Tag: apt
-
DoNot APT is expanding scope targeting European foreign ministries
DoNot APT, likely an India-linked cyberespionage group, targets European foreign ministries with LoptikMod malware. The DoNot APT group, likely linked to India, has expanded its operations and is targeting European foreign ministries with a new malware, called LoptikMod. The Donot Team (also known as APT-C-35 and Origami Elephant) has been active since 2016, focusing on government entities, foreign…
-
North American APT Uses Exchange Zero-Day to Attack China
Stories about Chinese APTs attacking the US and Canada are plentiful. In a turnabout, researchers found what they believe is a North American entity attacking a Chinese entity, thanks to a mysterious issue in Microsoft Exchange. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/north-american-apt-exchange-zero-day-attacks-china
-
DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware
A threat actor with suspected ties to India has been observed targeting a European foreign affairs ministry with malware capable of harvesting sensitive data from compromised hosts.The activity has been attributed by Trellix Advanced Research Center to an advanced persistent threat (APT) group called DoNot Team, which is also known as APT-C-35, Mint Tempest, Origami…
-
Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant
Italian police arrested a Chinese national linked to Silk Typhoon APT group at Milan’s Malpensa Airport on a U.S. warrant. Italian police arrested a Chinese national, Zewei Xu (33), at Milan’s Malpensa Airport on a U.S. warrant. Xu was arrested at Malpensa Airport on July 3rd after arriving on a flight from China. Authorities accused…
-
BladedFeline Exploits Whisper and PrimeCache to Breach IIS and Microsoft Exchange Servers
ESET researchers have uncovered a series of malicious tools deployed by BladedFeline, an Iran-aligned advanced persistent threat (APT) group, targeting Kurdish and Iraqi government officials. Active since at least 2017, BladedFeline has been linked with medium confidence to the notorious OilRig APT group, known for cyberespionage across the Middle East. Sophisticated Cyberespionage Campaign The group’s…
-
NightEagle APT Unleashes Custom Malware and Zero-Days to Infiltrate Industrial Systems
The advanced attack campaigns of a top Advanced Persistent Threat (APT) group known as >>NightEagle,
-
“NightEagle” APT Group Soars Over China’s Critical Tech: Zero-Days, Exchange Exploits, and Tailored Espionage
The post “NightEagle” APT Group Soars Over China’s Critical Tech: Zero-Days, Exchange Exploits, and Tailored Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/nighteagle-apt-group-soars-over-chinas-critical-tech-zero-days-exchange-exploits-and-tailored-espionage/
-
NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors
Tags: apt, china, cybersecurity, defense, exploit, flaw, government, microsoft, military, network, technology, threat, zero-dayCybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in China.According to QiAnXin’s RedDrip Team, the threat actor has been active since 2023 and has…
-
North Korean crypto thieves deploy custom Mac backdoor
North Korean threat actors are targeting companies from the Web3 and crypto industries with a backdoor designed for macOS written in niche programming language Nim. The attackers are also using AppleScript for early stage payloads, including a fake Zoom update.”North Korean-aligned threat actors have previously experimented with Go and Rust, similarly combining scripts and compiled…
-
Russian APT ‘Gamaredon’ Hits Ukraine With Fierce Phishing
A Russian APT known as Gamaredon is using spear-phishing attacks and network-drive weaponization to target government entities in Ukraine. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/russian-apt-gamaredon-ukraine-phishing
-
NSFOCUS APT Monthly Briefing May 2025
Regional APT Threat Situation In May 2025, the global threat hunting system of Fuying Lab discovered a total of 44 APT attack activities. These activities are mainly distributed in South Asia, Eastern Europe, East Asia, West Asia, Southeast Asia and as shown in the following figure. In terms of group activity, the most active APT…The…
-
OneClik APT campaign targets energy sector with stealthy backdoors
A OneClik campaign, likely carried out by China-linked actor, targets energy sectors using stealthy ClickOnce and Golang backdoors. Trellix cybersecurity researchers uncovered a new APT malware campaign, OneClik, targeting the energy, oil, and gas sectors. It abuses Microsoft’s ClickOnce deployment tech and custom Golang backdoors. While links to China-affiliated actors are suspected, attribution remains cautious.…
-
Frequently Asked Questions About Iranian Cyber Operations
Tags: access, advisory, api, apt, attack, authentication, awareness, cisa, cloud, credentials, cve, cyber, cybersecurity, data, data-breach, defense, dos, exploit, finance, framework, government, group, Hardware, identity, infrastructure, injection, Internet, iran, ivanti, malware, mfa, microsoft, middle-east, military, mitre, monitoring, network, password, ransomware, rce, remote-code-execution, risk, service, software, supply-chain, tactics, technology, terrorism, threat, tool, update, vpn, vulnerability, windowsTenable’s Research Special Operations team focuses on some frequently asked questions about Iranian cyber operations, including the tactics, techniques and procedures employed by Iran-based threat actors. Background Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding Iranian cyber operations in the wake of the recent conflict and…
-
APT36 Hackers Launching Cyberattacks on Government Entities, Financial Sectors, and Critical Systems
Tags: apt, cyber, cyberattack, exploit, finance, government, group, hacker, infrastructure, threat, usa, vulnerabilityThe cyber threat group APT-C-36, widely known as Blind Eagle, has been orchestrating sophisticated cyberattacks targeting a range of sectors across Latin America, with a pronounced focus on Colombian organizations. This group has consistently zeroed in on government institutions, financial organizations, and critical infrastructure, exploiting vulnerabilities with a blend of technical prowess and social engineering.…
-
China-Aligned Hive0154 APT Strikes Tibetan Community: Pubload Backdoor Delivered via Phishing Lures
The post China-Aligned Hive0154 APT Strikes Tibetan Community: Pubload Backdoor Delivered via Phishing Lures appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/china-aligned-hive0154-apt-strikes-tibetan-community-pubload-backdoor-delivered-via-phishing-lures/
-
Charming Kitten APT Tries Spying on Israeli Cybersecurity Experts
Israel’s cyber pros are having to put theory into practice, as a notorious nation-state APT sponsored by Iran targets them with spear-phishing attacks. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/iran-apt-spying-israeli-cybersecurity-experts
-
APT Attackers Leverage Microsoft ClickOnce to Run Malware as Trusted Applications
The Trellix Advanced Research Center has exposed a highly sophisticated Advanced Persistent Threat (APT) malware campaign dubbed >>OneClik,
-
China-linked APT Salt Typhoon targets Canadian Telecom companies
Canada and FBI warn of China-linked APT Salt Typhoon targeting Canadian telecom firms in ongoing cyber espionage operations. The Canadian Centre for Cyber Security and the FBI warn that China-linked APT cyber espionage group Salt Typhoon, is targeting Canadian telecom firms in espionage attacks. The Salt Typhoon hacking campaign, active for 12 years, has targeted…
-
New Silver Fox APT attacks set sights on healthcare, public sector
First seen on scworld.com Jump to article: www.scworld.com/brief/new-silver-fox-apt-attacks-set-sights-on-healthcare-public-sector
-
Russian APT UNC6293 Exploits Google Application-Specific Passwords to Hack Critics
The post Russian APT UNC6293 Exploits Google Application-Specific Passwords to Hack Critics appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/russian-apt-unc6293-exploits-google-application-specific-passwords-to-hack-critics/
-
Silver Fox APT: Chinese Threat Actor Deploys Trojanized Medical Software in Stealth Espionage Campaign
The post Silver Fox APT: Chinese Threat Actor Deploys Trojanized Medical Software in Stealth Espionage Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/silver-fox-apt-chinese-threat-actor-deploys-trojanized-medical-software-in-stealth-espionage-campaign/
-
Silver Fox APT Uses Weaponized Medical Software to Deploy Remote Access Tools and Disable AV
The China-based advanced persistent threat (APT) group Silver Fox, also known as Void Arachne or The Great Thief of Valley, has been identified as the orchestrator of a complex multi-stage campaign targeting healthcare delivery organizations (HDOs) and public sector entities. Active since 2024 and believed to be state-sponsored, Silver Fox is deploying cyber espionage and…
-
China-linked group Salt Typhoon breached satellite firm Viasat
China-linked APT Typhoon has reportedly targeted satellite firm Viasat, the group has breached multiple telecom providers in the past. China-linked APT group Salt Typhoon hacked the satellite communications firm Viasat, the cyber-espionage group has previously breached the networks of multiple other telecom providers in the United States and globally. Viasat is a global communications company…
-
Viasat Targeted in Cyberattack by Salt Typhoon APT Group
Viasat Inc., a leading U.S. satellite and wireless communications provider, has been identified as the latest victim in a sweeping cyberespionage campaign attributed to the Chinese state-sponsored group known as Salt Typhoon. The breach, which occurred during the 2024 U.S. presidential campaign, was discovered earlier this year and highlights the growing threat posed by advanced…
-
Kimsuky APT Group Abuses HWP and AnyDesk for Covert Remote Surveillance
The post Kimsuky APT Group Abuses HWP and AnyDesk for Covert Remote Surveillance appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/kimsuky-apt-group-abuses-hwp-and-anydesk-for-covert-remote-surveillance/
-
Kimsuky and Konni APT Groups Lead Active Attacks Targeting East Asia
An significant 20 Advanced Persistent Threat (APT) occurrences were found in April 2025, according to a new report from Fuying Lab’s worldwide threat hunting system. East Asia emerges as a primary hotspot, where the notorious APT groups Kimsuky and Konni have been identified as the most active players. According to the Report, their operations predominantly…
-
Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware
Cybersecurity researchers are warning of a new phishing campaign that’s targeting users in Taiwan with malware families such as HoldingHands RAT and Gh0stCringe.The activity is part of a broader campaign that delivered the Winos 4.0 malware framework earlier this January by sending phishing messages impersonating Taiwan’s National Taxation Bureau, Fortinet FortiGuard Labs said in a…
-
Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware
Cybersecurity researchers are warning of a new phishing campaign that’s targeting users in Taiwan with malware families such as HoldingHands RAT and Gh0stCringe.The activity is part of a broader campaign that delivered the Winos 4.0 malware framework earlier this January by sending phishing messages impersonating Taiwan’s National Taxation Bureau, Fortinet FortiGuard Labs said in a…
-
NSFOCUS APT Monthly Briefing April 2025
Regional APT Threat Situation Overview In April 2025, the global threat hunting system of Fuying Lab discovered a total of 20 APT attack activities. These activities are mainly distributed in East Asia, South Asia, Middle East and Eastern Europe, as shown in the following figure. In terms of group activity, the most active APT group…The…
-
North Korean APT Hackers Target Ukrainian Government Agencies to Steal Login Credentials
Tags: apt, attack, credentials, cyber, government, group, hacker, login, north-korea, phishing, threat, ukraineNorth Korean Advanced Persistent Threat (APT) hackers, specifically the Konni group, have shifted their focus to Ukrainian government agencies in a targeted phishing campaign aimed at stealing login credentials and distributing malware. This attack, observed in February 2025, marks a notable divergence from the group’s traditional targets and raises questions about potential strategic alliances with…