Tag: apt

China’s FamousSparrow APT Hits Americas with SparrowDoor Malware

Apr 2, 2025 5:55 PM

Tags: apt, china, cyberespionage, group, malware, usa

China-linked APT group FamousSparrow hits targets in the Americas using upgraded SparrowDoor malware in new cyberespionage campaign, ESET reports. First seen on hackread.com Jump to article: hackread.com/china-famoussparrow-apt-americas-sparrowdoor-malware/
Malicious actors increasingly put privileged identity access to work across attack chains

Apr 2, 2025 12:55 PM

Tags: access, ai, api, apt, attack, authentication, best-practice, breach, cisa, cisco, cloud, corporate, credentials, cybercrime, cyberespionage, data, detection, email, endpoint, exploit, framework, group, healthcare, identity, infrastructure, login, malicious, malware, mfa, microsoft, network, open-source, password, phishing, phone, ransomware, service, social-engineering, strategy, threat, tool, vpn, windows

Lateral movement: Leveraging privileged access to act in plain sight: Once situated on the corporate network, compromised credentials also allow attackers to expand access to other internal systems with a reduced likelihood of being discovered or triggering malware detection.According to Talos, nearly half of investigated identity attacks targeted Active Directory, with another 20% targeting cloud…
Lazarus APT Jumps on ClickFix Bandwagon in Recent Attacks

Apr 1, 2025 4:55 PM

Tags: apt, attack, lazarus, north-korea, social-engineering, threat

A continuation of the North Korean nation-state threat’s campaign against employment seekers uses the social engineering attack to target CeFi organizations with the GolangGhost backdoor. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/lazarus-apt-clickfix-bandwagon-attacks
Earth Alux APT Group: Unveiling Its Espionage Toolkit

Apr 1, 2025 11:36 AM

Tags: apt, cyber, espionage, group

Researchers at Trend Micro detail a highly sophisticated cyber-espionage group actively targeting the Asia-Pacific and Latin American regions. First seen on securityonline.info Jump to article: securityonline.info/earth-alux-apt-group-unveiling-its-espionage-toolkit/
CISA spots spawn of Spawn malware targeting Ivanti flaw

Apr 1, 2025 11:36 AM

Tags: apt, cisa, flaw, Hardware, ivanti, malware

Resurge an apt name for malware targeting hardware maker that has security bug after security bug First seen on theregister.com Jump to article: www.theregister.com/2025/04/01/cisa_ivanti_warning/
>>Lazarus Hackers Group<< No Longer Refer to a Single APT Group But a Collection of Many Sub-Groups

Mar 31, 2025 10:19 PM

Tags: apt, cyber, group, hacker, network, threat

The term >>Lazarus Group,>Lazarus>Lazarus Hackers Group
News brief: China-linked APTs and Russian access broker

Mar 31, 2025 9:19 PM

Tags: access, apt, china, russia

Check out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366621697/News-brief-China-linked-APTs-and-Russian-access-broker
Russia-linked Gamaredon targets Ukraine with Remcos RAT

Mar 31, 2025 6:20 PM

Tags: apt, attack, cyberespionage, group, phishing, powershell, rat, russia, spear-phishing, ukraine

Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, ACTINIUM, Callisto) targets Ukraine with a phishing campaign. The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukrainian entities, and organizations related…
Salt Typhoon may have upgraded backdoors for efficiency and evasion

Mar 29, 2025 5:13 AM

Tags: apt, attack, backdoor, breach, china, cyber, data, detection, espionage, finance, government, group, intelligence, microsoft, network, security-incident, switch, threat, update

CrowDoor and attributed to the Earth Estries APT group in November 2024.”GhostSparrow, aka Salt Typhoon (Microsoft), Earth Estries (Trend Micro), Ghost Emperor (Kaspersky Labs), and UNC2286 (Mandiant), has escalated cyber espionage, breaching US telecom networks and accessing data on over a million individuals. One of the key features ESET reported on the two previously unseen…
Pakistan-Linked APT Exploits Youth Laptop Scheme in Cyberattack Targeting India

Mar 29, 2025 5:13 AM

Tags: apt, cyberattack, cybersecurity, exploit, india

A new cybersecurity report by CYFIRMA has uncovered a sophisticated cyberattack campaign targeting Indian users, allegedly orchestrated by First seen on securityonline.info Jump to article: securityonline.info/pakistan-linked-apt-exploits-youth-laptop-scheme-in-cyberattack-targeting-india/
New FamousSparrow Malware Targets Hotels and Engineering Firms with Custom Backdoor

Mar 27, 2025 3:34 PM

Tags: apt, backdoor, china, cyber, finance, group, malware

ESET researchers have uncovered new activity from the China-aligned APT group FamousSparrow, revealing two previously undocumented versions of their custom SparrowDoor backdoor. The group, thought to be inactive since 2022, compromised a US-based trade organization in the financial sector and a Mexican research institute in July 2024. The first variant closely resembles the CrowDoor malware…
China-linked FamousSparrow APT group resurfaces with enhanced capabilities

Mar 26, 2025 8:35 PM

Tags: apt, china, finance, group, network

ESET investigated suspicious activity on the network of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/26/famoussparrow-cyberespionage-attacks-united-states/
Pakistan APT Hackers Weaponize malicious IndiaPost Site to Target Windows and Android Users

Mar 26, 2025 8:35 PM

Tags: android, apt, attack, cyber, cyberattack, exploit, group, hacker, india, malicious, threat, vulnerability, windows

A Pakistan-based Advanced Persistent Threat (APT) group, likely APT36, has launched a multi-platform cyberattack campaign targeting Indian users through a fraudulent website impersonating the Indian Post Office. The attack, discovered by CYFIRMA researchers, exploits both Windows and Android vulnerabilities, demonstrating a significant evolution in the group’s tactics. Sophisticated Attack Leverages Youth Laptop Scheme The malicious…
Google Hastily Patches Chrome Zero-Day Exploited by APT

Mar 26, 2025 8:35 PM

Tags: apt, attack, browser, chrome, cyber, espionage, exploit, google, kaspersky, phishing, vulnerability, zero-day

Researchers at Kaspersky discovered cyber-espionage activity that used the vulnerability in a one-click phishing attack to deliver malware. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/google-patches-chrome-zero-day-exploited-apt
APT Hackers Exploit Google Chrome Zero-Day in Operation ForumTroll to Bypass Sandbox Protections

Mar 26, 2025 1:13 PM

Tags: apt, attack, browser, chrome, cyber, email, exploit, google, hacker, kaspersky, malicious, phishing, zero-day

In mid-March 2025, Kaspersky researchers uncovered a sophisticated APT attack, dubbed Operation ForumTroll, which leveraged a previously unknown zero-day exploit in Google Chrome. This exploit allowed attackers to bypass Chrome’s sandbox protections, a critical security feature designed to isolate and contain malicious code. The attack was initiated through personalized phishing emails, which directed victims to…
North Korean Kimsuky Hackers Deploy New Tactics and Malicious Scripts in Recent Attacks

Mar 26, 2025 11:13 AM

Tags: apt, attack, cyber, espionage, group, hacker, korea, malicious, north-korea, tactics

Security researchers have uncovered a new attack campaign by the North Korean state-sponsored APT group Kimsuky, also known as >>Black Banshee.
Unmasking Kimsuky’s Latest Tactics: A Deep Dive into Malicious Scripts and Payloads

Mar 26, 2025 5:13 AM

Tags: apt, group, malicious, north-korea, tactics

Recently, K7 Labs provided an insightful analysis of a campaign attributed to the North Korean APT group Kimsuky, First seen on securityonline.info Jump to article: securityonline.info/unmasking-kimsukys-latest-tactics-a-deep-dive-into-malicious-scripts-and-payloads/
Multi-year telco hack conducted by Chinese APT

Mar 25, 2025 10:14 PM

Tags: apt, china

First seen on scworld.com Jump to article: www.scworld.com/brief/multi-year-telco-hack-conducted-by-chinese-apt
Chinese APT Weaver Ant Targeting Telecom Providers in Asia

Mar 25, 2025 1:13 PM

Tags: apt, china, cyberespionage

Weaver Ant, a cyberespionage-focused APT operating out of China, is targeting telecom providers for persistent access. The post Chinese APT Weaver Ant Targeting Telecom Providers in Asia appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chinese-apt-weaver-ant-targeting-telecom-providers-in-asia/
Chinese Hacker Group Tracked Back to iSoon APT Operation

Mar 25, 2025 1:13 PM

Tags: apt, china, data, government, group, hacker

The group, called FishMonger or Aquatic Panda, is working under contract for the Chinese government to steal data from governmental organizations, Catholic charities, NGOs, think tanks, and more. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-espionage-hacker-group-isoon-apt-operation
Chinese APT Weaver Ant infiltrated a telco in Asia for over four years

Mar 24, 2025 11:13 PM

Tags: apt, china, network, service, threat

China-linked APT Weaver Ant infiltrated the network of a telecommunications services provider for over four years. The China-linked threat actor Weaver Ant infiltrated the network of a telecom provider in Asia for over four years. During a forensic investigation, Sygnia researchers observed multiple alerts that revealed a re-enabled threat actor account by a service account…
China-Nexus APT ‘Weaver Ant’ Caught in Yearslong Web Shell Attack

Mar 24, 2025 9:13 PM

Tags: apt, attack, china, threat

The persistent threat actor was caught using sophisticated Web shell techniques against an unnamed telecommunications company in Asia. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-nexus-apt-weaver-ant-caught-yearslong-web-shell-attack
UAT-5918 ATP group targets critical Taiwan

Mar 23, 2025 5:13 PM

Tags: apt, cisco, credentials, exploit, group, open-source, theft, threat, tool, vulnerability

Cisco Talos found UAT-5918, active since 2023, using web shells and open-source tools for persistence, info theft, and credential harvesting. Cisco Talos uncovered UAT-5918, an info-stealing threat actor active since 2023, using web shells and open-source tools for persistence and credential theft. The APT UAT-5918 targets Taiwan, exploiting N-day vulnerabilities in unpatched servers for long-term…
25 Prozent der Unternehmen waren 2024 von APT-Angriffen betroffen

Mar 22, 2025 11:13 AM

Tags: apt, cyberattack, threat

Die Bedrohung durch Advanced Persistent Threats (APTs) hat im vergangenen Jahr stark zugenommen. Jedes vierte Unternehmen (25 Prozent) geriet ins Visier dieser hochentwickelten Angriffe, die für 43 Prozent aller schwerwiegenden Sicherheitsvorfälle verantwortlich waren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/25-prozent-2024-apt-angriffe
Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley

Mar 21, 2025 2:13 PM

Tags: apt, china, cybersecurity, group, hacker

The FishMonger APT group, a subdivision of Chinese cybersecurity firm I-Soon, compromised seven organizations in a 2022 campaign. The post Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chinese-i-soon-hackers-hit-7-organizations-in-operation-fishmedley/
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families

Mar 21, 2025 1:13 PM

Tags: apt, china, espionage, government, malware, threat

The China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a “global espionage campaign” that took place in 2022 targeting seven organizations.These entities include governments, catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States. The activity, which took place First seen…
I-SOON’s ‘Chinese Fishmonger’ APT Targets Government Entities and NGOs

Mar 21, 2025 11:13 AM

Tags: apt, china, cyber, espionage, government, group

In a recent development, the U.S. Department of Justice unsealed an indictment against employees of the Chinese contractor I-SOON, revealing their involvement in multiple global espionage operations. These operations are attributed to the FishMonger APT group, which is believed to be I-SOON’s operational arm. The group, also known as Earth Lusca, TAG-22, Aquatic Panda, or…
FishMonger APT Group Linked to I-SOON in Espionage Campaigns

Mar 20, 2025 6:13 PM

Tags: apt, cyber, espionage, government, group

The FishMonger APT Group has been linked with I-SOON, targeting governments, NGOs and think tanks in cyber-espionage campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fishmonger-apt-group-linked-isoon/
India Is Top Global Target for Hacktivists, Regional APTs

Mar 20, 2025 3:13 PM

Tags: apt, attack, india, service

Global politics and a growing economy draw the wrong kind of attention to India, with denial-of-service and application attacks both on the rise. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/india-tops-global-targets-hactivists-regional-apt
New Windows zero-day feared abused in widespread espionage for years

Mar 20, 2025 2:13 PM

Tags: apt, attack, bug-bounty, china, cve, cvss, cyber, data, espionage, exploit, finance, flaw, government, group, iran, korea, malicious, microsoft, north-korea, nvd, russia, threat, vulnerability, windows, zero-day

.The zero-day vulnerability, tracked as ZDI-CAN-25373, has yet to be publicly acknowledged and assigned a CVE-ID by Microsoft. ZDI-CAN-25373 has to do with the way Windows displays the contents of .lnk files, a type of binary file used by Windows to act as a shortcut to a file, folder, or application, through the Windows UI.A…