Tag: apt
-
China-aligned PlushDaemon APT compromises supply chain of Korean VPN
ESET researchers have uncovered a supply chain attack targeting a South Korean VPN provider, carried out by PlushDaemon, a newly identified China-aligned APT group. In this … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/22/plushdaemon-apt-slowstepper-supply-chain-compromise/
-
Silver Fox APT Targets Organizations with PNGPlug and ValleyRAT Malware
A sophisticated cyber-espionage campaign targeting organizations across China, Hong Kong, and Taiwan has been uncovered by Intezer’s research First seen on securityonline.info Jump to article: securityonline.info/silver-fox-apt-targets-organizations-with-pngplug-and-valleyrat-malware/
-
Esperts found new DoNot Team APT group’s Android malware
Researchers linked the threat actor DoNot Team to a new Android malware that was employed in highly targeted cyber attacks. CYFIRMA researchers linked a recently discovered Android malware to the Indian APT group known as DoNot Team. The Donot Team (aka APT-C-35 and Origami Elephant) has been active since 2016, it focuses on government and military organizations,…
-
Indian APT Group DONOT Misuses App for Intelligence Gathering
Android apps, linked to APT group DONOT, disguised as a chat platform for intelligence gathering First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/indian-apt-group-donot-app/
-
U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon
The U.S. Treasury’s OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co., LTD., for its involvement in the activities of the Salt Typhoon APT group,…
-
North Korea’s Lazarus APT Evolves Developer-Recruitment Attacks
Operation 99 uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates developer projects to steal source code, secrets, and cryptocurrency. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-korea-lazarus-apt-developer-recruitment-attacks
-
CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild
Fortinet patched a zero day authentication bypass vulnerability in FortiOS and FortiProxy that has been actively exploited in the wild as a zero-day since November 2024. Background On January 14, Fortinet released a security advisory (FG-IR-24-535) addressing a critical severity vulnerability impacting FortiOS and FortiProxy. CVE Description CVSSv3 CVE-2024-55591 FortiOS and FortiProxy Authentication Bypass Vulnerability…
-
Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware
Russia-linked threat actor UAC-0063 targets Kazakhstan to gather economic and political intelligence in Central Asia. Russia-linked threat actors UAC-0063 is targeting Kazakhstan as part of a cyber espionage campaign to gather economic and political intelligence in Central Asia. The Computer Emergency Response Team of Ukraine (CERT-UA) first detailed the activity of UAC-0063 in early 2023.…
-
RedCurl APT Deploys Malware via Windows Scheduled Tasks Exploitation
Researchers identified RedCurl APT group activity in Canada in late 2024, where the attackers used scheduled tasks to execute pcalua.exe to run malicious binaries and Python scripts, including the RPivot client.py script to connect to a remote server. Evidence suggests data exfiltration to cloud storage as this APT group targets various industries and aims for…
-
RedCurl APT Group: Cyber Espionage with Livingthe-Land Techniques
The RedCurl Advanced Persistent Threat (APT) group, also known as Earth Kapre or Red Wolf, has resurfaced with First seen on securityonline.info Jump to article: securityonline.info/redcurl-apt-group-cyber-espionage-with-living-off-the-land-techniques/
-
Chinese APT Group Is Ransacking Japan’s Secrets
Since 2019, MirrorFace has been stealing information from myriad Japanese organizations to gain leverage over Japan in the event of hostilities between the two countries, experts said. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-apt-group-ransacking-japans-secrets
-
China-linked APT group MirrorFace targets Japan
Japanese authorities attributed a cyber-espionage campaign targeting the country to the China-linked APT group MirrorFace. The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have linked a long-running cyber-espionage campaign targeting local entities to the China-linked group MirrorFace (aka Earth Kasha). The campaign has been active since at least 2019, it…
-
Ivanti zero-day exploited by APT group that previously targeted Connect Secure appliances
Researchers from Google’s Mandiant division believe the critical remote code execution vulnerability patched on Wednesday by software vendor Ivanti has been exploited since mid-December by a Chinese cyberespionage group. This is the same group that has exploited zero-day vulnerabilities in Ivanti Connect Secure appliances back in January 2024 and throughout the year.The latest attacks, exploiting…
-
APT32 Hacker Group Attacking Cybersecurity Professionals Poisoning GitHub
The malicious Southeast Asian APT group known as OceanLotus (APT32) has been implicated in a sophisticated attack that compromises the privacy of cybersecurity professionals. A recent investigation by the ThreatBook Research and Response Team revealed that a popular privilege escalation tool utilized by cybersecurity experts had been backdoored, leading to significant data breaches and identity…
-
Ivanti warns critical RCE flaw in Connect Secure exploited as zero-day
Tags: advisory, apt, attack, authentication, cve, cvss, cybersecurity, data-breach, exploit, flaw, google, government, group, intelligence, Internet, ivanti, law, mandiant, microsoft, network, rce, remote-code-execution, risk, software, threat, tool, vpn, vulnerability, zero-dayIT software provider Ivanti released patches Wednesday for its Connect Secure SSL VPN appliances to address two memory corruption vulnerabilities, one of which has already been exploited in the wild as a zero-day to compromise devices.The exploited vulnerability, tracked as CVE-2025-0282, is a stack-based buffer overflow rated as critical with a CVSS score of 9.0.…
-
Gen AI is transforming the cyber threat landscape by democratizing vulnerability hunting
Tags: ai, api, apt, attack, bug-bounty, business, chatgpt, cloud, computing, conference, credentials, cve, cyber, cybercrime, cyberespionage, cybersecurity, data, defense, detection, email, exploit, finance, firewall, flaw, framework, github, government, group, guide, hacker, hacking, incident response, injection, LLM, malicious, microsoft, open-source, openai, penetration-testing, programming, rce, RedTeam, remote-code-execution, service, skills, software, sql, tactics, threat, tool, training, update, vulnerability, waf, zero-dayGenerative AI has had a significant impact on a wide variety of business processes, optimizing and accelerating workflows and in some cases reducing baselines for expertise.Add vulnerability hunting to that list, as large language models (LLMs) are proving to be valuable tools in assisting hackers, both good and bad, in discovering software vulnerabilities and writing…
-
China-linked Salt Typhoon APT compromised more US telecoms than previously known
China-linked Salt Typhoon group that breached multiple US telecoms compromised more firms than previously known, WSJ says. The China-linked cyberespionage group Salt Typhoon targeted more US telecoms than previously known, as The Wall Street Journal reported. According to WSJ, wich cited people familiar with the matter, the Chinese cyberspies also compromised Charter Communications and Windstream.…
-
Security Affairs newsletter Round 505 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Malicious npm packages target Ethereum developers US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT…
-
US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT
The U.S. Treasury Department sanctioned Chinese cybersecurity firm Integrity Tech for its involvement in attacks attributed to the Flax Typhoon group. The U.S. Treasury sanctioned a Chinese cybersecurity firm, Integrity Tech, for links to cyberattacks by China’s state-backed Flax Typhoon APT group (also called Ethereal Panda or RedJuliett). The China-linked APT group used Integrity Tech’s infrastructure to…
-
US government sanctions Chinese cybersecurity company linked to APT group
The US Department of Treasury’s Office of Foreign Assets Control (OFAC) has issued sanctions against a Beijing cybersecurity company for its role in attacks attributed to a Chinese cyberespionage group known as Flax Typhoon.The company, called Integrity Technology Group (Integrity Tech), is accused of providing the computer infrastructure that Flax Typhoon used in its operations…
-
Nuklearunternehmen im Visier von Lazarus
Die APT-Gruppe Lazarus hat im Zuge ihrer ‘Operation DreamJob” eine raffinierte Kampagne initiiert, die gezielt Mitarbeiter einer Einrichtung aus dem Bereich der Nukleartechnik ins Visier nahm. In einem besonders ausgeklügelten Täuschungsmanöver tarnte die Gruppe eine neuartige modulare Schadsoftware namens ‘CookiePlus” als vermeintlich harmloses Open-Source-Plugin. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/kritis/nuklearunternehmen-im-visier-von-lazarus/
-
US Treasury Department workstations breached in attack attributed to China
Tags: access, advisory, apt, attack, banking, ceo, china, cloud, cybersecurity, government, hacking, infrastructure, intelligence, microsoft, russia, saas, service, supply-chain, threat, update, vulnerabilityThe US Department of the Treasury revealed on Monday that an attacker was able to bypass security, access an undisclosed number of Treasury workstations, and steal “certain unclassified documents,” in what it called a “major cybersecurity incident”.In a letter to the US Senate’s Committee on Banking, Housing and Urban Affairs, the Treasury Department said that…
-
US Treasury hacked by state-sponsored Chinese APT group
First seen on scworld.com Jump to article: www.scworld.com/news/us-treasury-hacked-by-state-sponsored-chinese-apt-group
-
Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents
The United States Treasury Department said it suffered a “major cybersecurity incident” that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. “On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to…
-
IPMsg Installer Weaponized: Lazarus Group Targets Crypto Finance
The notorious APT-C-26 (Lazarus) group, known for its advanced persistence and cyber espionage tactics, has resurfaced with a new campaign targeting financial institutions and cryptocurrency exchanges. In a recent analysis... First seen on securityonline.info Jump to article: securityonline.info/ipmsg-installer-weaponized-lazarus-group-targets-crypto-finance/
-
China-linked APT Salt Typhoon breached a ninth U.S. telecommunications firm
A White House official confirmed that China-linked threat actor Salt Typhoon breached a ninth U.S. telecommunications company. A White House official confirmed confirmed that China-linked APT group Salt Typhoon has breached a ninth U.S. telecoms company as part of a cyberespionage campaign aimed at telco firms worldwide. >>A White House official said Friday the US…
-
Operation DreamJob: Lazarus APT hat es auf die Nuklearindustrie abgesehen
Mitglieder der vermutlich nordkoreanischen Hackergruppe Lazarus APT haben ihre Operation DreamJob mit einer neuen Kampagne fortgesetzt. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/operation-dreamjob-lazarus-apt-hat-es-auf-die-nuklearindustrie-abgesehen-306744.html