Tag: apt
-
APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)
ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespi… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/28/cve-2024-7262-cve-2024-7263/
-
US Sees Iranian Hackers Working Closely With Ransomware Groups
Iranian state-sponsored APT Lemon Sandstorm is working closely with ransomware groups on monetizing network intrusions. The post US Sees Iranian Hacke… First seen on securityweek.com Jump to article: www.securityweek.com/us-sees-iranian-hackers-working-closely-with-ransomware-groups/
-
China-linked APT Volt Typhoon exploited a zero-day in Versa Director
China-linked APT group Volt Typhoon exploited a zero-day flaw in Versa Director to upload a custom webshell in target networks. China-linked APT Volt … First seen on securityaffairs.com Jump to article: securityaffairs.com/167658/apt/volt-typhoon-versa-director-zero-day.html
-
US Intelligence Blames Iran for Hack on Trump Campaign
Feds confirmed Iran’s involvement in the email attack against Roger Stone after Microsoft, Google reported Iranian APT action against both presidentia… First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/us-intelligence-blames-ira-for-hack-on-trump-campaign
-
WPS Office Zero-Day Exploited by South Korea-Linked Cyberspies
A WPS Office zero-day vulnerability tracked as CVEâ -â 2024â -â 7262 was exploited by South Korean hacker group APT-C-60. The post WPS Office Zero… First seen on securityweek.com Jump to article: www.securityweek.com/wps-office-zero-day-exploited-by-south-korea-linked-cyberspies/
-
Censys Finds Hundreds of Exposed Servers as Volt Typhoon APT Targets Service Providers
Amidst Volt Typhoon zero-day exploitation, Censys finds hundreds of exposed servers presenting ripe attack surface for attackers. The post Censys Find… First seen on securityweek.com Jump to article: www.securityweek.com/censys-finds-hundreds-of-exposed-servers-as-volt-typhoon-apt-targets-isps-msps/
-
SEXi / APT Inc ransomware what you need to know
First seen on tripwire.com Jump to article: www.tripwire.com/state-of-security/sexi-apt-inc-ransomware-what-you-need-know
-
Iranian APT GreenCharlie Escalates Threats Against US Political Targets Using GORBLE and POWERSTAR Malware
A recent report from Insikt Group has shed light on the covert operations of GreenCharlie, an Iran-backed Advanced Persistent Threat (APT) group, whic… First seen on securityonline.info Jump to article: securityonline.info/iranian-apt-greencharlie-escalates-threats-against-us-political-targets-using-gorble-and-powerstar-malware/
-
North Korean cyber APT targeting nuclear secrets
Mandiant has upgraded the North Korean threat actor known as Andariel to APT status and warned of coordinated efforts to steal western military IP, in… First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366598869/North-Korean-cyber-APT-targeting-nuclear-secrets
-
Censys Finds Hundreds of Exposed Servers as Volt Typhoon APT Targets ISPs, MSPs
Amidst Volt Typhoon zero-day exploitation, Censys finds hundreds of exposed servers presenting ripe attack surface for attackers. The post Censys Find… First seen on securityweek.com Jump to article: www.securityweek.com/censys-finds-hundreds-of-exposed-servers-as-volt-typhoon-apt-targets-isps-msps/
-
China’s Volt Typhoon Hackers Caught Exploiting Zero-Day in Servers Used by ISPs, MSPs
Malware hunters catch Chinese APT Volt Typhoon exploiting a zero-day in Versa Director servers used by ISPs and MSPs. The post China’s Volt Typhoon Ha… First seen on securityweek.com Jump to article: www.securityweek.com/chinese-apt-volt-typhoon-caught-exploiting-versa-networks-sd-wan-zero-day/
-
Russian national arrested in Argentina for laundering money of crooks and Lazarus APT
A Russian national was arrested in Argentina for laundering proceeds from illicit actors, including North Korea-linked Lazarus Group. This week, the A… First seen on securityaffairs.com Jump to article: securityaffairs.com/167485/cyber-crime/russian-national-arrested-laundering-lazarus-funds.html
-
BlindEagle APT Group: A Persistent Threat in Latin America
Kaspersky Labs has issued a warning about BlindEagle, also known as APT-C-36, a persistent threat actor known for its targeted attacks in Latin Americ… First seen on securityonline.info Jump to article: securityonline.info/blindeagle-apt-group-a-persistent-threat-in-latin-america/
-
China-linked APT Velvet Ant exploited zero-day to compromise Cisco switches
China-linked APT group Velvet Ant exploited a recently disclosed zero-day in Cisco switches to take over the network appliance. Researchers at cyberse… First seen on securityaffairs.com Jump to article: securityaffairs.com/167423/apt/china-velvet-ant-zero-day-cisco-switches.html
-
North Korea-linked APT used a new RAT called MoonPeak
North Korea-linked APT Kimsuky is likely behind a new remote access trojan called MoonPeak used in a recent campaign spotted by Cisco Talos. Cisco Tal… First seen on securityaffairs.com Jump to article: securityaffairs.com/167340/malware/north-korea-apt-moonpeaknorth.html
-
‘EastWind’ Cyber-Spy Campaign Combines Various Chinese APT Tools
The likely China-linked campaign is deploying CloudSorcerer and other proprietary binaries belonging to known state-sponsored groups, showing how adva… First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/eastwind-cyber-spy-campaign-chinese-apt-tools
-
Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT
Microsoft addressed a zero-day vulnerability actively exploited by the North-Korea-linked Lazarus APT group. Microsoft has addressed a zero-day vulner… First seen on securityaffairs.com Jump to article: securityaffairs.com/167246/apt/microsoft-zero-day-cve-2024-38193-lazarus.html
-
Windows Zero-Day Attack Linked to North Korea’s Lazarus APT
The vulnerability, tracked as CVE-2024-38193 and marked as ‘actively exploited’ by Microsoft, allows SYSTEM privileges on the latest Windows operating… First seen on securityweek.com Jump to article: www.securityweek.com/windows-zero-day-attack-linked-to-north-koreas-lazarus-apt/
-
Iranian APT42 Group Launch A Massive Phishing Campaign To Attack U.S. Presidential Election
APT42 is an APT group that is believed to be backed by the Iranian government, and this group primarily focuses on cyber espionage. Besides this, APT4… First seen on gbhackers.com Jump to article: gbhackers.com/iranian-apt42-phishing-us-election/
-
Earth Baku APT Group Expands Global Reach with Advanced Techniques
Cybersecurity researchers at Trend Micro have uncovered a significant expansion in the activities of Earth Baku, a sophisticated advanced persistent t… First seen on securityonline.info Jump to article: securityonline.info/earth-baku-apt-group-expands-global-reach-with-advanced-techniques/
-
KI als Waffe ein – APTs nutzen KI zur Verstärkung ihrer Cyberwaffen
First seen on security-insider.de Jump to article: www.security-insider.de/kuenstliche-intelligenz-cyberangriffe-neue-aera-cyberkriegsfuehrung-a-4e6640fa57c6fdc6b0f90375071024ed/
-
Kimsuky APT Group Targets University Researchers in Espionage Campaign
The North Korean state-backed hacking group known as Kimsuky is at it again, this time setting its sights on university researchers and professors in … First seen on securityonline.info Jump to article: securityonline.info/kimsuky-apt-group-targets-university-researchers-in-espionage-campaign/
-
Earth Baku Using Customized Tools To Maintain Persistence And Steal Data
Earth Baku, an APT actor who initially focused on the Indo-Pacific region, has grown its activities extensively since late 2022. The group has increas… First seen on gbhackers.com Jump to article: gbhackers.com/earth-baku-custom-tools-data-theft/
-
New APT Group ‘Actor240524’ Targets Azerbaijan and Israel with Advanced Tactics
A sophisticated cyber espionage campaign targeting Azerbaijan and Israel has been linked to a previously unidentified advanced persistent threat (APT)… First seen on securityonline.info Jump to article: securityonline.info/new-apt-group-actor240524-targets-azerbaijan-and-israel-with-advanced-tactics/
-
Google disrupted hacking campaigns carried out by Iran-linked APT42
Google disrupted a hacking campaign carried out by the Iran-linked APT group APT42 targeting the US presidential election. Google announced that it di… First seen on securityaffairs.com Jump to article: securityaffairs.com/167095/security/google-disrupted-apt48-hacking-campaign.html
-
China-linked APT Earth Baku targets Europe, the Middle East, and Africa
China-linked threat actor Earth Baku expanded its operations in Europe, the Middle East, and Africa starting in late 2022. China-linked APT group Eart… First seen on securityaffairs.com Jump to article: securityaffairs.com/167044/apt/earth-baku-expanded-operations.html
-
Trump campaign said senior staffer hacked by Iran-backed APT
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/trump-campaign-said-senior-staffer-hacked-by-iran-backed-apt
-
Russia’s ‘Fighting Ursa’ APT Uses Car Ads to Install HeadLace Malware
The scheme, from the group also known as APT28, involves targeting Eastern European diplomats in need of personal transportation and tempting them wit… First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/russia-fighting-ursa-apt-car-ads-headlace-malware
-
New APT Actor240524 Weaponizing Official Documents To Deliver Malware
A new APT group, dubbed Actor240524, launched a spear-phishing campaign targeting Azerbaijani and Israeli diplomats on July 1, 2024, where the attacke… First seen on gbhackers.com Jump to article: gbhackers.com/apt-actor240524-weaponizing-official-documents/