Tag: apt
-
Kimsuky and Konni APT Groups Lead Active Attacks Targeting East Asia
An significant 20 Advanced Persistent Threat (APT) occurrences were found in April 2025, according to a new report from Fuying Lab’s worldwide threat hunting system. East Asia emerges as a primary hotspot, where the notorious APT groups Kimsuky and Konni have been identified as the most active players. According to the Report, their operations predominantly…
-
Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware
Cybersecurity researchers are warning of a new phishing campaign that’s targeting users in Taiwan with malware families such as HoldingHands RAT and Gh0stCringe.The activity is part of a broader campaign that delivered the Winos 4.0 malware framework earlier this January by sending phishing messages impersonating Taiwan’s National Taxation Bureau, Fortinet FortiGuard Labs said in a…
-
Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware
Cybersecurity researchers are warning of a new phishing campaign that’s targeting users in Taiwan with malware families such as HoldingHands RAT and Gh0stCringe.The activity is part of a broader campaign that delivered the Winos 4.0 malware framework earlier this January by sending phishing messages impersonating Taiwan’s National Taxation Bureau, Fortinet FortiGuard Labs said in a…
-
NSFOCUS APT Monthly Briefing April 2025
Regional APT Threat Situation Overview In April 2025, the global threat hunting system of Fuying Lab discovered a total of 20 APT attack activities. These activities are mainly distributed in East Asia, South Asia, Middle East and Eastern Europe, as shown in the following figure. In terms of group activity, the most active APT group…The…
-
North Korean APT Hackers Target Ukrainian Government Agencies to Steal Login Credentials
Tags: apt, attack, credentials, cyber, government, group, hacker, login, north-korea, phishing, threat, ukraineNorth Korean Advanced Persistent Threat (APT) hackers, specifically the Konni group, have shifted their focus to Ukrainian government agencies in a targeted phishing campaign aimed at stealing login credentials and distributing malware. This attack, observed in February 2025, marks a notable divergence from the group’s traditional targets and raises questions about potential strategic alliances with…
-
Hackers exploited Windows WebDav zero-day to drop malware
Tags: apt, attack, defense, exploit, government, group, hacker, hacking, malware, rce, remote-code-execution, vulnerability, windows, zero-dayAn APT hacking group known as ‘Stealth Falcon’ exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, and Yemen. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/stealth-falcon-hackers-exploited-windows-webdav-zero-day-to-drop-malware/
-
Hackers exploited Windows WebDav zero-day to drop malware
Tags: apt, attack, defense, exploit, government, group, hacker, hacking, malware, rce, remote-code-execution, vulnerability, windows, zero-dayAn APT hacking group known as ‘Stealth Falcon’ exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, and Yemen. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/stealth-falcon-hackers-exploited-windows-webdav-zero-day-to-drop-malware/
-
8 things CISOs have learned from cyber incidents
Tags: apt, attack, authentication, backup, breach, business, ciso, compliance, cyber, data, defense, detection, endpoint, exploit, incident, incident response, infection, insurance, jobs, malicious, malware, metric, network, ransom, ransomware, RedTeam, risk, skills, tool, training, update, virus, vulnerability, vulnerability-management, zero-trust2. You’ll need shift from defense to offence: The role and the CISO won’t be the same after an incident.”My job on December 11 was very different from my job on December 12 and beyond, says Brown.Following an incident, some organizations need to change to such an extent that they need a different CISO with…
-
Stealth Falcon APT Exploits Microsoft RCE Zero-Day in Mideast
The bug is one of 66 disclosed and patched today by Microsoft as part of its June 2025 Patch Tuesday set of security vulnerability fixes. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/stealth-falcon-apt-exploits-microsoft-rce-zero-day-mideast
-
North Korean APT Hackers Target Users on Social Media to Spread Malware
The Genians Security Center (GSC) has uncovered a highly sophisticated Advanced Persistent Threat (APT) campaign orchestrated by the North Korean state-sponsored hacking group Kimsuky. Active between March and April 2025, this campaign, identified as part of the notorious ‘AppleSeed’ operation, targets individuals in South Korea through a multi-pronged approach using Facebook, email, and Telegram. Sophisticated…
-
Russia-linked PathWiper malware hits Ukrainian infrastructure
Tags: apt, attack, backup, cisco, ciso, compliance, control, cyber, detection, endpoint, finance, fortinet, infrastructure, insurance, intelligence, malware, network, PurpleTeam, resilience, risk, russia, tactics, threat, tool, ukraine, vulnerability, zero-trustEchoes of past attacks: While PathWiper shares tactical similarities with HermeticWiper, its enhanced capabilities reveal a clear evolution in wiper malware sophistication. The new variant employs advanced techniques, such as querying registry keys to locate network drives and dismounting volumes to bypass protections, a stark contrast to HermeticWiper’s simpler approach of sequentially targeting drives numbered…
-
Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises
The threat actor known as Rare Werewolf (formerly Rare Wolf) has been linked to a series of cyber attacks targeting Russia and the Commonwealth of Independent States (CIS) countries.”A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries,” Kaspersky said. “The malicious functionality of…
-
Kimsuky’s AppleSeed Returns: North Korea-Linked APT Targets Korean Users via Social Media
The post Kimsuky’s AppleSeed Returns: North Korea-Linked APT Targets Korean Users via Social Media appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/kimsukys-appleseed-returns-north-korea-linked-apt-targets-korean-users-via-social-media/
-
Operation DRAGONCLONE: China Mobile Tietong Hit by Advanced APT Attack
The post Operation DRAGONCLONE: China Mobile Tietong Hit by Advanced APT Attack appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/operation-dragonclone-china-mobile-tietong-hit-by-advanced-apt-attack/
-
BladedFeline: Iran-Aligned APT Group Expands Arsenal With Whisper and PrimeCache
The post BladedFeline: Iran-Aligned APT Group Expands Arsenal With Whisper and PrimeCache appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/bladedfeline-iran-aligned-apt-group-expands-arsenal-with-whisper-and-primecache/
-
SentinelOne Sees No Breach After Hardware Supplier Hacked
Intrusion Involved ShadowPad Malware, Wielded in Attacks Tied to Chinese APT Groups. Cybersecurity firm SentinelOne said suspected Chinese attackers, wielding ShadowPad backdoor malware, infiltrated a logistics firm that it used for supplying hardware to its employees, but that the intrusion doesn’t appear to have resulted in any infiltration of its own, corporate network. First seen…
-
APT 41: Threat Intelligence Report and Malware Analysis
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/apt-41-threat-intelligence-report-and-malware-analysis
-
Expanding Bitter APT operation exposed
First seen on scworld.com Jump to article: www.scworld.com/brief/expanding-bitter-apt-operation-exposed
-
Multi-year cyberespionage campaign launched by BladedFeline APT
First seen on scworld.com Jump to article: www.scworld.com/brief/multi-year-cyberespionage-campaign-launched-by-bladedfeline-apt
-
MSFT-CrowdStrike ‘Rosetta Stone’ for Naming APTs: Meh?
Microsoft and CrowdStrike announced an effort to deconflict the overlapping names of threat groups and reduce confusion for companies, but we’ve been here before. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/microsoft-crowdstrike-rosetta-stone-apt
-
Iranian APT ‘BladedFeline’ Remains Hidden in Networks for 8 Years
ESET researchers have uncovered the persistent activities of BladedFeline, an Iranian-aligned Advanced Persistent Threat (APT) group, which has maintained covert access to the networks of Kurdish and Iraqi government officials for nearly eight years. First identified in 2017 through attacks on the Kurdistan Regional Government (KRG), BladedFeline has since evolved into a sophisticated cyberespionage entity,…
-
China Accuses Taiwan of Operating APT Groups with US Support
China has accused Taiwan’s Democratic Progressive Party (DPP) authorities of orchestrating a series of sophisticated cyber attacks through Advanced Persistent Threat (APT) groups. Referred to as >>T-APTs,
-
Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands
The threat actor known as Bitter has been assessed to be a state-backed hacking group that’s tasked with gathering intelligence that aligns with the interests of the Indian government.That’s according to new findings jointly published by Proofpoint and Threatray in an exhaustive two-part analysis.”Their diverse toolset shows consistent coding patterns across malware families, particularly in…
-
PathWiper: Russia-Linked APT Deploys New Wiper Malware Against Ukrainian Infrastructure
The post PathWiper: Russia-Linked APT Deploys New Wiper Malware Against Ukrainian Infrastructure appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/pathwiper-russia-linked-apt-deploys-new-wiper-malware-against-ukrainian-infrastructure/
-
UNC6040 APT Hackers Steals Salesforce data Without Exploit Any Vulnerabilities
Tags: apt, cyber, cyberattack, data, exploit, google, group, hacker, intelligence, phishing, software, threat, vulnerabilityThe financially motivated threat cluster UNC6040, tracked by Google Threat Intelligence Group (GTIG), has been orchestrating a series of voice phishing (vishing) campaigns specifically aimed at compromising Salesforce environments of multinational corporations. Unlike traditional cyberattacks that leverage software vulnerabilities, UNC6040 relies entirely on manipulating human behavior, impersonating IT support personnel to deceive employees predominantly in…
-
Iranian APT ‘BladedFeline’ Hides in Network for 8 Years
ESET published research on the Iranian APT BladedFeline, which researchers believe is a subgroup of the cyber-espionage entity APT34. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/iranian-apt-bladedfeline-hides-network-8-years
-
China accuses Taiwan of running five feeble APT gangs, with US help
The authors who claimed America hacked itself to discredit Beijing are back with another report First seen on theregister.com Jump to article: www.theregister.com/2025/06/05/china_taiwan_us_apt_report/
-
âš¡ Weekly Recap: APT Intrusions, AI Malware, Zero-Click Exploits, Browser Hijacks and More
If this had been a security drill, someone would’ve said it went too far. But it wasn’t a drill”, it was real. The access? Everything looked normal. The tools? Easy to find. The detection? Came too late.This is how attacks happen now”, quiet, convincing, and fast. Defenders aren’t just chasing hackers anymore”, they’re struggling to…