Tag: apt
-
North Korean APT >>Contagious Interview<< Floods npm Registry with 338 Malicious Packages to Steal Crypto
The post North Korean APT >>Contagious Interview
-
North Korean APT >>Contagious Interview<< Floods npm Registry with 338 Malicious Packages to Steal Crypto
The post North Korean APT >>Contagious Interview
-
APT Hackers Abuse ChatGPT to Develop Advanced Malware and Phishing Campaigns
Tags: ai, apt, chatgpt, china, cyber, cyberattack, email, group, hacker, intelligence, malware, phishing, spear-phishing, threatSecurity researchers at Volexity have uncovered compelling evidence that China-aligned threat actors are leveraging artificial intelligence platforms like ChatGPT to enhance their sophisticated cyberattack capabilities. The group, tracked as UTA0388, has been conducting sophisticated spear phishing campaigns since June 2025, using AI assistance to develop malware and craft multilingual phishing emails targeting organizations across North…
-
APT Meets GPT: China-Aligned UTA0388 Used ChatGPT for Automated, Multilingual Spear-Phishing
The post APT Meets GPT: China-Aligned UTA0388 Used ChatGPT for Automated, Multilingual Spear-Phishing appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/apt-meets-gpt-china-aligned-uta0388-used-chatgpt-for-automated-multilingual-spear-phishing/
-
Open-source monitor turns into an off-the-shelf attack beacon
Tags: api, apt, attack, china, control, hacker, malware, monitoring, open-source, powershell, ransomware, rat, RedTeam, russia, software, threat, tool, windowsRiding Nezha to Ghost RAT: With the web shell in place, the attackers used AntSword to download two components: “live.exe” (the Nezha agent) and a “config.yml” that pointed to the attacker-controlled domain. The Nezha agent connected back to a management server whose dashboard was running in Russian, presumably to throw off attribution.Once Nezha was active,…
-
Cavalry Werewolf APT Targets Russian Organizations Using FoalShell and Telegram C2
Cavalry Werewolf, a Russian-focused advanced persistent threat (APT) cluster, has intensified its offensive operations by experimenting with new malware variants and leveraging Telegram-based command-and-control (C2). Security teams must prioritize real-time visibility into the tools employed by this group to maintain effective detection and prevention measures. Without timely insights into FoalShell and StallionRAT, defenders risk falling…
-
Chinese APT Launches Spearphishing Campaign, Using Fake Cloudflare Lure to Deliver PlugX Malware
The post Chinese APT Launches Spearphishing Campaign, Using Fake Cloudflare Lure to Deliver PlugX Malware appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/chinese-apt-launches-spearphishing-campaign-using-fake-cloudflare-lure-to-deliver-plugx-malware/
-
SideWinder APT Launches Operation SouthNet, Weaponizing Netlify and Pages.dev for Espionage
The post SideWinder APT Launches Operation SouthNet, Weaponizing Netlify and Pages.dev for Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/sidewinder-apt-launches-operation-southnet-weaponizing-netlify-and-pages-dev-for-espionage/
-
SideWinder Hacker Group Targets Users with Fake Outlook/Zimbra Portals to Steal Login Credentials
Tags: apt, credentials, cyber, defense, government, group, hacker, infrastructure, login, malicious, phishingThe notorious SideWinder APT group has intensified its credential harvesting operations across South Asia, deploying sophisticated phishing campaigns that target government, defense, and critical infrastructure organizations through fake webmail portals. The campaign represents a significant escalation from the group’s August 2024 activities, which initially focused on 14 malicious webpages hosted on Netlify and pages.dev platforms.…
-
Confucius APT Evolves: Espionage Group Shifts from WooperStealer to Advanced Python Backdoor AnonDoor
The post Confucius APT Evolves: Espionage Group Shifts from WooperStealer to Advanced Python Backdoor AnonDoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/confucius-apt-evolves-espionage-group-shifts-from-wooperstealer-to-advanced-python-backdoor-anondoor/
-
China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors
China-linked APT Phantom Taurus targets government and telecom orgs with Net-Star malware for espionage, using unique tactics over two years. China-nexus APT Phantom Taurus has targeted government and telecom organizations for espionage, using Net-Star malware and distinct TTPs. Phantom Taurus is a previously undocumented Chinese APT, it has targeted entities in Africa, the Middle East,…
-
Chinese APT group Phantom Taurus targets gov and telecom organizations
mssq.bat that connects to an SQL database using the sa (system administrator) ID with a password previously obtained by the attackers. It then performs a dynamic search for specific keywords specified in the script, saving the results as a CSV file.”The threat actor used this method to search for documents of interest and information related…
-
Chinese APT Phantom Taurus Targeted MS Exchange Servers Over 3 Years
Cybersecurity researchers at Palo Alto Networks’ Unit 42 say Chinese APT Phantom Taurus breached Microsoft Exchange servers for years using a backdoor to spy on diplomats and defense data. First seen on hackread.com Jump to article: hackread.com/chinese-apt-phantom-taurus-ms-exchange-servers/
-
Patchwork APT: Leveraging PowerShell to Create Scheduled Tasks and Deploy Final Payload
Patchwork, the advanced persistent threat (APT) actor also known as Dropping Elephant, Monsoon, and Hangover Group, has been observed deploying a new PowerShell-based loader that abuses Windows Scheduled Tasks to execute its final payload. Active since at least 2015 and focused on political and military intelligence across South and Southeast Asia, Patchwork is renowned for…
-
New Chinese Nexus APT Group Targeting Organizations to Deploy NET-STAR Malware Suite
China-linked advanced persistent threat (APT) group Phantom Taurus has intensified espionage operations against government and telecommunications targets across Africa, the Middle East, and Asia, deploying a newly discovered .NET malware suite called NET-STAR. First tracked by Unit 42 in June 2023 as cluster CL-STA-0043 and temporarily designated TGR-STA-0043 (Operation Diplomatic Specter) in May 2024, the…
-
RedNovember: Chinese APT Expands Global Espionage to U.S. Defense, Aerospace, and Tech Firms
The post RedNovember: Chinese APT Expands Global Espionage to U.S. Defense, Aerospace, and Tech Firms appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/rednovember-chinese-apt-expands-global-espionage-to-u-s-defense-aerospace-and-tech-firms/
-
Iranian State Hackers Use SSL.com Certificates to Sign Malware
Security researchers say multiple threat groups, including Iran’s Charming Kitten APT offshoot Subtle Snail, are deploying malware with code-signing certificates from the Houston-based company. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/iranian-hackers-ssl-certificates-sign-malware
-
Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure
Cybersecurity company watchTowr Labs has disclosed that it has “credible evidence” of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a whole week before it was publicly disclosed.”This is not ‘just’ a CVSS 10.0 flaw in a solution long favored by…
-
Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure
Cybersecurity company watchTowr Labs has disclosed that it has “credible evidence” of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a whole week before it was publicly disclosed.”This is not ‘just’ a CVSS 10.0 flaw in a solution long favored by…
-
Chinese APT Drops ‘Brickstorm’ Backdoors on Edge Devices
The China-linked cyber-espionage group UNC5221 is compromising network appliances that cannot run traditional EDR agents to deploy new versions of the Brickstorm backdoor. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-apt-brickstorm-backdoors-edge-devices
-
Neue Aktivitäten der APT-Gruppe Nimbus Manticore in Europa
Check Point Software Technologies hat eine verstärkte Aktivität der iranischen APT-Gruppe Nimbus Manticore aufgedeckt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/apt-gruppe-nimbus-manticore-europa
-
Iranische APT-Gruppe Nimbus Manticore weitet Aktivitäten auf Europa aus
Check Point Software Technologies hat neue Aktivitäten der mit dem iranischen Staat verbundenen APT-Gruppe Nimbus Manticore aufgedeckt, die sich wiederum mit den Gruppen UNC1549 und Smoke-Sandstorm überschneidet. Der seit langer Zeit aktive Akteur, der sich bisher auf den Nahen Osten konzentriert hat, richtet sein Augenmerk nun auch auf Europa. Dort hat er kürzlich Kampagnen gegen…
-
Chinese APT Leans on Researcher PoCs to Spy on Other Countries
RedNovember is both lazy and punctual: always quick to do its homework on new vulnerabilities, but always getting the answers from cyber defenders. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-apt-oss-pocs-spy-countries
-
Chinese APT Leans on Researcher PoCs to Spy on Other Countries
RedNovember is both lazy and punctual: always quick to do its homework on new vulnerabilities, but always getting the answers from cyber defenders. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-apt-oss-pocs-spy-countries
-
Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs
The post Cisco Uncovers New PlugX Backdoor Linked to Chinese APTs appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/cisco-uncovers-new-plugx-backdoor-linked-to-chinese-apts/
-
Iranian APT >>Nimbus Manticore<< Intensifies Cyber Espionage in Europe
The post Iranian APT >>Nimbus Manticore
-
ESET uncovers GamaredonTurla collaboration in Ukraine cyberattacks
ESET found evidence that Russia-linked groups Gamaredon and Turla collaborated in cyberattacks on Ukraine between February and April 2025. ESET reported Russia-linked groups Gamaredon and Turla collaborated in cyberattacks against entities in Ukraine. The Russia-linked APT group Gamaredon (a.k.a. Shuckworm, Armageddon, Primitive Bear, ACTINIUM, Callisto) is known for targeting government, law enforcement, and defense organizations in Ukraine since 2013. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous…
-
Iranian State APT Blitzes Telcos & Satellite Companies
A Charming Kitten subgroup is performing some of the most bespoke cyberattacks ever witnessed in the wild, to down select high-value targets. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-state-apt-telcos-satellite-companies