Tag: apt

Iran MOIS Colludes With Criminals to Boost Cyberattacks

Mar 12, 2026 11:10 PM

Tags: apt, cyberattack, cybercrime, iran

Iranian APTs have long pretended to be cybercriminal groups. Now they’re working with actual cybercriminal groups. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/iran-mois-criminals-cyberattacks
Iranian APT Hack Targets US Airport Bank and Software Company

Mar 10, 2026 10:48 PM

Tags: apt, cyber, finance, group, infrastructure, iran, software, threat

Critical infrastructure organizations continue to face sustained pressure from nation-state cyber operations. Airports, financial institutions, and software companies represent high-value targets because of the operational and economic disruption that a successful intrusion can create. New reporting from SecurityWeek details how an Iranian advanced persistent threat group conducted cyber intrusions against organizations, including a U.S. airport,…
Google Cloud Security Threat Horizons Report #13 (H1 2026) Is Out!

Mar 10, 2026 9:48 PM

Tags: access, ai, apt, attack, cloud, credentials, cybersecurity, data, email, exploit, extortion, google, incident response, injection, intelligence, LLM, metric, phishing, ransomware, rce, remote-code-execution, saas, service, social-engineering, software, theft, threat, vulnerability, zero-day

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Cloud Threat Horizons Report, #13 (full version, no info to enter!) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9, #10, #11 and #12).…
Exploiting the Crisis: Chinese APTs Weaponize Middle East Tensions to Target Qatar with PlugX

Mar 10, 2026 8:47 AM

Tags: apt, china, exploit, middle-east

The post Exploiting the Crisis: Chinese APTs Weaponize Middle East Tensions to Target Qatar with PlugX appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/exploiting-the-crisis-chinese-apts-weaponize-middle-east-tensions-to-target-qatar-with-plugx/
Chinese APT Campaign Uses Middle East Lures to Target Qatar With PlugX

Mar 10, 2026 8:47 AM

Tags: apt, china, cyber, espionage, exploit, group, middle-east, threat

Chinese state-linked cyber espionage groups are actively exploiting geopolitical tensions in the Middle East to target organizations in Qatar, according to new findings. The campaign began almost immediately after the recent escalation in the region, highlighting how quickly advanced persistent threat (APT) groups adapt to real-world events to conduct cyber operations. Researchers from Check Point…
My Really Fun RSA 2026 Presentations!

Mar 10, 2026 5:47 AM

Tags: ai, apt, automation, cyber, cybersecurity, data, detection, google, governance, guide, lessons-learned, malware, soc, strategy, threat

This blog is perhaps a little bit more like an ad, so if you don’t want to check the ads, consider not reading it. a very cyber image (Gemini) But this year at RSA 2026, I’m speaking on three topics: securing AI, using AI for SOC, and sharing lessons about how Google applies AI and other technologies…
Iran-Linked Hackers Target U.S. Critical Infrastructure Amid Rising Cyber Threats

Mar 9, 2026 1:47 PM

Tags: apt, backdoor, cyber, group, hacker, infrastructure, iran, network, threat

Iran-linked threat actors are escalating cyber operations against U.S. and allied networks, with Seedworm recently deploying new backdoors against critical infrastructure and high-value organizations amid the current regional conflict. Activity associated with the Iranian APT group Seedworm (aka MuddyWater, Temp Zagros, Static Kitten) has been observed on the networks of multiple U.S. organizations since early…
Rogues gallery: 15 worst ransomware groups active today

Mar 9, 2026 10:47 AM

Tags: access, ai, alphv, apt, attack, backup, breach, cloud, cyber, cybercrime, dark-web, data, data-breach, defense, detection, email, encryption, endpoint, exploit, extortion, finance, government, group, healthcare, infrastructure, insurance, intelligence, korea, law, leak, linux, lockbit, malicious, malware, moveIT, network, north-korea, organized, phishing, ransom, ransomware, russia, service, social-engineering, software, strategy, threat, tool, usa, vmware, vpn, vulnerability, windows, zero-day

Black Basta: History: Black Basta appeared on the ransomware scene in early 2022 and is believed to be a spin-off from Conti, a group notorious for attacking major organizations.How it works: Black Basta usually deploys malware through exploitation of known vulnerabilities and social engineering campaigns. “Employees in the target environment are email bombed and then…
Torrent of Threats: China-Nexus APT UAT-9244 Hijacks South American Telecoms with PeerTime Backdoor

Mar 9, 2026 5:46 AM

Tags: apt, backdoor, china, threat

The post Torrent of Threats: China-Nexus APT UAT-9244 Hijacks South American Telecoms with PeerTime Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/torrent-of-threats-china-nexus-apt-uat-9244-hijacks-south-american-telecoms-with-peertime-backdoor/
Escalation in the Shadows: Iranian APT Seedworm Deploys ‘Dindoor’ Backdoor in New Cyberoffensive

Mar 9, 2026 5:46 AM

Tags: apt, backdoor, iran

The post Escalation in the Shadows: Iranian APT Seedworm Deploys ‘Dindoor’ Backdoor in New Cyberoffensive appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/escalation-in-the-shadows-iranian-apt-seedworm-deploys-dindoor-backdoor-in-new-cyberoffensive/
Iran-linked MuddyWater deploys Dindoor malware against U.S. organizations

Mar 6, 2026 10:46 PM

Tags: apt, backdoor, finance, group, iran, malware, network, threat

Iran-linked APT MuddyWater targeted U.S. organizations, deploying the new Dindoor backdoor across sectors including banks, airports, and nonprofits. Broadcom’s Symantec Threat Hunter Team uncovered a campaign by the Iran-linked MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) APT group targeting several U.S. organizations. >>Activity associated with Iranian APT group Seedworm has been spotted on the networks of multiple…
Middle East Conflict Fuels Opportunistic Cyber Attacks

Mar 6, 2026 9:47 PM

Tags: access, advisory, api, apt, attack, authentication, awareness, backdoor, best-practice, breach, browser, business, chrome, cloud, crypto, cyber, cybercrime, cybersecurity, data, defense, endpoint, exploit, fraud, google, government, identity, infection, Internet, iran, iraq, malicious, malware, mfa, middle-east, military, monitoring, network, password, phishing, PurpleTeam, radius, risk, risk-assessment, scam, service, software, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

IntroductionThreat actors often take advantage of major global events to fuel interest in their malicious activities. Zscaler ThreatLabz is diligently tracking a surge in cybercriminal activity that capitalizes on the elevated political climate in the Middle East. This increased malicious activity includes discoveries that are directly tied to the ongoing conflict, alongside other related findings. ThreatLabz…
North Korean APTs Use AI to Enhance IT Worker Scams

Mar 6, 2026 7:50 PM

Tags: ai, apt, north-korea, scam, tool

DPRK worker scams are old hat, but they’re still working, thanks to AI tools that help with everything from face swapping to daily emails. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-korean-apts-ai-it-worker-scams
Iran-linked APT targets US critical sectors with new backdoors

Mar 6, 2026 3:48 PM

Tags: apt, backdoor, group, hacking, iran, network

An Iran-linked hacking group has been active inside the networks of several US organizations since early February, raising concerns that the activity could precede broader … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/06/seedworm-muddywater-backdoors-victims/
Iran-nexus APT Dust Specter targets Iraq officials with new malware

Mar 6, 2026 12:47 PM

Tags: apt, country, email, government, group, iran, iraq, malware, phishing, threat

A campaign by Iran-linked group Dust Specter is targeting Iraqi officials with phishing emails delivering new malware families. Zscaler ThreatLabz researchers linked the Iran-nexus group Dust Specter to a campaign targeting Iraqi government officials. Threat actors impersonated the country’s Ministry of Foreign Affairs in phishing messages that delivered previously unseen malware, including SPLITDROP, TWINTASK, TWINTALK,…
Russian APT targets Ukraine with BadPaw and MeowMeow malware

Mar 5, 2026 5:47 PM

Tags: apt, attack, email, malware, phishing, russia, ukraine

Researchers uncovered a Russian campaign targeting Ukrainian entities with new malware families BadPaw and MeowMeow delivered through phishing emails. Researchers reported a phishing campaign linked to Russia that targets Ukrainian organizations using two new malware families, BadPaw and MeowMeow. The attack chain begins with a phishing email carrying a link to a ZIP archive. When…
Nation-State Hackers Play the Vibes

Mar 5, 2026 5:47 PM

Tags: apt, flaw, hacker, malware, vulnerability, zero-day

Who Knew APT Hackers Liked Emojis So Much?. All the nation-state hackers are vibe coding. Vibeware won’t win any coding awards. It’s not pretty. It doesn’t target any zero-day vulnerabilities or known flaws in innovative new ways – but it does allow polyglot malware to be generated at scale. First seen on govinfosecurity.com Jump to…
Spionagekampagne gegen Südkorea Angriff missbraucht Microsoft VS Code für Spionage

Mar 5, 2026 1:47 PM

Tags: apt, cyberattack, microsoft

First seen on security-insider.de Jump to article: www.security-insider.de/apt-angriff-vs-code-spionage-suedkorea-dprk-a-72b28bd8c65fb0d7f3021b27ce2ab586/
Unmasking Silver Dragon: The Chinese-Nexus APT Haunting Southeast Asia and Europe

Mar 5, 2026 5:47 AM

Tags: apt, china

The post Unmasking Silver Dragon: The Chinese-Nexus APT Haunting Southeast Asia and Europe appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/unmasking-silver-dragon-the-chinese-nexus-apt-haunting-southeast-asia-and-europe/
Iranian hacktivists muster their forces but state APTs lay low

Mar 4, 2026 7:50 PM

Tags: apt, cyber, espionage, iran

Hacktivist activity surrounding the Iran war is sky-high but Iran’s state-backed cyber espionage actors have yet to show their hands, giving security teams a valuable window of time to shore up their defences. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639722/Iranian-hacktivists-muster-their-forces-but-state-APTs-lay-low
From phishing to Google Drive C2: Silver Dragon expands APT41 playbook

Mar 4, 2026 2:46 PM

Tags: access, apt, china, exploit, google, government, group, phishing

APT group Silver Dragon, linked to APT41, targets governments via server exploits and phishing, using Cobalt Strike and Google Drive for C2. Check Point researchers have identified Silver Dragon, an APT group tied to the China-linked group APT41, targeting government entities in Europe and Southeast Asia since mid-2024. The group gains initial access by exploiting…
Iran”‘Linked “Dust Specter” APT Deploys AI”‘Aided Malware Against Iraqi Officials

Mar 4, 2026 2:46 PM

Tags: apt, attack, cyber, government, group, infrastructure, iraq, malware, powershell

Iran”‘nexus APT group “Dust Specter” is targeting Iraqi government officials with AI”‘assisted custom .NET malware, using dual attack chains that blend DLL sideloading, in”‘memory PowerShell, and ClickFix”‘style lures. In January 2026, Zscaler ThreatLabz tracked a new campaign against Iraqi officials in which the actor impersonated Iraq’s Ministry of Foreign Affairs and abused compromised government infrastructure…
Indian APT ‘Sloppy Lemming’ Targets Defense, Critical Infrastructure

Mar 4, 2026 2:46 PM

Tags: apt, cloud, cyber, defense, india, infrastructure, rust, threat, tool

India-nexus cyber threat actors are growing more active and sophisticated, using custom tools coded in Rust and cloud-based command and control. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/india-apt-sloppy-lemming-defense-critical-infrastructure
Iranian APT Groups Intensify Cyberattacks on Critical Infrastructure Amid Rising Geopolitical Tensions

Mar 4, 2026 12:48 PM

Tags: apt, cyber, cyberattack, group, infrastructure, iran, military, threat

A dramatic escalation in Middle Eastern tensions began last week with Operation Lion’s Roar, a joint U.S.-Israeli military strike on Iranian nuclear and military sites. Iran retaliated with missiles and drones, disrupting energy, air travel, and diplomatic stability across the Gulf. Amid this kinetic conflict, Iranian state-affiliated advanced persistent threats (APTs) have ramped up cyber…
Silver Dragon APT Group Exploits Google Drive for Covert Attacks on Europe, Asia

Mar 4, 2026 7:47 AM

Tags: apt, attack, cyber, exploit, google, group, malware

Silver Dragon is a Chinese”‘aligned APT group that has been targeting public sector and high”‘profile organizations in Europe and Southeast Asia since at least mid”‘2024, with strong operational overlap to APT41 tradecraft. The group combines classic post”‘exploitation tooling like Cobalt Strike with new custom malware that abuses Google Drive as a covert command”‘and”‘control (C2) channel.research.…
Epic Fury introduces new layer of enterprise risk

Mar 3, 2026 11:46 AM

Tags: access, apt, attack, business, cisa, ciso, communications, country, credentials, cyber, cybersecurity, data-breach, disinformation, exploit, group, infrastructure, intelligence, international, Internet, iran, malware, middle-east, network, ransomware, resilience, risk, rust, service, software, technology, tool, ukraine

Physical attacks on US-linked locations through direct action or partner groups. We are already seeing Iranian missile launches into a variety of nations in the region.Cyber operations that include disruptive activity, targeted intrusions, credential and access harvesting, destructive malware deployment, and the use of compromised infrastructure to support broader influence or operational objectives.Proxy networks across…
Dust Specter APT Targets Government Officials in Iraq

Mar 2, 2026 5:47 PM

Tags: access, ai, api, apt, attack, backdoor, browser, chrome, cisco, cloud, control, data, detection, encryption, google, government, group, infrastructure, iran, iraq, malicious, malware, monitoring, network, open-source, password, powershell, rat, service, social-engineering, software, threat, tool, update, windows

IntroductionIn January 2026, Zscaler ThreatLabz observed activity by a suspected Iran-nexus threat actor targeting government officials in Iraq. ThreatLabz discovered previously undocumented malware including SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM. Due to significant overlap in tools, techniques, and procedures (TTPs), as well as victimology, between this campaign and activity associated with Iran-nexus APT groups, ThreatLabz assesses with medium-to-high confidence that an…
APT37 combines cloud storage and USB implants to infiltrate air-gapped systems

Mar 2, 2026 3:47 PM

Tags: apt, backdoor, breach, cloud, group, korea, malware, network, north-korea, tool

North Korea-linked APT 37 used Zoho WorkDrive and USB malware to breach air-gapped networks in the Ruby Jumper campaign. North Korean group ScarCruft (aka APT37, Reaper, and Group123) deployed new tools in a campaign dubbed Ruby Jumper, using a backdoor that leverages Zoho WorkDrive for C2 and a USB-based implant to breach air-gapped systems. Zscaler ThreatLabz…
How to understand and avoid Advanced Persistent Threats

Feb 26, 2026 10:37 PM

Tags: apt, threat

APT stands for Advanced Persistent Threat. But what does that actually mean, and how does it translate into the kind of threat you’re facing? First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/how-to-understand-and-avoid-advanced-persistent-threats/
China-linked hackers used Google Sheets to spy on telecoms and governments across 42 countries

Feb 26, 2026 1:44 PM

Tags: access, api, apt, china, cloud, communications, cyber, cyberespionage, data, defense, endpoint, espionage, google, government, group, hacker, infrastructure, intelligence, linux, mandiant, monitoring, network, phone, radius, service, spy, theft, threat, vpn

How Mandiant found it: The campaign came to light during a Mandiant Threat Defense investigation, when analysts flagged unusual activity on a CentOS server. A binary named xapt, designed to masquerade as the apt package manager on Debian-based Linux systems, had already escalated to root and was running shell commands to confirm its access level,…