Tag: apt
-
ToolShell under siege: Check Point analyzes Chinese APT Storm-2603
Storm-2603 group exploits SharePoint flaws and uses a custom C2 framework, AK47 C2, with HTTP- and DNS-based variants named AK47HTTP and AK47DNS. Check Point Research is tracking a ToolShell campaign exploiting four Microsoft SharePoint flaws, linking it to China-nexus groups APT27, APT31, and a new cluster, Storm-2603. The researchers pointed out that Storm-2603’s goals remain…
-
Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware
Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware. Microsoft researchers uncovered a cyberespionage campaign by the Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) targeting foreign embassies in Moscow. The threat actor uses an adversary-in-the-middle (AiTM) method at the ISP level to deploy custom malware called ApolloShadow. This…
-
Russia’s Secret Blizzard APT Gains Embassy Access via ISPs
An ongoing AitM campaign by the infamous Moscow-sponsored cyber threat actor has widened its scope, dropping the dangerous ApolloShadow custom backdoor malware thanks to lawful intercept systems. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russia-secret-blizzard-apt-embassy-isps
-
Singapore’s Strategic Approach to State-Linked APT Cyber Threats
Singapore’s recent disclosure of an ongoing cyberattack by the advanced persistent threat (APT) group UNC3886 on critical infrastructure highlights a deliberate strategy favoring technical attribution over overt political linkages. Coordinating Minister for National Security K. Shanmugam announced during the Cyber Security Agency’s (CSA) 10th anniversary event that the nation is contending with this highly sophisticated…
-
North Korean APT Hackers Compromise CI/CD Pipelines to Steal Sensitive Data
Tags: apt, cyber, data, data-breach, detection, group, hacker, korea, lazarus, malicious, malware, north-korea, open-source, threatSonatype’s automated malware detection systems have exposed a large-scale and ongoing cyber infiltration campaign orchestrated by the North Korea-backed Lazarus Group, also known as Hidden Cobra. Between January and July 2025, Sonatype identified and blocked 234 unique malware packages attributed to this state-sponsored threat actor across popular open-source registries like npm and PyPI. These malicious…
-
APT Hackers Target Maritime and Shipping Industry for Ransomware Attacks
Tags: apt, attack, cyber, cyberattack, group, hacker, intelligence, international, ransomware, threatThe maritime sector, which facilitates approximately 90% of international trade, is facing an unprecedented surge in sophisticated cyberattacks from advanced persistent threat (APT) groups, ransomware operators, and hacktivists, driven by escalating geopolitical conflicts. According to a recent Cyble intelligence report, over 100 such incidents have been documented in the past year, targeting shipping companies, ports,…
-
LameHug Erste dokumentierte KI-Malware
Mit wurde erstmals eine Schadsoftware entdeckt, die ein Large-Language-Model (LLM) aktiv zur Laufzeit verwendet, um Systemkommandos in Echtzeit zu erzeugen. Die Kampagne wird mit hoher Wahrscheinlichkeit der russischen APT-Gruppe Fancy Bear (APT28) zugeordnet. Der Vorfall markiert einen Wendepunkt in der Entwicklung adaptiver Malware und zeigt das disruptive Potenzial von generativer KI in der […] First…
-
Singapore’s Critical Infrastructure Under Attack by China-Linked UNC3886 APT
The post Singapore’s Critical Infrastructure Under Attack by China-Linked UNC3886 APT appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/singapores-critical-infrastructure-under-attack-by-china-linked-unc3886-apt/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict Uncovering a Stealthy WordPress Backdoor in mu-plugins NPM package ‘is’ with 2.8M weekly downloads infected devs with malware Coyote in the Wild: First-Ever […]…
-
Operation GhostChat PhantomPrayers: China-Linked APTs Target Tibetan Community with Stealthy Spyware
The post Operation GhostChat PhantomPrayers: China-Linked APTs Target Tibetan Community with Stealthy Spyware appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/operation-ghostchat-phantomprayers-china-linked-apts-target-tibetan-community-with-stealthy-spyware/
-
DCHSpy Android Spyware Linked to Iran’s MuddyWater APT, Targets Geopolitical Foes with Starlink Lures
The post DCHSpy Android Spyware Linked to Iran’s MuddyWater APT, Targets Geopolitical Foes with Starlink Lures appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/dchspy-android-spyware-linked-to-irans-muddywater-apt-targets-geopolitical-foes-with-starlink-lures/
-
Operation CargoTalon Targets Russian Aerospace Defense to Deploy EAGLET Implant
SEQRITE Labs’ APT-Team has uncovered a sophisticated spear-phishing campaign dubbed Operation CargoTalon, targeting employees at Russia’s Voronezh Aircraft Production Association (VASO), a key aerospace entity. The operation leverages malicious attachments disguised as товарно-транÑÐ¿Ð¾Ñ€Ñ‚Ð½Ð°Ñ Ð½Ð°ÐºÐ»Ð°Ð´Ð½Ð°Ñ (TTN) logistics documents, critical for Russian supply chains. Discovered on June 27 via VirusTotal hunting, the campaign employs a malicious EML…
-
UK blames Russia’s infamous ‘Fancy Bear’ group for Microsoft cloud hacks
Authentic Antics malware tool to target Microsoft cloud accounts were the handiwork of the notorious Russian Fancy Bear hacking group, the UK’s National Cyber Security Centre (NCSC) has said.Authentic Antics was discovered after a cyberattack in 2023 which prompted an NCSC technical teardown of the malware that it published in May this year. The agency…
-
UNG0002 Deploys Weaponized LNK Files with Cobalt Strike and Metasploit to Target Organizations
Seqrite Labs APT-Team has uncovered a persistent threat entity, UNG0002 (Unknown Group 0002), orchestrating espionage-driven operations across Asian jurisdictions, including China, Hong Kong, and Pakistan. Active since at least May 2024, this South-East Asia-based cluster has demonstrated a high degree of adaptability and technical prowess, targeting critical sectors such as defense, civil aviation, electrotechnical engineering,…
-
MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict
Iran-linked APT MuddyWater is deploying new DCHSpy spyware variants to target Android users amid the ongoing conflict with Israel. Lookout researchers observed Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, and Static Kitten) is deploying a new version of the DCHSpy Android spyware in the context of the Israel-Iran conflict. The firstMuddyWatercampaign wasobservedin late 2017, when the APT group targeted entities in…
-
Iranian Hackers Deploy New Android Spyware Version
New samples of DCHSpy, a spyware implant linked to Iranian APT group MuddyWater, were detected by Lookout one week after the start of the Israel-Iran conflict First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-hackers-new-android-spyware/
-
Singapore under ongoing cyber attack from APT group
Nation-state actor UNC3886 is actively targeting Singapore’s critical national infrastructure in a sophisticated espionage and disruption campaign, with the government mounting a whole-of-government response First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366627926/Singapore-under-ongoing-cyber-attack-from-APT-group
-
New GhostContainer Malware Hits High-Value MS Exchange Servers in Asia
Kaspersky’s SecureList reveals GhostContainer, a new, highly customized backdoor targeting government and high-tech organizations in Asia via Exchange server vulnerabilities. Learn how this APT malware operates and how to stay protected. First seen on hackread.com Jump to article: hackread.com/new-ghostcontainer-malware-ms-exchange-servers-asia/
-
UNG0002: Stealthy South Asian APT Group Unleashes New Malware in Cyber Espionage Campaigns Across Asia
The post UNG0002: Stealthy South Asian APT Group Unleashes New Malware in Cyber Espionage Campaigns Across Asia appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/ung0002-stealthy-south-asian-apt-group-unleashes-new-malware-in-cyber-espionage-campaigns-across-asia/
-
China-Aligned APTs Intensify Cyber Espionage on Taiwan’s Semiconductor Industry
The post China-Aligned APTs Intensify Cyber Espionage on Taiwan’s Semiconductor Industry appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/china-aligned-apts-intensify-cyber-espionage-on-taiwans-semiconductor-industry/
-
Singapore warns China-linked group UNC3886 targets its critical infrastructure
Singapore says China-linked group UNC3886 targeted its critical infrastructure by hacking routers and security devices. Singapore accused China-linked APT group UNC3886 of targeting its critical infrastructure. UNC3886 is a sophisticated China-linked cyber espionage group that targets network devices and virtualization technologies using zero-day exploits. Its primary focus is on defense, technology, and telecommunications sectors in…
-
4 Chinese APTs Attack Taiwan’s Semiconductor Industry
Chinese threat actors have turned to cyberattacks as a way to undermine and destabilize Taiwan’s most important industrial sector. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/4-chinese-apts-taiwan-semiconductor-industry
-
China-Backed Salt Typhoon Hacks US National Guard for Nearly a Year
Between March and December of last year, infamous Chinese state-sponsored APT Salt Typhoon gained access to sensitive US National Guard data. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/salt-typhoon-hacks-us-national-guard
-
Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network
China-linked APT Salt Typhoon breached a U.S. Army National Guard unit’s network, accessed configs, and intercepted communications with other units. A DoD report warns that China-nexus hacking group Salt Typhoon breached a U.S. state’s Army National Guard network from March to December 2024. The APT stole network configs, admin credentials, and data exchanged with units…
-
DoNot APT Hits European Ministry with New LoptikMod Malware
Trellix reveals how the India-linked DoNot APT group launched a sophisticated spear-phishing attack on a European foreign affairs… First seen on hackread.com Jump to article: hackread.com/donot-apt-hits-european-ministry-loptikmod-malware/
-
Iranian APT Hackers Targeting Transportation and Manufacturing Sectors in Active Attacks
Tags: apt, attack, cyber, cyberattack, cybersecurity, group, hacker, infrastructure, iran, network, threatNozomi Networks Labs cybersecurity researchers have reported a startling 133% increase in cyberattacks linked to well-known Iranian advanced persistent threat (APT) groups in May and June 2025, following current tensions with Iran. This uptick aligns with warnings from U.S. authorities, including a June 30th Fact Sheet from the Cybersecurity and Infrastructure Security Agency (CISA) and…
-
Indian Cyber Espionage Group Targets Italian Government
DoNot APT, also known as APT-C-35, traditionally operates exclusively in South Asia First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/indian-cyber-espionage-italian/
-
DoNot APT Expands to Europe: Targets Foreign Ministry with LoptikMod Malware via Google Drive Phishing
The post DoNot APT Expands to Europe: Targets Foreign Ministry with LoptikMod Malware via Google Drive Phishing appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/donot-apt-expands-to-europe-targets-foreign-ministry-with-loptikmod-malware-via-google-drive-phishing/
-
Iranian APTs increased activity against US industries in late spring, researchers say
Iranian advanced persistent threat (APT) groups, including those tracked as MuddyWater and APT33, appeared to launch more attacks against U.S. industrial entities in May and June, according to a report from Nozomi Networks. First seen on therecord.media Jump to article: therecord.media/iran-state-backed-hackers-industrial-attacks-spring-2025