricately crafted PowerShell payloads to deliver the XWorm Remote Access Trojan (RAT). This operation showcases the group’s advanced tactics, leveraging encoded scripts and multi-stage attack chains to infiltrate systems, bypass traditional security mechanisms, and establish covert…
-
Russian APT Groups Intensify Attacks in Europe with Zero-Day Exploits and Wipers
Researchers at ESET observed strengthened cyber-offensive activity from Russian groups, especially against Ukrainian and European entities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/russian-apt-intensify-cyber/
-
China-linked UnsolicitedBooker APT used new backdoor MarsSnake in recent attacks
China-linked UnsolicitedBooker used a new backdoor, MarsSnake, to target an international organization in Saudi Arabia. ESET researchers revealed that a China-linked APT, tracked as UnsolicitedBooker, targeted an international organization in Saudi Arabia using a new backdoor called MarsSnake. The experts uncovered the attacks in March 2023 and again in 2024, noting that the group used…
-
South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware
High-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder.”The attackers used spear phishing emails paired with geofenced payloads to ensure that only victims in specific countries received the malicious content,” Acronis researchers Santiago Pontiroli, Jozsef Gegeny, and Prakas…
-
Chinese APT Hackers Target Organizations Using Korplug Loaders and Malicious USB Drives
Advanced persistent threat (APT) groups with ties to China have become persistent players in the cyber espionage landscape, with a special emphasis on European governmental and industrial entities, according to a thorough disclosure from ESET’s APT Activity Report for Q4 2024 to Q1 2025. The report, covering activities from October 2024 to March 2025, highlights…
-
âš¡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More
Cybersecurity leaders aren’t just dealing with attacks”, they’re also protecting trust, keeping systems running, and maintaining their organization’s reputation. This week’s developments highlight a bigger issue: as we rely more on digital tools, hidden weaknesses can quietly grow. Just fixing problems isn’t enough anymore”, resilience needs to be built into everything from the ground up.…
-
BSI-Liste 2025: SECUINFRA ist qualifizierter APT-Response Dienstleister
Die SECUINFRA GmbH hat sich nach einem aufwendigen Prüfverfahren durch das Bundesamt für Sicherheit in der Informationstechnik (BSI) als Dienstleister für APT-Response qualifiziert [1]. Das Berliner Cybersecurity-Unternehmen erfüllt demnach die fachlichen und organisatorischen Anforderungen, um bei der Bekämpfung gezielter und komplexer Cyberangriffe sogenannter Advanced Persistent Threats (APTs) als vertrauenswürdiger Partner eingesetzt zu werden…. First seen…
-
SECUINFRA wird vom BSI als qualifizierter APT-Response Dienstleister anerkannt
Die BSI-Liste richtet sich insbesondere an Betreiber Kritischer Infrastrukturen also z.”¯B. Energieversorger, Krankenhäuser oder Verkehrsunternehmen die im Ernstfall schnell auf vertrauenswürdige Unterstützung angewiesen sind. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/secuinfra-wird-vom-bsi-als-qualifizierter-apt-response-dienstleister-anerkannt/a40827/
-
APT Group 123 Targets Windows Systems in Ongoing Malicious Payload Campaign
Group123, a North Korean state-sponsored Advanced Persistent Threat (APT) group also known by aliases such as APT37, Reaper, and ScarCruft, continues to target Windows-based systems across multiple regions. Active since at least 2012, the group has historically focused on South Korea but has broadened its operations since 2017 to include Japan, Vietnam, the Middle East,…
-
Turkish APT Exploits Chat App Zero-Day to Spy on Iraqi Kurds
Even after their zero-day turned into an n-day, attackers known as Marbled Dust or Sea Turtle continued to spy on military targets that had failed to patch Output Messenger. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/turkish-apt-exploits-chat-app-zero-day-spy-iraqi-kurds
-
Inside Turla’s Uroboros Infrastructure and Tactics Revealed
In a nation-state cyber espionage, a recent static analysis of the Uroboros rootkit, attributed to the infamous APT group Turla, uncovers a chilling display of sophistication and mastery over Windows kernel internals. With the sample identified by the MD5 hash ed785bbd156b61553aaf78b6f71fb37b, this malware-first linked to Turla around 2014-2015-stands as a testament to the group’s elite…
-
Earth Ammit Hackers Deploy New Tools to Target Military Drones
The threat actor group known as Earth Ammit, believed to be associated with Chinese-speaking APTs, has emerged as a significant concern for military and industrial sectors in Eastern Asia. This group orchestrated two distinct campaigns-VENOM and TIDRONE-primarily targeting Taiwan and South Korea. Their focus on supply chain infiltration, particularly within the drone and military industries,…
-
Swan Vector Espionage Targets Japan Taiwan with Advanced Malware
The Seqrite Labs APT-Team has uncovered a complex cyber-espionage operation dubbed Swan Vector, targeting educational institutions and the First seen on securityonline.info Jump to article: securityonline.info/swan-vector-espionage-targets-japan-taiwan-with-advanced-malware/
-
China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide
Tags: apt, breach, china, cve, exploit, flaw, infrastructure, remote-code-execution, sap, vulnerabilityA recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks.”Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE),” EclecticIQ researcher Arda Büyükkaya said in an analysis published today.Targets of the campaign First seen on thehackernews.com Jump to article:…
-
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-dayExecutive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
-
APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq
A Türkiye-linked group used an Output Messenger zero-day to spy on Kurdish military targets in Iraq, collecting user data since April 2024. Since April 2024, the threat actor Marbled Dust (aka Sea Turtle, Teal Kurma, Marbled Dust, SILICON and Cosmic Wolf) has exploited a zero-day flaw (CVE-2025-27920) in Output Messenger to target Kurdish military-linked users…
-
North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress
Tags: apt, government, group, intelligence, korea, malware, north-korea, phishing, russia, threat, ukraineThe North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor’s targeting beyond Russia.Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the “trajectory of the Russian invasion.””The group’s interest in Ukraine follows historical…
-
CyberUK 2025: Resilience and APT Threats Loom Large
Government Officials Sound ‘Wake Up’ Alarms. A rash of cyber incidents felt by British businesses add up to a wake-up call that cybersecurity is an absolute priority, top government officials warned during an annual conference hosted by the National Cyber Security Centre. The NCSC unveiled cyber resilience measures timed for the conference. First seen on…
-
Russia-linked ColdRiver used LostKeys malware in recent attacks
Tags: apt, attack, cyberespionage, espionage, google, government, group, intelligence, malware, russia, threatSince early 2025, Russia-linked ColdRiver has used LostKeys malware to steal files in espionage attacks on Western governments and organizations. Google’s Threat Intelligence Group discovered LOSTKEYS, a new malware used by Russia-linked APT COLDRIVER, in recent attacks to steal files and gather system info. TheColdRiverAPT (aka “Seaborgium”, “Callisto”, “Star Blizzard”,”TA446″) is a Russian cyberespionage group…