Tag: apt
-
Squid Werewolf APT Masquerades as Recruiters in Espionage Campaign Targeting Key Employees
The BI.ZONE Threat Intelligence team has uncovered a new cyber-espionage campaign attributed to Squid Werewolf, also known as First seen on securityonline.info Jump to article: securityonline.info/squid-werewolf-apt-masquerades-as-recruiters-in-espionage-campaign-targeting-key-employees/
-
ClickFix Widely Adopted by Cybercriminals, APT Groups
The ClickFix technique has been employed by cybercrime and APT groups for information stealer and other malware deployment. The post ClickFix Widely Adopted by Cybercriminals, APT Groups appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/clickfix-widely-adopted-by-cybercriminals-apt-groups/
-
Android spyware ‘KoSpy’ spread by suspected North Korean APT
First seen on scworld.com Jump to article: www.scworld.com/news/android-spyware-kospy-spread-by-suspected-north-korean-apt
-
North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy
North Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. North Korea-linked threat actor ScarCruft (aka APT37, Reaper, and Group123) is behind a previously undetected Android surveillance tool named KoSpy that was used to target Korean and English-speaking users. ScarCruft has been active since at least 2012, it made the…
-
Blind Eagle Targets Organizations with Weaponized .URL Files to Steal User Hashes
In a significant development in the cybersecurity landscape, APT-C-36, more commonly known as Blind Eagle, has intensified its operations targeting Colombian governmental, financial, and critical infrastructure organizations. Active since 2018, this Advanced Persistent Threat group has recently expanded its arsenal with sophisticated exploit techniques and malware, demonstrating an alarming ability to adapt to evolving security…
-
China-linked APT UNC3886 targets EoL Juniper routers
Mandiant researchers warn that China-linked actors are deploying custom backdoors on Juniper NetworksJunos OS MX routers. In mid-2024, Mandiant identified custom backdoors on Juniper Networks’ Junos OS routers, and attributed the attacks to a China-linked espionage group tracked as UNC3886. These TINYSHELL-based backdoors had various capabilities, including active and passive access and a script to…
-
Volt Typhoon Strikes Massachusetts Power Utility
The prolonged attack, which lasted 300+ days, is the first known compromise of the US electric grid by the Voltzite subgroup of the Chinese APT; during it, the APT attempted to exfiltrate critical OT infrastructure data. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/volt-typhoon-strikes-massachusetts-power-utility
-
SideWinder APT Group: Maritime Nuclear Targets, Evolved Malware
The SideWinder Advanced Persistent Threat (APT) group has expanded its cyber-espionage operations, targeting the maritime and nuclear sectors First seen on securityonline.info Jump to article: securityonline.info/sidewinder-apt-group-maritime-nuclear-targets-evolved-malware/
-
MirrorFace APT Using Custom Malware To Exploited Windows Sandbox Visual Studio Code
The cybersecurity landscape witnessed a significant development when the National Police Agency (NPA) and the National center of Incident readiness and Strategy for Cybersecurity (NISC) released a security advisory on January 8, 2025. This advisory highlighted an Advanced Persistent Threat (APT) campaign conducted by a group known as >>MirrorFace,
-
Ivanti EPM vulnerabilities actively exploited in the wild, CISA warns
Tags: apt, china, cisa, cyberespionage, exploit, flaw, group, ivanti, remote-code-execution, vpn, vulnerability, zero-dayIvanti products in attackers’ crosshairs: Multiple Ivanti products have been targeted by attackers over the past year, especially by state-sponsored cyberespionage groups who developed zero-day exploits for them.Back in January Ivanti patched a critical remote code execution flaw in its Connect Secure SSL VPN appliance that a Chinese APT group had exploited as a zero-day…
-
Sidewinder APT shifts targeting in new intrusions
Tags: aptFirst seen on scworld.com Jump to article: www.scworld.com/brief/sidewinder-apt-shifts-targeting-in-new-intrusions
-
Cyber-Angriffe zielen vermehrt auf Atomkraftwerke
Die APT-Gruppe SideWinder ihre Angriffsstrategien erweitert und zielt nun auch auf Atomkraftwerke und Energieeinrichtungen ab. Betroffen sind vor allem Unternehmen in Afrika, Südostasien und Teilen Europas, darunter Österreich. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/kritis/cyber-angriffe-zielen-vermehrt-auf-atomkraftwerke/
-
Blind Eagle Hackers Exploit Google Drive, Dropbox GitHub to Evade Security Measures
In a recent cyber campaign, the notorious threat actor group Blind Eagle, also known as APT-C-36, has been leveraging trusted cloud platforms like Google Drive, Dropbox, GitHub, and Bitbucket to distribute malware and evade traditional security defenses. This sophisticated approach allows them to bypass detection by disguising malicious files as harmless ones hosted on these…
-
1,600 Victims Hit by South American APT’s Malware
South American cyberespionage group Blind Eagle has infected over 1,600 organizations in Colombia in a recent campaign. The post 1,600 Victims Hit by South American APT’s Malware appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/1600-victims-hit-by-south-american-apts-malware/
-
SideWinder APT targets maritime and nuclear sectors with enhanced toolset
The APT group SideWinder targets maritime and logistics companies across South and Southeast Asia, the Middle East, and Africa. Kaspersky researchers warn that the APT group SideWinder (also known as Razor Tiger, Rattlesnake, and T-APT-04) is targeting maritime, logistics, nuclear, telecom, and IT sectors across South Asia, Southeast Asia, the Middle East, and Africa. SideWinder(also…
-
SideWinder APT Deploys New Tools in Attacks on Military Government Entities
The SideWinder Advanced Persistent Threat (APT) group has been observed intensifying its activities, particularly targeting military and government entities across various regions. This group, known for its aggressive expansion beyond traditional targets, has recently updated its toolset to include sophisticated malware designed for espionage. SideWinder’s primary targets have historically included entities in Pakistan, Sri Lanka,…
-
SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa
Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder.The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear…
-
APT ‘Blind Eagle’ Targets Colombian Government
The South American-based advanced persistent threat group is using an exploit with a high infection rate, according to research from Check Point. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/apt-blind-eagle-targets-colombian-government
-
APT-Gruppe Sidewinder zielt auf Atomkraftwerke ab
Laut aktuellen Analysen von Kaspersky hat die berüchtigte Advanced-Persistent-Threat (APT) -Gruppe ihre Angriffsstrategien angepasst und ihre geografischen Ziele ausgeweitet. Im Rahmen der jüngsten Spionagekampagne richtet sich Sidewinder nun auch gegen Atomkraftwerke und Energieeinrichtungen. Betroffene Unternehmen finden sich überwiegend in Afrika und Südostasien, aber auch in Teilen Europas, darunter Österreich. Sidewinder ist seit mindestens 2012 […]…
-
Blind Eagle: “¦And Justice for All
ey Points Introduction APT-C-36, also known as Blind Eagle, is a threat group that engages in both espionage and cybercrime. It primarily targets organizations in Colombia and other Latin American countries. Active since 2018, this Advanced Persistent Threat (APT) group focuses on government institutions, financial organizations, and critical infrastructure. Blind Eagle is known for employing…
-
North Korea-linked APT Moonstone used Qilin ransomware in limited attacks
Microsoft researchers reported that North Korea-linked APT tracked as Moonstone Sleet has employed the Qilin ransomware in limited attacks. Microsoft observed a North Korea-linked APT group, tracked as Moonstone Sleet, deploying Qilin ransomware in limited attacks since February 2025. The APT group uses Qilin ransomware after previously using custom ransomware. >>Moonstone Sleet has previously exclusively…
-
Under Pressure: US Charges China’s APTHire Hackers
The US Justice Department on Wednesday announced charges against members of the Chinese-backed i-Soon secret APT and APT27, the latter implicated in January’s Treasury breach. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/us-charges-china-apt-for-hire-hackers
-
Chinese APT Silk Typhoon exploits IT supply chain weaknesses for initial access
Tags: access, apt, attack, authentication, china, citrix, cloud, control, corporate, credentials, data, detection, email, exploit, firewall, github, government, group, hacker, identity, Internet, ivanti, least-privilege, microsoft, network, password, service, software, supply-chain, threat, update, vpn, vulnerability, zero-dayTwo-way lateral movement: Aside from abusing cloud assets and third-party services and software providers to gain access to local networks, the Silk Typhoon attackers are also proficient in jumping from on-premise environments into cloud environments. The group’s hackers regularly target Microsoft AADConnect (now Entra Connect) servers which are used to synchronize on-premise Active Directory deployments…
-
China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain
Silk Typhoon APT caught using IT supply chain entry points to conduct reconnaissance, siphon data, and move laterally on victim networks. The post China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/china-hackers-behind-us-treasury-breach-caught-targeting-it-supply-chain/
-
Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants
The threat actor known as Lotus Panda has been observed targeting government, manufacturing, telecommunications, and media sectors in the Philippines, Vietnam, Hong Kong, and Taiwan with updated versions of a known backdoor called Sagerunex.”Lotus Blossom has been using the Sagerunex backdoor since at least 2016 and is increasingly employing long-term persistence command shells and developing…
-
Schutz vor APT-Angriffen Automobilindustrie im Visier
Die Automobilindustrie ist nicht nur einer der größten Wirtschaftszweige der Welt, sie ist auch sehr attraktiv für Hacker, denn hier erhoffen sich die Cyberkriminellen den großen Fang. Es ist wichtig, dass die Automobilindustrie ihre OT-Sicherheitsstrategie verbessert und das Zero-Trust-Prinzip anwendet. First seen on ap-verlag.de Jump to article: ap-verlag.de/schutz-vor-apt-angriffen-automobilindustrie-im-visier/94034/
-
Military, Government, Face Escalating APT Attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/military-government-face-escalating-apt-attacks