Tag: apt
-
BSI-Liste 2025: SECUINFRA ist qualifizierter APT-Response Dienstleister
Die SECUINFRA GmbH hat sich nach einem aufwendigen Prüfverfahren durch das Bundesamt für Sicherheit in der Informationstechnik (BSI) als Dienstleister für APT-Response qualifiziert [1]. Das Berliner Cybersecurity-Unternehmen erfüllt demnach die fachlichen und organisatorischen Anforderungen, um bei der Bekämpfung gezielter und komplexer Cyberangriffe sogenannter Advanced Persistent Threats (APTs) als vertrauenswürdiger Partner eingesetzt zu werden…. First seen…
-
SECUINFRA wird vom BSI als qualifizierter APT-Response Dienstleister anerkannt
Die BSI-Liste richtet sich insbesondere an Betreiber Kritischer Infrastrukturen also z.”¯B. Energieversorger, Krankenhäuser oder Verkehrsunternehmen die im Ernstfall schnell auf vertrauenswürdige Unterstützung angewiesen sind. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/secuinfra-wird-vom-bsi-als-qualifizierter-apt-response-dienstleister-anerkannt/a40827/
-
APT Group 123 Targets Windows Systems in Ongoing Malicious Payload Campaign
Group123, a North Korean state-sponsored Advanced Persistent Threat (APT) group also known by aliases such as APT37, Reaper, and ScarCruft, continues to target Windows-based systems across multiple regions. Active since at least 2012, the group has historically focused on South Korea but has broadened its operations since 2017 to include Japan, Vietnam, the Middle East,…
-
Turkish APT Exploits Chat App Zero-Day to Spy on Iraqi Kurds
Even after their zero-day turned into an n-day, attackers known as Marbled Dust or Sea Turtle continued to spy on military targets that had failed to patch Output Messenger. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/turkish-apt-exploits-chat-app-zero-day-spy-iraqi-kurds
-
Inside Turla’s Uroboros Infrastructure and Tactics Revealed
In a nation-state cyber espionage, a recent static analysis of the Uroboros rootkit, attributed to the infamous APT group Turla, uncovers a chilling display of sophistication and mastery over Windows kernel internals. With the sample identified by the MD5 hash ed785bbd156b61553aaf78b6f71fb37b, this malware-first linked to Turla around 2014-2015-stands as a testament to the group’s elite…
-
Earth Ammit Hackers Deploy New Tools to Target Military Drones
The threat actor group known as Earth Ammit, believed to be associated with Chinese-speaking APTs, has emerged as a significant concern for military and industrial sectors in Eastern Asia. This group orchestrated two distinct campaigns-VENOM and TIDRONE-primarily targeting Taiwan and South Korea. Their focus on supply chain infiltration, particularly within the drone and military industries,…
-
Swan Vector Espionage Targets Japan Taiwan with Advanced Malware
The Seqrite Labs APT-Team has uncovered a complex cyber-espionage operation dubbed Swan Vector, targeting educational institutions and the First seen on securityonline.info Jump to article: securityonline.info/swan-vector-espionage-targets-japan-taiwan-with-advanced-malware/
-
China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide
Tags: apt, breach, china, cve, exploit, flaw, infrastructure, remote-code-execution, sap, vulnerabilityA recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks.”Actors leveraged CVE-2025-31324, an unauthenticated file upload vulnerability that enables remote code execution (RCE),” EclecticIQ researcher Arda Büyükkaya said in an analysis published today.Targets of the campaign First seen on thehackernews.com Jump to article:…
-
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-dayExecutive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
-
APT group exploited Output Messenger Zero-Day to target Kurdish military operating in Iraq
A Türkiye-linked group used an Output Messenger zero-day to spy on Kurdish military targets in Iraq, collecting user data since April 2024. Since April 2024, the threat actor Marbled Dust (aka Sea Turtle, Teal Kurma, Marbled Dust, SILICON and Cosmic Wolf) has exploited a zero-day flaw (CVE-2025-27920) in Output Messenger to target Kurdish military-linked users…
-
North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress
Tags: apt, government, group, intelligence, korea, malware, north-korea, phishing, russia, threat, ukraineThe North Korea-linked threat actor known as Konni APT has been attributed to a phishing campaign targeting government entities in Ukraine, indicating the threat actor’s targeting beyond Russia.Enterprise security firm Proofpoint said the end goal of the campaign is to collect intelligence on the “trajectory of the Russian invasion.””The group’s interest in Ukraine follows historical…
-
CyberUK 2025: Resilience and APT Threats Loom Large
Government Officials Sound ‘Wake Up’ Alarms. A rash of cyber incidents felt by British businesses add up to a wake-up call that cybersecurity is an absolute priority, top government officials warned during an annual conference hosted by the National Cyber Security Centre. The NCSC unveiled cyber resilience measures timed for the conference. First seen on…
-
Russia-linked ColdRiver used LostKeys malware in recent attacks
Tags: apt, attack, cyberespionage, espionage, google, government, group, intelligence, malware, russia, threatSince early 2025, Russia-linked ColdRiver has used LostKeys malware to steal files in espionage attacks on Western governments and organizations. Google’s Threat Intelligence Group discovered LOSTKEYS, a new malware used by Russia-linked APT COLDRIVER, in recent attacks to steal files and gather system info. TheColdRiverAPT (aka “Seaborgium”, “Callisto”, “Star Blizzard”,”TA446″) is a Russian cyberespionage group…
-
‘CISOs sprechen heute die Sprache des Business”
Nick Godfrey, Leiter des Office of the CISO bei Google Cloud Google CloudAls Senior Director und Leiter des Office of the CISO bei Google Cloud ist es die Aufgabe von Nick Godfrey, das Unternehmen beim Austausch zwischen CISOs rund um die Themen Cloud und Security zu unterstützen. Godfrey, selbst ehemaliger Sicherheitsverantwortlicher bei einem Finanzdienstleister, leitet…
-
Hackers Use Pahalgam Attack-Themed Decoys to Target Indian Government Officials
The Seqrite Labs APT team has uncovered a sophisticated cyber campaign by the Pakistan-linked Transparent Tribe (APT36) targeting Indian Government and Defense personnel. This operation, centered around the recent Pahalgam terror attack on April 22, 2025, leverages emotionally charged themes to distribute phishing documents and deploy malicious payloads. Exploiting Geopolitical Tensions for Cyber Espionage The…
-
APT36 Targets India with Pahalgam Attack-Themed Phishing
Seqrite Labs APT team has revealed that Pakistan-linked threat actor APT36 (Transparent Tribe) has launched a coordinated phishing First seen on securityonline.info Jump to article: securityonline.info/apt36-targets-india-with-pahalgam-attack-themed-phishing/
-
Iranian APT Group Breaches Middle Eastern Critical Infrastructure in Stealth Campaign
Recently, the FortiGuard Incident Response (FGIR) team has released an in-depth analysis detailing a prolonged, state-sponsored intrusion into First seen on securityonline.info Jump to article: securityonline.info/iranian-apt-group-breaches-middle-eastern-critical-infrastructure-in-stealth-campaign/
-
Multi-stage malware attacks launched by Nebulous Mantis APT
First seen on scworld.com Jump to article: www.scworld.com/brief/multi-stage-malware-attacks-launched-by-nebulous-mantis-apt
-
IPv6 SLAAC exploited by Chinese APT for AitM attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/ipv6-slaac-exploited-by-chinese-apt-for-aitm-attacks
-
Earth Kasha Refines Spear-Phishing Tactics in Espionage Campaign Targeting Taiwan and Japan
In a renewed cyber-espionage campaign observed in March 2025, the notorious APT group Earth Kasha, believed to operate First seen on securityonline.info Jump to article: securityonline.info/earth-kasha-refines-spear-phishing-tactics-in-espionage-campaign-targeting-taiwan-and-japan/
-
Hackers abuse IPv6 networking feature to hijack software updates
A China-aligned APT threat actor named “TheWizards” abuses an IPv6 networking feature to launch adversary-in-the-middle (AitM) attacks that hijack software updates to install Windows malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/
-
Russian APT28 hackers have redoubled efforts during Ukraine war, says French security agency
Tags: apt, attack, backdoor, cisco, credentials, crowdstrike, cyber, detection, exploit, finance, government, group, hacker, hacking, infrastructure, intelligence, Internet, mail, malicious, military, monitoring, network, phishing, russia, service, theft, ukraine, vpn, vulnerabilityTargeting and Compromise of French Entities Using the APT28 Intrusion Set, the group now aggressively targets the networks of government organizations and companies connected to Ukraine’s allies, including France.Since 2021, the group has targeted specific industrial sectors including aerospace, financial services, think tanks and research, local government, and government ministries.Nothing APT28 does stands out as…
-
TheWizards APT Casts a Spell on Asian Gamblers With Novel Attack
A SLAAC-spoofing, adversary-in-the-middle campaign is hiding the WizardNet backdoor malware inside updates for legitimate software and popular applications. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/thewizards-apt-asian-gamblers-attack
-
Russia-linked group Nebulous Mantis targets NATO-related defense organizations
Tags: apt, cyber, data, defense, espionage, government, group, infrastructure, phishing, rat, russia, spear-phishingPRODAFT researchers warn of Russia-linked APT group Nebulous Mantis targeting NATO-related defense organizations Nebulous Mantis, a Russian-speaking cyber espionage group (aka Cuba, STORM-0978, Tropical Scorpius, UNC2596), used RomCom RAT and Hancitor since 2019 to target critical infrastructure, governments, and NATO-linked entities. Since mid-2022, they’ve deployed RomCom via spear-phishing for espionage, lateral movement, and data theft.…
-
Southeast Asia targeted by Earth Kurma APT attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/southeast-asia-targeted-by-earth-kurma-apt-attacks
-
SentinelOne warns of threat actors targeting its systems and high-value clients
SentinelOne warns China-linked APT group PurpleHaze attempted reconnaissance on its systems and high-value clients. Cybersecurity firm SentinelOne warns that a China-linked APT group, tracked as PurpleHaze, attempted to conduct reconnaissance on its infrastructure and high-value clients. The activity suggests targeted cyberespionage efforts aimed at gathering information for potential future attacks. SentinelOne first identified PurpleHaze’s activity…
-
Konni APT Deploys Multi-Stage Malware in Targeted Organizational Attacks
A sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent Threat (APT) group, has been identified targeting entities predominantly in South Korea. Cybersecurity experts have uncovered a meticulously crafted attack chain that leverages advanced obfuscation techniques and persistent mechanisms to compromise systems and exfiltrate sensitive data. This campaign underscores the persistent…
-
Enterprise-specific zero-day exploits on the rise, Google warns
Tags: access, apple, apt, attack, china, cisco, cloud, crime, crimes, cyberespionage, detection, endpoint, exploit, finance, flaw, google, group, Hardware, incident response, injection, Internet, ivanti, korea, lessons-learned, mandiant, microsoft, mitigation, network, north-korea, remote-code-execution, russia, service, strategy, technology, threat, tool, update, vpn, vulnerability, zero-daySurge in network edge device exploitation: Of the 33 zero-day vulnerabilities in enterprise-specific products, 20 targeted hardware appliances typically located at the network edge, such as VPNs, security gateways, and firewalls. Notable targets last year included Ivanti Cloud Services Appliance, Palo Alto Networks’ PAN-OS, Cisco Adaptive Security Appliance, and Ivanti Connect Secure VPN.Targeted attacks against…