Tag: apt
-
Hackers exploited Windows WebDav zero-day to drop malware
Tags: apt, attack, defense, exploit, government, group, hacker, hacking, malware, rce, remote-code-execution, vulnerability, windows, zero-dayAn APT hacking group known as ‘Stealth Falcon’ exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, and Yemen. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/stealth-falcon-hackers-exploited-windows-webdav-zero-day-to-drop-malware/
-
Hackers exploited Windows WebDav zero-day to drop malware
Tags: apt, attack, defense, exploit, government, group, hacker, hacking, malware, rce, remote-code-execution, vulnerability, windows, zero-dayAn APT hacking group known as ‘Stealth Falcon’ exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, and Yemen. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/stealth-falcon-hackers-exploited-windows-webdav-zero-day-to-drop-malware/
-
8 things CISOs have learned from cyber incidents
Tags: apt, attack, authentication, backup, breach, business, ciso, compliance, cyber, data, defense, detection, endpoint, exploit, incident, incident response, infection, insurance, jobs, malicious, malware, metric, network, ransom, ransomware, RedTeam, risk, skills, tool, training, update, virus, vulnerability, vulnerability-management, zero-trust2. You’ll need shift from defense to offence: The role and the CISO won’t be the same after an incident.”My job on December 11 was very different from my job on December 12 and beyond, says Brown.Following an incident, some organizations need to change to such an extent that they need a different CISO with…
-
Stealth Falcon APT Exploits Microsoft RCE Zero-Day in Mideast
The bug is one of 66 disclosed and patched today by Microsoft as part of its June 2025 Patch Tuesday set of security vulnerability fixes. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/stealth-falcon-apt-exploits-microsoft-rce-zero-day-mideast
-
North Korean APT Hackers Target Users on Social Media to Spread Malware
The Genians Security Center (GSC) has uncovered a highly sophisticated Advanced Persistent Threat (APT) campaign orchestrated by the North Korean state-sponsored hacking group Kimsuky. Active between March and April 2025, this campaign, identified as part of the notorious ‘AppleSeed’ operation, targets individuals in South Korea through a multi-pronged approach using Facebook, email, and Telegram. Sophisticated…
-
Russia-linked PathWiper malware hits Ukrainian infrastructure
Tags: apt, attack, backup, cisco, ciso, compliance, control, cyber, detection, endpoint, finance, fortinet, infrastructure, insurance, intelligence, malware, network, PurpleTeam, resilience, risk, russia, tactics, threat, tool, ukraine, vulnerability, zero-trustEchoes of past attacks: While PathWiper shares tactical similarities with HermeticWiper, its enhanced capabilities reveal a clear evolution in wiper malware sophistication. The new variant employs advanced techniques, such as querying registry keys to locate network drives and dismounting volumes to bypass protections, a stark contrast to HermeticWiper’s simpler approach of sequentially targeting drives numbered…
-
Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises
The threat actor known as Rare Werewolf (formerly Rare Wolf) has been linked to a series of cyber attacks targeting Russia and the Commonwealth of Independent States (CIS) countries.”A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries,” Kaspersky said. “The malicious functionality of…
-
Operation DRAGONCLONE: China Mobile Tietong Hit by Advanced APT Attack
The post Operation DRAGONCLONE: China Mobile Tietong Hit by Advanced APT Attack appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/operation-dragonclone-china-mobile-tietong-hit-by-advanced-apt-attack/
-
BladedFeline: Iran-Aligned APT Group Expands Arsenal With Whisper and PrimeCache
The post BladedFeline: Iran-Aligned APT Group Expands Arsenal With Whisper and PrimeCache appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/bladedfeline-iran-aligned-apt-group-expands-arsenal-with-whisper-and-primecache/
-
Kimsuky’s AppleSeed Returns: North Korea-Linked APT Targets Korean Users via Social Media
The post Kimsuky’s AppleSeed Returns: North Korea-Linked APT Targets Korean Users via Social Media appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/kimsukys-appleseed-returns-north-korea-linked-apt-targets-korean-users-via-social-media/
-
SentinelOne Sees No Breach After Hardware Supplier Hacked
Intrusion Involved ShadowPad Malware, Wielded in Attacks Tied to Chinese APT Groups. Cybersecurity firm SentinelOne said suspected Chinese attackers, wielding ShadowPad backdoor malware, infiltrated a logistics firm that it used for supplying hardware to its employees, but that the intrusion doesn’t appear to have resulted in any infiltration of its own, corporate network. First seen…
-
APT 41: Threat Intelligence Report and Malware Analysis
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/apt-41-threat-intelligence-report-and-malware-analysis
-
Expanding Bitter APT operation exposed
First seen on scworld.com Jump to article: www.scworld.com/brief/expanding-bitter-apt-operation-exposed
-
Multi-year cyberespionage campaign launched by BladedFeline APT
First seen on scworld.com Jump to article: www.scworld.com/brief/multi-year-cyberespionage-campaign-launched-by-bladedfeline-apt
-
MSFT-CrowdStrike ‘Rosetta Stone’ for Naming APTs: Meh?
Microsoft and CrowdStrike announced an effort to deconflict the overlapping names of threat groups and reduce confusion for companies, but we’ve been here before. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/microsoft-crowdstrike-rosetta-stone-apt
-
Iranian APT ‘BladedFeline’ Remains Hidden in Networks for 8 Years
ESET researchers have uncovered the persistent activities of BladedFeline, an Iranian-aligned Advanced Persistent Threat (APT) group, which has maintained covert access to the networks of Kurdish and Iraqi government officials for nearly eight years. First identified in 2017 through attacks on the Kurdistan Regional Government (KRG), BladedFeline has since evolved into a sophisticated cyberespionage entity,…
-
China Accuses Taiwan of Operating APT Groups with US Support
China has accused Taiwan’s Democratic Progressive Party (DPP) authorities of orchestrating a series of sophisticated cyber attacks through Advanced Persistent Threat (APT) groups. Referred to as >>T-APTs,
-
Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands
The threat actor known as Bitter has been assessed to be a state-backed hacking group that’s tasked with gathering intelligence that aligns with the interests of the Indian government.That’s according to new findings jointly published by Proofpoint and Threatray in an exhaustive two-part analysis.”Their diverse toolset shows consistent coding patterns across malware families, particularly in…
-
UNC6040 APT Hackers Steals Salesforce data Without Exploit Any Vulnerabilities
Tags: apt, cyber, cyberattack, data, exploit, google, group, hacker, intelligence, phishing, software, threat, vulnerabilityThe financially motivated threat cluster UNC6040, tracked by Google Threat Intelligence Group (GTIG), has been orchestrating a series of voice phishing (vishing) campaigns specifically aimed at compromising Salesforce environments of multinational corporations. Unlike traditional cyberattacks that leverage software vulnerabilities, UNC6040 relies entirely on manipulating human behavior, impersonating IT support personnel to deceive employees predominantly in…
-
PathWiper: Russia-Linked APT Deploys New Wiper Malware Against Ukrainian Infrastructure
The post PathWiper: Russia-Linked APT Deploys New Wiper Malware Against Ukrainian Infrastructure appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/pathwiper-russia-linked-apt-deploys-new-wiper-malware-against-ukrainian-infrastructure/
-
Iranian APT ‘BladedFeline’ Hides in Network for 8 Years
ESET published research on the Iranian APT BladedFeline, which researchers believe is a subgroup of the cyber-espionage entity APT34. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/iranian-apt-bladedfeline-hides-network-8-years
-
China accuses Taiwan of running five feeble APT gangs, with US help
The authors who claimed America hacked itself to discredit Beijing are back with another report First seen on theregister.com Jump to article: www.theregister.com/2025/06/05/china_taiwan_us_apt_report/
-
âš¡ Weekly Recap: APT Intrusions, AI Malware, Zero-Click Exploits, Browser Hijacks and More
If this had been a security drill, someone would’ve said it went too far. But it wasn’t a drill”, it was real. The access? Everything looked normal. The tools? Easy to find. The detection? Came too late.This is how attacks happen now”, quiet, convincing, and fast. Defenders aren’t just chasing hackers anymore”, they’re struggling to…
-
Bitter APT Targets Pakistan Telecom Amidst Border Tensions with New Cyberattack!
As tensions flared between India and Pakistan during Operation Sindoor on May 7, 2025, a covert cyber offensive First seen on securityonline.info Jump to article: securityonline.info/bitter-apt-targets-pakistan-telecom-amidst-border-tensions-with-new-cyberattack/
-
Multi-industry attacks launched by Earth Lamia APT
First seen on scworld.com Jump to article: www.scworld.com/brief/multi-industry-attacks-launched-by-earth-lamia-apt
-
APT Hackers Turn Google Calendar Into Command Hub Using TOUGHPROGRESS Malware, Google Alerts
Google Threat Intelligence Group (GTIG), a sophisticated malware campaign dubbed >>TOUGHPROGRESS
-
Earth Lamia: China-Linked APT Targets Global Industries with Custom Backdoors
Trend Micro’s latest threat intelligence report uncovers Earth Lamia, a stealthy and evolving China-nexus advanced persistent threat First seen on securityonline.info Jump to article: securityonline.info/earth-lamia-china-linked-apt-targets-global-industries-with-custom-backdoors/
-
New Russian APT group Void Blizzard targets NATO-based orgs after infiltrating Dutch police
Tags: access, api, apt, attack, authentication, blizzard, cloud, credentials, data, defense, detection, edr, email, fido, framework, group, hacker, identity, least-privilege, login, mfa, microsoft, open-source, passkey, password, phishing, qr, risk, russia, siem, spear-phishing, switch, threat, toolSwitch to spear phishing: In recent months the group seems to have pivoted from password spraying to targeted spear phishing attacks that direct users to fake Microsoft Entra login pages using adversary-in-the-middle (AitM) techniques. Such a campaign led to the compromise of 20 NGOs in April.In its campaign against NGOs, Void Blizzard sent emails masquerading…