Tag: apt
-
19 APT Hackers Target Asia-based Company Servers Using Exploited Vulnerabilities and Spear Phishing Email
Tags: apt, attack, cyber, email, espionage, exploit, government, hacker, infrastructure, phishing, spear-phishing, threat, vulnerabilityThe NSFOCUS Fuying Laboratory’s global threat hunting system identified 19 sophisticated Advanced Persistent Threat (APT) attack campaigns, predominantly targeting regions across South Asia, East Asia, Eastern Europe, and South America. These incursions highlighted a continuation of targeted cyber espionage and sabotage activities, primarily focusing on government agencies, critical infrastructure, and prominent industry sectors through a…
-
NSFOCUS APT Monthly Briefing March 2025
Regional APT Threat Situation Overview In March 2025, the global threat hunting system of NSFOCUS Fuying Laboratory discovered a total of 19 APT attack activities. These activities were mainly distributed in South Asia, East Asia, Eastern Europe, and South America, as shown in the following figure. In terms of group activity, the most active APT…The…
-
Darcula phishing toolkit gets AI boost, democratizing cybercrime
Tags: ai, apt, attack, automation, awareness, china, credentials, cybercrime, defense, detection, endpoint, finance, google, government, group, infrastructure, malicious, network, phishing, resilience, risk, service, skills, smishing, threat, tool, training, updateAI creates push-button phishing attacks: With the latest update to the “darcula-suite” toolkit, users can now generate phishing pages using generative AI that mimics websites with near-perfect accuracy, and in any language.”Users provide a URL of a legitimate brand or service, and the tool automatically visits that website, downloads all of its assets, and renders…
-
Operation SyncHole: Lazarus APT targets supply chains in South Korea
The North Korea-linked Lazarus Group targeted at least six firms in South Korea in a cyber espionage campaign called Operation SyncHole. Kaspersky researchers reported that the North Korea-linked APT group Lazarus targeted at least six firms in South Korea in a cyber espionage campaign tracked as Operation SyncHole. The campaign has been active since at…
-
Lazarus APT Targets Organizations by Exploiting One-Day Vulnerabilities
A recent cyber espionage campaign by the notorious Lazarus Advanced Persistent Threat (APT) group, tracked as >>Operation SyncHole,
-
Chinese APT Mustang Panda Debuts 4 New Attack Tools
The notorious nation-state-backed threat actor has added two new keyloggers, a lateral movement tool, and an endpoint detection and response (EDR) evasion driver to its arsenal. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/chinese-apt-mustang-panda-4-attack-tools
-
IronHusky APT Resurfaces with Evolved MysterySnail RAT
In a newly released report, Kaspersky’s Global Research and Analysis Team (GReAT) has revealed the resurgence of IronHusky, First seen on securityonline.info Jump to article: securityonline.info/ironhusky-apt-resurfaces-with-evolved-mysterysnail-rat/
-
China-linked APT Mustang Panda upgrades tools in its arsenal
China-linked APT group Mustang Panda deployed a new custom backdoor, MQsTTang, in recent attacks targeting Europe, Asia, and Australia. China-linked APT group Mustang Panda (aka Camaro Dragon, RedDelta or Bronze President). deployed a new custom backdoor, tracked as MQsTTang, in recent attacks targeting entities in Europe, Asia, and Australia. Mustang Panda has been active since…
-
Bösartige Kampagne der APT-Gruppe UNC5174 kombiniert Snowlight und VShell
Das Threat-Research-Team (TRT) von Sysdig hat eine laufende Kampagne der chinesischen APT-Gruppe UNC5174 aufgedeckt, die auf Linux-basierte Systeme in westlichen Ländern und im asiatisch-pazifischen Raum abzielt. Die Angreifer kombinieren dabei die bereits bekannte Snowlight-Malware mit dem Remote-Access-Trojaner (RAT) VShell, einem Open-Source-Tool, das als besonders schwer detektierbar gilt. Die initiale Infektion erfolgt über ein Bash-Skript, das…
-
Prophylactic Cybersecurity for Healthcare
How to Be Proactive in a Reactive World In healthcare, preventative medicine is always more effective, less costly, and has better outcomes than waiting until after a serious heart incident occurs. It’s an apt analogy for cybersecurity as well. Prophylactic (preventative) care in cybersecurity yields far better outcomes than constantly scrambling to respond to critical……
-
China-Nexus APT Exploits Ivanti Connect Secure VPN in Global Cyber Espionage Campaign
A recent report by TeamT5 has uncovered a widespread cyber espionage campaign targeting Ivanti Connect Secure VPN appliances. First seen on securityonline.info Jump to article: securityonline.info/china-nexus-apt-exploits-ivanti-connect-secure-vpn-in-global-cyber-espionage-campaign/
-
Advanced device code phishing leveraged by Russian APT
First seen on scworld.com Jump to article: www.scworld.com/brief/advanced-device-code-phishing-leveraged-by-russian-apt
-
Chinese APTs Exploit EDR ‘Visibility Gap’ for Cyber Espionage
Blind spots in network visibility, including in firewalls, IoT devices, and the cloud, are being exploited by Chinese state-backed threat actors with increasing success, according to new threat intelligence. Here’s how experts say you can get eyes on it all. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-apt-exploit-edr-visibility-gap-cyber-espionage
-
Chinese APT Group Targets Ivanti VPN Vulnerabilities to Breach Networks
Tags: apt, attack, breach, china, cyber, cybersecurity, data-breach, group, ivanti, network, threat, vpn, vulnerabilityIn a concerning report from cybersecurity firm TeamT5, it has been revealed that a Chinese Advanced Persistent Threat (APT) group leveraged critical vulnerabilities in Ivanti Connect Secure VPN appliances to launch a global cyberattack. The breach affected nearly 20 industries across 12 countries, leaving networks exposed and under persistent threat. Global Victimology The widespread attack…
-
Brass Typhoon: The Chinese Hacking Group Lurking in the Shadows
Though less well-known than groups like Volt Typhoon and Salt Typhoon, Brass Typhoon, or APT 41, is an infamous, longtime espionage actor that foreshadowed recent telecom hacks. First seen on wired.com Jump to article: www.wired.com/story/brass-typhoon-china-cyberspies/
-
GOFFEE APT: New PowerModul Implant and Tactics Target Russian Organizations
The APT group GOFFEE has resurfaced with a revamped arsenal, launching targeted cyberattacks across Russia’s strategic sectors. According First seen on securityonline.info Jump to article: securityonline.info/goffee-apt-new-powermodul-implant-and-tactics-target-russian-organizations/
-
Russian Shuckworm APT is back with updated GammaSteel malware
files.lnk, launched from an external drive. This was recorded under the UserAssist key in the Registry, which stores a record of files, links, applications, and objects accessed by the current user through Windows Explorer.After that file was executed, it launched mshta.exe, a Windows binary that can be used to execute VBScript and JScript locally on…
-
An APT group exploited ESET flaw to execute malware
At least one APT group has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security measures. Kaspersky researchers reported that an APT group, tracked as ToddyCat, has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security. The vulnerability, tracked as CVE-2024-11859, is a DLL Search Order Hijacking issue that potentially allow…
-
Ihr werdet den Tag nie vergessen, an dem ihr FamousSparrow geschnappt habt
ESET Forscher decken Werkzeuge der APT-Gruppe FamousSparrow auf. Darunter sind zwei nicht dokumentierte Versionen der von der Gruppe entwickelten Backdoor “SparrowDoor”. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/ihr-werdet-den-tag-nie-vergessen-an-dem-ihr-famoussparrow-geschnappt-habt/
-
SideCopy APT Hackers Impersonate Government Officials to Deploy Open-Source XenoRAT Tool
The Pakistan-linked Advanced Persistent Threat (APT) group known as SideCopy has significantly expanded its targeting scope since late December 2024. Initially, the group focused on infiltrating India’s government, defense, maritime sectors, and university students. Recent developments indicate an inclusion of crucial sectors like railways, oil & gas, and external affairs ministries into their cyber activities.…
-
Russian APT Hackers Use Device Code Phishing Technique to Bypass MFA
Tags: apt, authentication, cyber, exploit, government, group, hacker, intelligence, mfa, microsoft, phishing, russia, threatRussian state-backed advanced persistent threat (APT) group Storm-2372 has exploited device code phishing to bypass multi-factor authentication (MFA) and infiltrate high-value targets across governments, NGOs, and critical industries. Since August 2024, this group has weaponized the OAuth device authorization flow”, a legitimate authentication mechanism”, to hijack user sessions and exfiltrate sensitive data. Microsoft Threat Intelligence…
-
ESET Vulnerability Exploited for Stealthy Malware Execution
A sophisticated APT tracked as ToddyCat has exploited an ESET DLL search order hijacking vulnerability for malware delivery. The post ESET Vulnerability Exploited for Stealthy Malware Execution appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/eset-vulnerability-exploited-for-stealthy-malware-execution/
-
ToddyCat APT Targets ESET Bug to Load Silent Malware
Researchers found the threat actor attempting to use the now-patched flaw to load and execute a malicious dynamic link library on infected systems. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/toddycat-apt-eset-bug-silent-malware
-
ToddyCat Attackers Exploited ESET Command Line Scanner Vulnerability to Conceal Their Tool
In a sophisticated cyberattack, the notorious ToddyCat APT group utilized a previously unknown vulnerability in ESET’s Command Line Scanner (ecls) to mask their malicious activities. The attack came to light when researchers detected a suspicious file named version.dll in the temp directories of multiple compromised systems. This file was identified as a tool called TCESB,…
-
Operation HollowQuill Unveiled: Weaponized Documents Infiltrate Russia’s Defense Sector
A recent report by SEQRITE Labs APT-Team has shed light on a sophisticated campaign, dubbed Operation HollowQuill, targeting First seen on securityonline.info Jump to article: securityonline.info/operation-hollowquill-unveiled-weaponized-documents-infiltrate-russias-defense-sector/
-
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
A suspected Chinese APT group has exploited CVE-2025-22457 a buffer overflow bug that was previously thought not to be exploitable to compromise appliances … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/03/ivanti-vpn-customers-targeted-via-unrecognized-rce-vulnerability-cve-2025-22457/
-
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances
Ivanti misdiagnoses a remote code execution vulnerability and Mandiant reports that Chinese hackers are launching in-the-wild exploits. The post Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chinese-apt-pounces-on-misdiagnosed-rce-in-ivanti-vpn-appliances/
-
Operation HollowQuill Uses Malicious PDFs to Target Academic and Government Networks
A newly uncovered cyber-espionage campaign, dubbed Operation HollowQuill, has been identified as targeting academic, governmental, and defense-related networks in Russia using weaponized PDF documents. The operation, tracked by SEQRITE Labs APT-Team, leverages decoy research invitations to infiltrate systems associated with the Baltic State Technical University (BSTU “VOENMEKH”), a key institution for defense and aerospace research…
-
China’s FamousSparrow APT Hits Americas with SparrowDoor Malware
China-linked APT group FamousSparrow hits targets in the Americas using upgraded SparrowDoor malware in new cyberespionage campaign, ESET reports. First seen on hackread.com Jump to article: hackread.com/china-famoussparrow-apt-americas-sparrowdoor-malware/