Tag: apt
-
NSA, FBI, Others Say Chinese Tech Firms are Aiding Salt Typhoon Attacks
A report from intelligence agencies in the U.S., UK, and elsewhere outlined how three Chinese tech firms are supply China’s intelligence services with products and services that are being used in global campaigns by the state-sponsored APT group Salt Typhoon. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/nsa-fbi-others-say-chinese-tech-firms-are-aiding-salt-typhoon-attacks/
-
An Espionage System: NSA, CISA, Partners Expose Chinese APT Groups
The post An Espionage System: NSA, CISA, Partners Expose Chinese APT Groups appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/an-espionage-system-nsa-cisa-partners-expose-chinese-apt-groups/
-
China Hijacks Captive Portals to Spy on Asian Diplomats
The Mustang Panda APT is hijacking Google Chrome browsers when they attempt to connect to new networks and redirecting them to phishing sites. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-hijacks-captive-portals-spy-asian-diplomats
-
TAG-144: Actors Attacking Government Entities With New Tactics, Techniques, and Procedures
The threat actor known as TAG-144, also referred to as Blind Eagle or APT-C-36, has been linked to five distinct activity clusters operating from May 2024 through July 2025, primarily targeting Colombian government entities at local, municipal, and federal levels. This cyber threat group, active since at least 2018, employs a sophisticated blend of cyber-espionage…
-
China linked Silk Typhoon targeted diplomats by hijacking web traffic
The China-linked APT group Silk Typhoon targeted diplomats by hijacking web traffic to redirect it to a website that delivered malware. China-linked cyberespionage group Silk Typhoon targeted diplomats by hijacking web traffic to redirect to a website used to deliver malware, Google’s Threat Intelligence Group (GTIG) warns. Cyberspies hijacked a network’s captive portal using an…
-
NSFOCUS Monthly APT Insights July 2025
Regional APT Threat Situation In July 2025, the global threat hunting system of Fuying Lab detected a total of 33 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, Southeast Asia, Eastern Europe, and West Asia, as shown in the following figure. Regarding the activity levels of different organizations,…The…
-
Chinese APT Leverages Proxy and VPN Services to Obfuscate Infrastructure
Tags: apt, china, cyber, cybersecurity, data, group, infrastructure, korea, leak, north-korea, service, threat, vpnA significant data dump surfaced on DDoSecrets.com, purportedly extracted from a workstation belonging to a threat actor targeting organizations in South Korea and Taiwan. The leak, detailed in an accompanying article, attributes the activity to the North Korean advanced persistent threat (APT) group known as Kimsuky, a sophisticated actor previously highlighted in cybersecurity advisories for…
-
Kimsuky APT Exposed: GPKI Certificates, Rootkits, and Cobalt Strike Assets Uncovered
A comprehensive operational dump from the North Korean Kimsuky APT organization, also known as APT43, Thallium, or Velvet Chollima, appeared on a dark web forum in an uncommon instance of state-sponsored cyber espionage. This leak, comprising virtual machine images, VPS dumps, phishing kits, rootkits, and over 20,000 browser history records, provides an unparalleled glimpse into…
-
Pakistan-linked APT36 abuses Linux .desktop files to drop custom malware in new campaign
APT36 uses Linux .desktop files in new attacks on Indian gov & defense, aiming for data theft and persistent espionage access. Transparent Tribe (aka APT36, Operation C-Major, and Mythic Leopard), a Pakistan-linked threat actor, is using Linux .desktop files to load malware in new attacks against government and defense entities in India. The APT group…
-
Security Affairs newsletter Round 538 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Kidney dialysis firm DaVita confirms ransomware attack compromised data of 2.7M people China-linked Silk Typhoon APT…
-
China-linked Silk Typhoon APT targets North America
China-linked Silk Typhoon APT group ramp up North America attacks, exploiting n-day and zero-day flaws for system access, CrowdStrike warns. China-linked Silk Typhoon APT group (aka Murky Panda) targets organizations in North America exploiting n-day and zero-day flaws for system access, CrowdStrike warns. This Chinese APT has one of the widest targeting scopes. In March,…
-
Silk Typhoon Attacks North American Orgs in the Cloud
A Chinese APT is going where most APTs don’t: deep into the cloud, compromising supply chains and deploying uncommon malware. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/silk-typhoon-north-american-orgs-cloud
-
MuddyWater APT Targets CFOs via OpenSSH; Enables RDP and Scheduled Tasks
A sophisticated spear-phishing campaign attributed to the Iranian-linked APT group MuddyWater is actively compromising CFOs and finance executives across Europe, North America, South America, Africa, and Asia. The attackers impersonate recruiters from Rothschild & Co, deploying Firebase-hosted phishing pages that incorporate custom math-based CAPTCHA challenges to evade detection and lend legitimacy. These lures lead victims…
-
A Decade of Espionage: How a Russian APT Exploited Cisco Devices (CVE-2018-0171) for Years
The post A Decade of Espionage: How a Russian APT Exploited Cisco Devices (CVE-2018-0171) for Years appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/a-decade-of-espionage-how-a-russian-apt-exploited-cisco-devices-cve-2018-0171-for-years/
-
Chinese APT Group Targets Web Hosting Services in Taiwan
Cisco Talos observed the newly identified group compromise a Taiwanese web hosting provider to conduct a range of malicious activities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-apt-web-hosting-taiwan/
-
North Korean Hackers’ Secret Linux Malware Surfaces Online
Phrack Magazine’s latest issue #72 has unveiled a significant data leak from a suspected North Korean hacking operation, including exploit tactics, compromised system details, and a sophisticated Linux rootkit. The dump, linked to a Chinese threat actor targeting South Korean and Taiwanese government and private sectors, shows overlaps with the North Korean Kimsuky APT group.…
-
Charon Ransomware Emerges With APT-Style Tactics
The first documented deployment of the novel malware in a campaign against the Middle Eastern public sector and aviation industry may be tied to China’s state-sponsored actor Earth Baxia. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/charon-ransomware-apt-tactics
-
New ‘Curly COMrades’ APT Using NGEN COM Hijacking in Georgia, Moldova Attacks
A previously undocumented threat actor dubbed Curly COMrades has been observed targeting entities in Georgia and Moldova as part of a cyber espionage campaign designed to facilitate long-term access to target networks.”They repeatedly tried to extract the NTDS database from domain controllers — the primary repository for user password hashes and authentication data in a…
-
APT groups are getting personal, and CISOs should be concerned
Instead of focusing only on corporate systems, some APT groups are now going after executives in their personal lives. Home networks, private devices, and even family members … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/12/apt-executive-cybersecurity-threats/
-
APT groups are getting personal, and CISOs should be concerned
Instead of focusing only on corporate systems, some APT groups are now going after executives in their personal lives. Home networks, private devices, and even family members … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/12/apt-executive-cybersecurity-threats/
-
APT groups are getting personal, and CISOs should be concerned
Instead of focusing only on corporate systems, some APT groups are now going after executives in their personal lives. Home networks, private devices, and even family members … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/12/apt-executive-cybersecurity-threats/
-
APT-Style Attacks Exploit CVE-2025-6543 in Dutch Critical Organizations
The Dutch National Cyber Security Centre (NCSC) has confirmed that a serious vulnerability in Citrix NetScaler systems, identified as CVE-2025-6543, has been exploited in targeted attacks against multiple critical organizations in the Netherlands. The exploitation began months before the vulnerability was publicly disclosed, and investigations indicate that attackers used advanced methods to evade detection. First…
-
APT Sidewinder Mimics Government and Military Agencies to Steal Login Credentials
Tags: apt, credentials, cyber, cybersecurity, exploit, government, infrastructure, login, military, phishing, threatCybersecurity researchers have uncovered an extensive phishing campaign orchestrated by APT Sidewinder, a persistent threat actor believed to originate from South Asia, targeting government and military institutions across Bangladesh, Nepal, and Turkey through sophisticated credential harvesting operations that exploit trusted platforms and convincingly replicate official login portals. Coordinated Infrastructure Exploits Trust The investigation, initiated by…
-
Untersuchung der bisherigen Ransomware-Operationen der nicht-dokumentierten Gruppe STORM-2603
Check Point Research (CPR), die Sicherheitsforschungsabteilung von Check Point Software Technologies hat eine gezielte Analyse von Storm-2603 durchgeführt, einem Bedrohungsakteur, der mit den jüngsten Toolshell-Exploits in Verbindung steht und mit anderen chinesischen APT-Gruppen zusammenarbeitet. Storm-2603 nutzt ein benutzerdefiniertes Malware-Command-and-Control-Framework (C2), das von Angreifer intern als ak47c2 bezeichnet wird. Dieses Framework umfasst mindestens zwei verschiedene Arten…
-
Data Dump From APT Actor Yields Clues to Attacker Capabilities
The tranche of information includes data on recent campaigns, attack tools, compromised credentials, and command files used by a threat actor believed to be acting on behalf of China or North Korea. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/data-dump-apt-actor-attacker-capabilities
-
NSFOCUS Monthly APT Insights June 2025
Regional APT Threat Situation In June 2025, the global threat hunting system of Fuying Lab detected a total of 33 APT attack activities. These activities were mainly distributed in regions such as South Asia, East Asia, West Asia, Eastern Europe, and South America, as shown in the figure below. In terms of organizational activity, the…The…
-
NSFOCUS Monthly APT Insights June 2025
Regional APT Threat Situation In June 2025, the global threat hunting system of Fuying Lab detected a total of 33 APT attack activities. These activities were mainly distributed in regions such as South Asia, East Asia, West Asia, Eastern Europe, and South America, as shown in the figure below. In terms of organizational activity, the…The…
-
NSFOCUS Monthly APT Insights June 2025
Regional APT Threat Situation In June 2025, the global threat hunting system of Fuying Lab detected a total of 33 APT attack activities. These activities were mainly distributed in regions such as South Asia, East Asia, West Asia, Eastern Europe, and South America, as shown in the figure below. In terms of organizational activity, the…The…
-
Silver Fox APT Blurs the Line Between Espionage & Cybercrime
Silver Fox is the Hannah Montana of Chinese threat actors, effortlessly swapping between petty criminal and nation-state-type attacks. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/silver-fox-apt-espionage-cybercrime