Tag: apt
-
News brief: China-linked APTs and Russian access broker
Check out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366621697/News-brief-China-linked-APTs-and-Russian-access-broker
-
Russia-linked Gamaredon targets Ukraine with Remcos RAT
Tags: apt, attack, cyberespionage, group, phishing, powershell, rat, russia, spear-phishing, ukraineRussia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, ACTINIUM, Callisto) targets Ukraine with a phishing campaign. The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukrainian entities, and organizations related…
-
Salt Typhoon may have upgraded backdoors for efficiency and evasion
CrowDoor and attributed to the Earth Estries APT group in November 2024.”GhostSparrow, aka Salt Typhoon (Microsoft), Earth Estries (Trend Micro), Ghost Emperor (Kaspersky Labs), and UNC2286 (Mandiant), has escalated cyber espionage, breaching US telecom networks and accessing data on over a million individuals. One of the key features ESET reported on the two previously unseen…
-
Pakistan-Linked APT Exploits Youth Laptop Scheme in Cyberattack Targeting India
A new cybersecurity report by CYFIRMA has uncovered a sophisticated cyberattack campaign targeting Indian users, allegedly orchestrated by First seen on securityonline.info Jump to article: securityonline.info/pakistan-linked-apt-exploits-youth-laptop-scheme-in-cyberattack-targeting-india/
-
New FamousSparrow Malware Targets Hotels and Engineering Firms with Custom Backdoor
ESET researchers have uncovered new activity from the China-aligned APT group FamousSparrow, revealing two previously undocumented versions of their custom SparrowDoor backdoor. The group, thought to be inactive since 2022, compromised a US-based trade organization in the financial sector and a Mexican research institute in July 2024. The first variant closely resembles the CrowDoor malware…
-
Pakistan APT Hackers Weaponize malicious IndiaPost Site to Target Windows and Android Users
A Pakistan-based Advanced Persistent Threat (APT) group, likely APT36, has launched a multi-platform cyberattack campaign targeting Indian users through a fraudulent website impersonating the Indian Post Office. The attack, discovered by CYFIRMA researchers, exploits both Windows and Android vulnerabilities, demonstrating a significant evolution in the group’s tactics. Sophisticated Attack Leverages Youth Laptop Scheme The malicious…
-
Google Hastily Patches Chrome Zero-Day Exploited by APT
Researchers at Kaspersky discovered cyber-espionage activity that used the vulnerability in a one-click phishing attack to deliver malware. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/google-patches-chrome-zero-day-exploited-apt
-
China-linked FamousSparrow APT group resurfaces with enhanced capabilities
ESET investigated suspicious activity on the network of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/26/famoussparrow-cyberespionage-attacks-united-states/
-
APT Hackers Exploit Google Chrome Zero-Day in Operation ForumTroll to Bypass Sandbox Protections
In mid-March 2025, Kaspersky researchers uncovered a sophisticated APT attack, dubbed Operation ForumTroll, which leveraged a previously unknown zero-day exploit in Google Chrome. This exploit allowed attackers to bypass Chrome’s sandbox protections, a critical security feature designed to isolate and contain malicious code. The attack was initiated through personalized phishing emails, which directed victims to…
-
North Korean Kimsuky Hackers Deploy New Tactics and Malicious Scripts in Recent Attacks
Security researchers have uncovered a new attack campaign by the North Korean state-sponsored APT group Kimsuky, also known as >>Black Banshee.
-
Unmasking Kimsuky’s Latest Tactics: A Deep Dive into Malicious Scripts and Payloads
Recently, K7 Labs provided an insightful analysis of a campaign attributed to the North Korean APT group Kimsuky, First seen on securityonline.info Jump to article: securityonline.info/unmasking-kimsukys-latest-tactics-a-deep-dive-into-malicious-scripts-and-payloads/
-
Multi-year telco hack conducted by Chinese APT
First seen on scworld.com Jump to article: www.scworld.com/brief/multi-year-telco-hack-conducted-by-chinese-apt
-
Chinese APT Weaver Ant Targeting Telecom Providers in Asia
Weaver Ant, a cyberespionage-focused APT operating out of China, is targeting telecom providers for persistent access. The post Chinese APT Weaver Ant Targeting Telecom Providers in Asia appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chinese-apt-weaver-ant-targeting-telecom-providers-in-asia/
-
Chinese Hacker Group Tracked Back to iSoon APT Operation
The group, called FishMonger or Aquatic Panda, is working under contract for the Chinese government to steal data from governmental organizations, Catholic charities, NGOs, think tanks, and more. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-espionage-hacker-group-isoon-apt-operation
-
Chinese APT Weaver Ant infiltrated a telco in Asia for over four years
China-linked APT Weaver Ant infiltrated the network of a telecommunications services provider for over four years. The China-linked threat actor Weaver Ant infiltrated the network of a telecom provider in Asia for over four years. During a forensic investigation, Sygnia researchers observed multiple alerts that revealed a re-enabled threat actor account by a service account…
-
China-Nexus APT ‘Weaver Ant’ Caught in Yearslong Web Shell Attack
The persistent threat actor was caught using sophisticated Web shell techniques against an unnamed telecommunications company in Asia. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-nexus-apt-weaver-ant-caught-yearslong-web-shell-attack
-
UAT-5918 ATP group targets critical Taiwan
Cisco Talos found UAT-5918, active since 2023, using web shells and open-source tools for persistence, info theft, and credential harvesting. Cisco Talos uncovered UAT-5918, an info-stealing threat actor active since 2023, using web shells and open-source tools for persistence and credential theft. The APT UAT-5918 targets Taiwan, exploiting N-day vulnerabilities in unpatched servers for long-term…
-
25 Prozent der Unternehmen waren 2024 von APT-Angriffen betroffen
Die Bedrohung durch Advanced Persistent Threats (APTs) hat im vergangenen Jahr stark zugenommen. Jedes vierte Unternehmen (25 Prozent) geriet ins Visier dieser hochentwickelten Angriffe, die für 43 Prozent aller schwerwiegenden Sicherheitsvorfälle verantwortlich waren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/25-prozent-2024-apt-angriffe
-
Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley
The FishMonger APT group, a subdivision of Chinese cybersecurity firm I-Soon, compromised seven organizations in a 2022 campaign. The post Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/chinese-i-soon-hackers-hit-7-organizations-in-operation-fishmedley/
-
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families
The China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a “global espionage campaign” that took place in 2022 targeting seven organizations.These entities include governments, catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States. The activity, which took place First seen…
-
I-SOON’s ‘Chinese Fishmonger’ APT Targets Government Entities and NGOs
In a recent development, the U.S. Department of Justice unsealed an indictment against employees of the Chinese contractor I-SOON, revealing their involvement in multiple global espionage operations. These operations are attributed to the FishMonger APT group, which is believed to be I-SOON’s operational arm. The group, also known as Earth Lusca, TAG-22, Aquatic Panda, or…
-
FishMonger APT Group Linked to I-SOON in Espionage Campaigns
The FishMonger APT Group has been linked with I-SOON, targeting governments, NGOs and think tanks in cyber-espionage campaigns First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fishmonger-apt-group-linked-isoon/
-
India Is Top Global Target for Hacktivists, Regional APTs
Global politics and a growing economy draw the wrong kind of attention to India, with denial-of-service and application attacks both on the rise. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/india-tops-global-targets-hactivists-regional-apt
-
New Windows zero-day feared abused in widespread espionage for years
.The zero-day vulnerability, tracked as ZDI-CAN-25373, has yet to be publicly acknowledged and assigned a CVE-ID by Microsoft. ZDI-CAN-25373 has to do with the way Windows displays the contents of .lnk files, a type of binary file used by Windows to act as a shortcut to a file, folder, or application, through the Windows UI.A…
-
Critical vulnerability in AMI MegaRAC BMC allows server’ takeover
Tags: access, advisory, api, apt, attack, authentication, control, credentials, cve, cyberespionage, cybersecurity, data, data-breach, endpoint, exploit, firewall, firmware, flaw, group, infrastructure, Internet, linux, malicious, malware, network, ransomware, supply-chain, technology, training, update, vulnerabilityth vulnerability that Eclypsium researchers found in MegaRAC, the BMC firmware implementation from UEFI/BIOS vendor American Megatrends (AMI). BMCs are microcontrollers present on server motherboards that have their own firmware, dedicated memory, power, and network ports and are used for out-of-band management of servers when their main operating systems are shut down.Administrators can access BMCs…
-
Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft
11 state-sponsored APTs exploit malicious .lnk files for espionage and data theft, with ZDI uncovering 1,000 such files used in attacks. At least 11 state-sponsored threat groups have been abusing Windows shortcut files for espionage and data theft, according to an analysis by Trend Micro’s Zero Day Initiative (ZDI). Trend ZDI researchers discovered 1,000 malicious…
-
11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft
ZDI has uncovered 1,000 malicious .lnk files used by state-sponsored and cybercrime threat actors to execute malicious commands. The post 11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/11-state-sponsored-apts-exploiting-lnk-files-for-espionage-data-theft/