Tag: apt
-
Military, government sectors face escalating APT attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/military-government-sectors-face-escalating-apt-attacks
-
US Cybercom, CISA retreat in fight against Russian cyber threats: reports
Tags: apt, blizzard, china, cisa, cyber, cybersecurity, data, government, group, hacker, infrastructure, international, iran, lockbit, microsoft, ransomware, risk, risk-management, russia, threatPurported shift at CISA away from reporting on Russian threats: Shortly after The Record issued its report, The Guardian reported that the US Cybersecurity and Infrastructure Security Agency (CISA) sent an internal memo setting out new priorities for the agency, including China but excluding Russia. One source said analysts at the agency were verbally informed…
-
Lumma Stealer spread by reemergent Angry Likho APT
Tags: aptFirst seen on scworld.com Jump to article: www.scworld.com/brief/lumma-stealer-spread-by-reemergent-angry-likho-apt
-
Cyber Espionage in Thailand: Chinese APT Deploys Yokai Malware
Cado Security Labs has uncovered a new malware campaign targeting the Royal Thai Police, attributed to the Chinese First seen on securityonline.info Jump to article: securityonline.info/cyber-espionage-in-thailand-chinese-apt-deploys-yokai-malware/
-
Angry Likho APT Group Resurfaces with New Attacks and Advanced Malware Tactics
Kaspersky Labs has uncovered new activity from Angry Likho, an advanced persistent threat (APT) group that has been First seen on securityonline.info Jump to article: securityonline.info/angry-likho-apt-group-resurfaces-with-new-attacks-and-advanced-malware-tactics/
-
EU sanctioned the leader of North Korea-linked APT groups
The European Union sanctioned the leader of North Korea-linked APT groups for aiding Russia in its war against Ukraine. The European Union announced sanctions against entities aiding Russia in the ongoing conflict with Ukraine, including Lee Chang Ho, who is the leader of North Korea-linked APT groups. Lee Chang Ho coordinated North Korean soldiers in…
-
Silver Fox APT Hides ValleyRAT in Trojanized Medical Imaging Software
Chinese Silver Fox APT exploits trojanized medical imaging software to spread ValleyRAT malware, posing a serious threat to… First seen on hackread.com Jump to article: hackread.com/silver-fox-apt-valleyrat-trojanized-medical-imaging-software/
-
How APT Naming Conventions Make Us Less Safe
Tags: aptOnly by addressing the inefficiencies of current naming conventions can we create a safer, more resilient landscape for all defenders. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/how-apt-naming-conventions-make-us-less-safe
-
North Korean APT28 Expands Cyber Espionage Campaign
A recent report from 360 Threat Intelligence Center has detailed the persistent cyber espionage activities of APT-C-28 (ScarCruft), First seen on securityonline.info Jump to article: securityonline.info/north-korean-apt-c-28-expands-cyber-espionage-campaign/
-
Security Affairs newsletter Round 512 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever Apple removes iCloud encryption in…
-
Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever
Crypto exchange Bybit was the victim of a sophisticated attack, and threat actors stole $1.5B worth of cryptocurrency from one of the company’s offline wallets. Crypto exchange Bybit suffered a sophisticated cyberattack, threat actors transferred over 400,000 ETH and stETH worth more than $1.5 billion to an unidentified address. The Bybit hack is the largest cryptocurrency…
-
Cisco Confirms Salt Typhoon Exploitation in Telecom Hits
In addition to using CVE-2018-0171 and other Cisco bugs to break into telecom networks, the China-sponsored APT is also using stolen login credentials for initial access. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/cisco-salt-typhoon-exploitation-telecom
-
Russia-linked APTs target Signal messenger
Russia-linked threat actors exploit Signal ‘s >>linked devices
-
How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying
Mandiant warns that multiple Russian APTs are abusing a nifty Signal Messenger feature to surreptitiously spy on encrypted conversations. The post How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/how-russian-hackers-are-exploiting-signals-linked-devices-for-real-time-spying/
-
Chinese hackers abuse Microsoft APP-v tool to evade antivirus
The Chinese APT hacking group “Mustang Panda” has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-hackers-abuse-microsoft-app-v-tool-to-evade-antivirus/
-
China-linked APT group Winnti targets Japanese organizations since March 2024
China-linked threat actor Winnti targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024 as part of a campaign dubbed RevivalStone. Researchers from cybersecurity firm LAC uncovered a new cyberespionage campaign, tracked as RevivalStone, carried out by the China-linked APT group Winnti in March 2024. Threat actors targeted Japanese companies in the manufacturing,…
-
Earth Preta APT Exploit Microsoft Utility Tool Bypass AV Detection to Control Windows
Researchers from Trend Micro’s Threat Hunting team have uncovered a sophisticated cyberattack campaign by the advanced persistent threat (APT) group Earth Preta, also known as Mustang Panda. The group has been leveraging new techniques to infiltrate systems and evade detection, primarily targeting government entities in the Asia-Pacific region, including Taiwan, Vietnam, Malaysia, and Thailand. Earth…
-
Earth Preta APT Group Evades Detection with Legitimate and Malicious Components
Researchers from Trend Micro’s Threat Hunting team have discovered a new campaign by the advanced persistent threat (APT) First seen on securityonline.info Jump to article: securityonline.info/earth-preta-apt-group-evades-detection-with-legitimate-and-malicious-components/
-
New family of data-stealing malware leverages Microsoft Outlook
certutil application which handles certificates, to download files.Espionage seems to be the motive, says the report, and there are Windows and Linux versions of the malware. But fortunately the gang “exhibited poor campaign management and inconsistent evasion tactics,” it notes. Nevertheless, CISOs should be watching for signs of attack using this group’s techniques, because their…
-
4 Wege aus der Security-Akronymhölle
Gefangen im Buchstabensud?Bevor Elon Musk zum Trump-Sidekick mutierte, wurde er in erster Linie als visionärer Entrepreneur wahrgenommen. Damals, im Jahr 2010, ließ er den Mitarbeitern seines Raumfahrtunternehmens SpaceX ein Memo zukommen. Darin kritisierte er den übermäßigen, internen Gebrauch von Abkürzungen in gewohnt ausdrucksstarkem Stil: ‘Bei SpaceX gibt es eine schleichende Tendenz, erfundene Akronyme zu nutzen.…
-
China-linked APT Salt Typhoon breached telecoms by exploiting Cisco router flaws
China-linked APT Salt Typhoon has breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices. China-linked APT group Salt Typhoon is still targeting telecommunications providers worldwide, and according to a new report published by Recorded Future’s Insikt Group, the threat actors has breached more U.S. telecommunications providers by exploiting unpatched Cisco IOS XE…
-
Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks
China-linked APT Salt Typhoon has been exploiting known vulnerabilities in Cisco devices in attacks on telecom providers in the US and abroad. The post Salt Typhoon Targeting Old Cisco Vulnerabilities in Fresh Telecom Hacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/salt-typhoon-targeting-old-cisco-vulnerabilities-in-fresh-telecom-hacks/
-
New Windows Zero-Day Exploited by Chinese APT: Security Firm
ClearSky Cyber Security says it has seen a new Windows zero-day being exploited by a Chinese APT named Mustang Panda. The post New Windows Zero-Day Exploited by Chinese APT: Security Firm appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/new-windows-zero-day-exploited-by-chinese-apt-security-firm/
-
APT Groups Using Ransomware ‘Smokescreen’ for Espionage
Russian, Iranian and Chinese APTs Among Most Active Ransomware Collaborators. Security researchers are increasingly finding it challenging to attribute cyberattacks due to surging cooperation between nation-state hackers and ransomware groups, especially for espionage purposes. They say it reflects the blurring of the lines between state-directed and criminal activities. First seen on govinfosecurity.com Jump to article:…
-
Chinese APT ‘Emperor Dragonfly’ Moonlights With Ransomware
Pivoting from prior cyber espionage, the threat group deployed its backdoor tool set to ultimately push out RA World malware, demanding $2 million from its victim. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-apt-emperor-dragonfly-ransomware-attack
-
Unusual attack linked to Chinese APT group combines espionage and ransomware
Tags: apt, attack, breach, china, cloud, country, credentials, crime, crimes, crypto, cyber, cybercrime, cyberespionage, data, encryption, espionage, exploit, finance, firewall, government, group, hacker, infection, insurance, intelligence, korea, microsoft, network, north-korea, ransom, ransomware, russia, software, tactics, technology, threat, veeam, vulnerabilityThe attacker demanded a $2-million ransom: The attack that resulted in the deployment of the RA World ransomware program, as well as data exfiltration, had the same chain: the toshdpdb.exe loading toshdpapi.dll then decrypting toshdp.dat which resulted in the PlugX variant being deployed. The difference is the attacker then chose to deploy the RA World…
-
China-linked APTs’ tool employed in RA World Ransomware attack
A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. Broadcom researchers reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed a tool that was explosively associated in the past with China-linked APT groups. >>Tools that…
-
Sandworm APT’s initial access subgroup hits organizations accross the globe
A subgroup of Russia’s Sandworm APT has been working to achieve initial and persistent access to the IT networks of organizations working in economic sectors Russia is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/13/sandworm-apts-initial-access-subgroup-hits-organizations-accross-the-globe/
-
Russia-linked APT Seashell Blizzard is behind the long running global access operation BadPilot campaign
A subgroup of the Russia-linked Seashell Blizzard APT group (aka Sandworm) ran a global multi-year initial access operation called BadPilot. Microsoft shared findings on research on a subgroup of the Russia-linked APT group Seashell Blizzard behind the global BadPilot campaign, which compromises infrastructure to support Russian cyber operations. Seashell Blizzard (aka Sandworm, BlackEnergy and TeleBots) has been…
-
Russia’s Sandworm APT Exploits Edge Bugs Globally
Sandworm (aka Seashell Blizzard) has an initial access wing called BadPilot that uses standard intrusion tactics to spread Russia’s tendrils around the world. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/microsoft-russian-sandworm-apt-exploits-edge-bugs-globally