Tag: apt
-
Critical vulnerability in AMI MegaRAC BMC allows server’ takeover
Tags: access, advisory, api, apt, attack, authentication, control, credentials, cve, cyberespionage, cybersecurity, data, data-breach, endpoint, exploit, firewall, firmware, flaw, group, infrastructure, Internet, linux, malicious, malware, network, ransomware, supply-chain, technology, training, update, vulnerabilityth vulnerability that Eclypsium researchers found in MegaRAC, the BMC firmware implementation from UEFI/BIOS vendor American Megatrends (AMI). BMCs are microcontrollers present on server motherboards that have their own firmware, dedicated memory, power, and network ports and are used for out-of-band management of servers when their main operating systems are shut down.Administrators can access BMCs…
-
Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft
11 state-sponsored APTs exploit malicious .lnk files for espionage and data theft, with ZDI uncovering 1,000 such files used in attacks. At least 11 state-sponsored threat groups have been abusing Windows shortcut files for espionage and data theft, according to an analysis by Trend Micro’s Zero Day Initiative (ZDI). Trend ZDI researchers discovered 1,000 malicious…
-
11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft
ZDI has uncovered 1,000 malicious .lnk files used by state-sponsored and cybercrime threat actors to execute malicious commands. The post 11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/11-state-sponsored-apts-exploiting-lnk-files-for-espionage-data-theft/
-
Squid Werewolf APT Masquerades as Recruiters in Espionage Campaign Targeting Key Employees
The BI.ZONE Threat Intelligence team has uncovered a new cyber-espionage campaign attributed to Squid Werewolf, also known as First seen on securityonline.info Jump to article: securityonline.info/squid-werewolf-apt-masquerades-as-recruiters-in-espionage-campaign-targeting-key-employees/
-
ClickFix Widely Adopted by Cybercriminals, APT Groups
The ClickFix technique has been employed by cybercrime and APT groups for information stealer and other malware deployment. The post ClickFix Widely Adopted by Cybercriminals, APT Groups appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/clickfix-widely-adopted-by-cybercriminals-apt-groups/
-
Android spyware ‘KoSpy’ spread by suspected North Korean APT
First seen on scworld.com Jump to article: www.scworld.com/news/android-spyware-kospy-spread-by-suspected-north-korean-apt
-
North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy
North Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. North Korea-linked threat actor ScarCruft (aka APT37, Reaper, and Group123) is behind a previously undetected Android surveillance tool named KoSpy that was used to target Korean and English-speaking users. ScarCruft has been active since at least 2012, it made the…
-
Blind Eagle Targets Organizations with Weaponized .URL Files to Steal User Hashes
In a significant development in the cybersecurity landscape, APT-C-36, more commonly known as Blind Eagle, has intensified its operations targeting Colombian governmental, financial, and critical infrastructure organizations. Active since 2018, this Advanced Persistent Threat group has recently expanded its arsenal with sophisticated exploit techniques and malware, demonstrating an alarming ability to adapt to evolving security…
-
China-linked APT UNC3886 targets EoL Juniper routers
Mandiant researchers warn that China-linked actors are deploying custom backdoors on Juniper NetworksJunos OS MX routers. In mid-2024, Mandiant identified custom backdoors on Juniper Networks’ Junos OS routers, and attributed the attacks to a China-linked espionage group tracked as UNC3886. These TINYSHELL-based backdoors had various capabilities, including active and passive access and a script to…
-
Volt Typhoon Strikes Massachusetts Power Utility
The prolonged attack, which lasted 300+ days, is the first known compromise of the US electric grid by the Voltzite subgroup of the Chinese APT; during it, the APT attempted to exfiltrate critical OT infrastructure data. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/volt-typhoon-strikes-massachusetts-power-utility
-
SideWinder APT Group: Maritime Nuclear Targets, Evolved Malware
The SideWinder Advanced Persistent Threat (APT) group has expanded its cyber-espionage operations, targeting the maritime and nuclear sectors First seen on securityonline.info Jump to article: securityonline.info/sidewinder-apt-group-maritime-nuclear-targets-evolved-malware/
-
MirrorFace APT Using Custom Malware To Exploited Windows Sandbox Visual Studio Code
The cybersecurity landscape witnessed a significant development when the National Police Agency (NPA) and the National center of Incident readiness and Strategy for Cybersecurity (NISC) released a security advisory on January 8, 2025. This advisory highlighted an Advanced Persistent Threat (APT) campaign conducted by a group known as >>MirrorFace,
-
Ivanti EPM vulnerabilities actively exploited in the wild, CISA warns
Tags: apt, china, cisa, cyberespionage, exploit, flaw, group, ivanti, remote-code-execution, vpn, vulnerability, zero-dayIvanti products in attackers’ crosshairs: Multiple Ivanti products have been targeted by attackers over the past year, especially by state-sponsored cyberespionage groups who developed zero-day exploits for them.Back in January Ivanti patched a critical remote code execution flaw in its Connect Secure SSL VPN appliance that a Chinese APT group had exploited as a zero-day…
-
Sidewinder APT shifts targeting in new intrusions
Tags: aptFirst seen on scworld.com Jump to article: www.scworld.com/brief/sidewinder-apt-shifts-targeting-in-new-intrusions
-
Cyber-Angriffe zielen vermehrt auf Atomkraftwerke
Die APT-Gruppe SideWinder ihre Angriffsstrategien erweitert und zielt nun auch auf Atomkraftwerke und Energieeinrichtungen ab. Betroffen sind vor allem Unternehmen in Afrika, Südostasien und Teilen Europas, darunter Österreich. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/kritis/cyber-angriffe-zielen-vermehrt-auf-atomkraftwerke/
-
Blind Eagle Hackers Exploit Google Drive, Dropbox GitHub to Evade Security Measures
In a recent cyber campaign, the notorious threat actor group Blind Eagle, also known as APT-C-36, has been leveraging trusted cloud platforms like Google Drive, Dropbox, GitHub, and Bitbucket to distribute malware and evade traditional security defenses. This sophisticated approach allows them to bypass detection by disguising malicious files as harmless ones hosted on these…
-
1,600 Victims Hit by South American APT’s Malware
South American cyberespionage group Blind Eagle has infected over 1,600 organizations in Colombia in a recent campaign. The post 1,600 Victims Hit by South American APT’s Malware appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/1600-victims-hit-by-south-american-apts-malware/
-
SideWinder APT targets maritime and nuclear sectors with enhanced toolset
The APT group SideWinder targets maritime and logistics companies across South and Southeast Asia, the Middle East, and Africa. Kaspersky researchers warn that the APT group SideWinder (also known as Razor Tiger, Rattlesnake, and T-APT-04) is targeting maritime, logistics, nuclear, telecom, and IT sectors across South Asia, Southeast Asia, the Middle East, and Africa. SideWinder(also…
-
SideWinder APT Deploys New Tools in Attacks on Military Government Entities
The SideWinder Advanced Persistent Threat (APT) group has been observed intensifying its activities, particularly targeting military and government entities across various regions. This group, known for its aggressive expansion beyond traditional targets, has recently updated its toolset to include sophisticated malware designed for espionage. SideWinder’s primary targets have historically included entities in Pakistan, Sri Lanka,…
-
SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa
Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder.The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear…
-
APT ‘Blind Eagle’ Targets Colombian Government
The South American-based advanced persistent threat group is using an exploit with a high infection rate, according to research from Check Point. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/apt-blind-eagle-targets-colombian-government
-
APT-Gruppe Sidewinder zielt auf Atomkraftwerke ab
Laut aktuellen Analysen von Kaspersky hat die berüchtigte Advanced-Persistent-Threat (APT) -Gruppe ihre Angriffsstrategien angepasst und ihre geografischen Ziele ausgeweitet. Im Rahmen der jüngsten Spionagekampagne richtet sich Sidewinder nun auch gegen Atomkraftwerke und Energieeinrichtungen. Betroffene Unternehmen finden sich überwiegend in Afrika und Südostasien, aber auch in Teilen Europas, darunter Österreich. Sidewinder ist seit mindestens 2012 […]…
-
Blind Eagle: “¦And Justice for All
ey Points Introduction APT-C-36, also known as Blind Eagle, is a threat group that engages in both espionage and cybercrime. It primarily targets organizations in Colombia and other Latin American countries. Active since 2018, this Advanced Persistent Threat (APT) group focuses on government institutions, financial organizations, and critical infrastructure. Blind Eagle is known for employing…
-
North Korea-linked APT Moonstone used Qilin ransomware in limited attacks
Microsoft researchers reported that North Korea-linked APT tracked as Moonstone Sleet has employed the Qilin ransomware in limited attacks. Microsoft observed a North Korea-linked APT group, tracked as Moonstone Sleet, deploying Qilin ransomware in limited attacks since February 2025. The APT group uses Qilin ransomware after previously using custom ransomware. >>Moonstone Sleet has previously exclusively…
-
Under Pressure: US Charges China’s APTHire Hackers
The US Justice Department on Wednesday announced charges against members of the Chinese-backed i-Soon secret APT and APT27, the latter implicated in January’s Treasury breach. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/us-charges-china-apt-for-hire-hackers
-
Chinese APT Silk Typhoon exploits IT supply chain weaknesses for initial access
Tags: access, apt, attack, authentication, china, citrix, cloud, control, corporate, credentials, data, detection, email, exploit, firewall, github, government, group, hacker, identity, Internet, ivanti, least-privilege, microsoft, network, password, service, software, supply-chain, threat, update, vpn, vulnerability, zero-dayTwo-way lateral movement: Aside from abusing cloud assets and third-party services and software providers to gain access to local networks, the Silk Typhoon attackers are also proficient in jumping from on-premise environments into cloud environments. The group’s hackers regularly target Microsoft AADConnect (now Entra Connect) servers which are used to synchronize on-premise Active Directory deployments…