Tag: apt
-
Google GTIG disrupted China-linked APT UNC2814 halting attacks on 53 orgs in 42 countries
Google and partners disrupted UNC2814, a suspected China-linked group that hacked 53 organizations across 42 countries. Google, with industry partners, disrupted the infrastructure of UNC2814, a suspected China-linked cyber espionage group that breached at least 53 organizations in 42 countries. The group has been active since at least 2017, and was spotted targeting governments and…
-
Lazarus APT group deployed Medusa Ransomware against Middle East target
North Korea’s Lazarus Group used Medusa ransomware in an attack on an unnamed Middle East organization, researchers report. The North Korea-linked Lazarus APT Group, also known as Diamond Sleet and Pompilus, has been spotted deploying Medusa ransomware against an unnamed organization in the Middle East, according a new report from the Symantec and Carbon Black…
-
Attackers exploit Ivanti EPMM zero-days to seize control of MDM servers
Patch, but verify first: Unit 42 directed organizations to Ivanti’s security advisory for remediation guidance, which recommends applying version-specific RPM patches for EPMM 12.x branches that require no appliance downtime. Ivanti cautioned, however, that the patch does not survive a version upgrade and must be reinstalled if the software is updated. “The permanent fix for…
-
Silver Fox APT Deploys DLL Sideloading and BYOVD in Advanced Malware Campaign
Silver Fox APT is running a new wave of targeted attacks in Taiwan that combine DLL sideloading and Bring Your Own Vulnerable Driver (BYOVD) techniques to deploy Winos 4.0 (ValleyRat) while aggressively disabling security tools. The campaigns rely on highly localized tax and e”‘invoice lures and fast”‘changing infrastructure, making them difficult to block with static…
-
Notepad++ patches flaw used to hijack update system
Notepad++ patched a vulnerability that attackers used to hijack its update system and deliver malware to targeted users. Notepad++ fixed a vulnerability that allowed a China-linked APT group to hijack its update mechanism and selectively push malware to chosen targets. In early February, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure,…
-
China-linked APT weaponized Dell RecoverPoint zero-day since 2024
A suspected Chinese state-linked group exploited a critical Dell RecoverPoint flaw (CVE-2026-22769) in zero-day attacks starting mid-2024. Mandiant and Google’s Threat Intelligence Group (GTIG) reported that a suspected China-linked APT group quietly exploited a critical zero-day flaw in Dell RecoverPoint for Virtual Machines starting in mid-2024. >>Mandiant and Google Threat Intelligence Group (GTIG) have identified…
-
Top Security Incidents of 2025: Chrome Browser 0-Day Vulnerability Exploitation
Tags: apt, attack, browser, chrome, control, cyber, cybersecurity, exploit, google, group, network, security-incident, vulnerability, windows, zero-dayBackground In March 2025, cybersecurity researchers disclosed a highly sophisticated targeted attack campaign named “Operation ForumTroll.” Orchestrated by an unidentified state-sponsored APT group, the operation leveraged a Google Chrome 0-day vulnerability (CVE-2025-2783) as its core weapon. This vulnerability enabled sandbox escape, allowing arbitrary code execution on victims’ Windows systems and granting full control over the targeted…The…
-
Chinese APT Group Exploits Dell Zero-Day for Two Years
Mandiant reveals campaign featuring exploit of a CVSS 10.0 CVE in Dell RecoverPoint for Virtual Machines First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-apt-exploits-dell-zeroday/
-
Top Security Incidents of 2025: Lazarus Group’s Cryptocurrency Heist
Tags: apt, attack, breach, crypto, cyber, data-breach, group, korea, lazarus, network, north-korea, security-incident, supply-chainEvent Summary In February 2025, the North Korea-linked APT group Lazarus launched a highly sophisticated supply chain attack against the prominent cryptocurrency exchange Bybit, successfully stealing over 400,000 ETH and stETH”, valued at approximately $1.5 billion. This incident marks the largest single security breach in the global cryptocurrency sector to date. The attack exposed critical…
-
Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign
Researchers found malicious npm and PyPI packages tied to a fake recruitment campaign linked to North Korea’s Lazarus Group. ReversingLabs researcher uncovered new malicious packages on npm and PyPI connected to a fake job recruitment campaign attributed to the North Korea-linked Lazarus Group. The campaign uses deceptive hiring themes to trick developers into downloading infected…
-
Suspected Russian hackers deploy CANFAIL malware against Ukraine
A new alleged Russia-linked APT group targeted Ukrainian defense, government, and energy groups, with CANFAIL malware. Google Threat Intelligence Group identified a previously undocumented threat actor behind attacks on Ukrainian organizations using CANFAIL malware. The group is possibly linked to Russian intelligence services and has targeted defense, military, government, and energy entities at both regional…
-
state-backed hackers exploit Gemini AI for cyber recon and attacks
Google says nation-state actors used Gemini AI for reconnaissance and attack support in cyber operations. Google DeepMind and GTIG report a rise in model extraction or “distillation” attacks aimed at stealing AI intellectual property, which Google has detected and blocked. While APT groups have not breached frontier models, private firms and researchers have tried to…
-
Top Security Incidents of 2025: The Emergence of the ChainedShark APT Group
In 2025, NSFOCUS Fuying Lab disclosed a new APT group targeting China’s scientific research sector, dubbed “ChainedShark” (tracking number: Actor240820). Been active since May 2024, the group’s operations are marked by high strategic coherence and technical sophistication. Its primary targets are professionals in Chinese universities and research institutions specializing in international relations, marine technology, and related…The…
-
42,900 OpenClaw Exposed Control Panels and Why You Should Care
Over the past two weeks, most coverage around Moltbot and OpenClaw has chased the flashy angle. One-click exploits, remote code execution, APT chatter, scary screenshots. Meanwhile, security teams are doing… The post 42,900 OpenClaw Exposed Control Panels and Why You Should Care appeared first on Strobes Security. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2026/02/42900-openclaw-exposed-control-panels-and-why-you-should-care/
-
42,900 OpenClaw Exposed Control Panels and Why You Should Care
Over the past two weeks, most coverage around Moltbot and OpenClaw has chased the flashy angle. One-click exploits, remote code execution, APT chatter, scary screenshots. Meanwhile, security teams are doing… The post 42,900 OpenClaw Exposed Control Panels and Why You Should Care appeared first on Strobes Security. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2026/02/42900-openclaw-exposed-control-panels-and-why-you-should-care/
-
Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says
Researchers found that APT groups were using the AI tool for coding and scripting tasks, gathering information about potential targets, researching publicly known vulnerabilities and enabling post-compromise activities. First seen on therecord.media Jump to article: therecord.media/nation-state-hackers-using-gemini-for-malicious-campaigns
-
Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says
Researchers found that APT groups were using the AI tool for coding and scripting tasks, gathering information about potential targets, researching publicly known vulnerabilities and enabling post-compromise activities. First seen on therecord.media Jump to article: therecord.media/nation-state-hackers-using-gemini-for-malicious-campaigns
-
Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says
Researchers found that APT groups were using the AI tool for coding and scripting tasks, gathering information about potential targets, researching publicly known vulnerabilities and enabling post-compromise activities. First seen on therecord.media Jump to article: therecord.media/nation-state-hackers-using-gemini-for-malicious-campaigns
-
Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says
Researchers found that APT groups were using the AI tool for coding and scripting tasks, gathering information about potential targets, researching publicly known vulnerabilities and enabling post-compromise activities. First seen on therecord.media Jump to article: therecord.media/nation-state-hackers-using-gemini-for-malicious-campaigns
-
Notepad++ lieferte monatelang Backdoors statt Updates – Notepad++-Super-GAU: Wie das Admin-Tool zur APT-Waffe wurde
First seen on security-insider.de Jump to article: www.security-insider.de/notepad-plus-plus-super-gau-apt-backdoor-a-5db1240aced2e8b2a1b4739eea71cf01/
-
China-linked APT UNC3886 targets Singapore telcos
China-linked group UNC3886 targeted Singapore ‘s telecom sector in a cyber espionage campaign, Singapore’s Cyber Security Agency revealed. Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) ran Operation CYBER GUARDIAN to protect the telecom sector. Since July 2025, investigations showed China-linked UNC3886 launched a targeted campaign against all four major…
-
Singapore mounts largest ever cyber operation to oust APT actor
Operation Cyber Guardian mobilised over 100 defenders to neutralise UNC3886 which infiltrated Singtel, StarHub, M1 and Simba networks, operators issue joint pledge on defence-in-depth First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366638973/Singapore-mounts-largest-ever-cyber-operation-to-oust-APT-actor
-
APT Hackers Abuse Trusted Edge Services to Stealthily Deploy Malware
APT activity across APAC is rising rapidly as geopolitical tensions continue to grow, and defenders are seeing more advanced tradecraft aimed at long-term access. Taiwan stood out as the most targeted environment, with 173 tracked attacks far higher than any other regional target highlighting its role as a focal point for espionage and strategic access.…
-
APT27 Launches Stealthy Attacks on Corporate Networks, Evades Detection
A new, highly sophisticated cyberattack campaign that reveals how attackers are bypassing modern defenses to infiltrate corporate networks. The investigation points to a stealthy, multi-stage intrusion likely orchestrated by the threat group known as APT-Q-27, or >>GoldenEyeDog<<. The attack began with a common, everyday task: a customer support agent clicking a link in a support…
-
New APT group breached gov and critical infrastructure orgs in 37 countries
Tags: apt, backdoor, computer, control, espionage, finance, framework, government, group, infrastructure, linux, malware, monitoring, network, software, threat, tool, usa, vulnerabilityA complex toolset of implants: In addition to Cobalt Strike, the group uses various other malware payloads and command-and-control (C2) frameworks, including VShell, Havoc, SparkRat, and Sliver. On compromised web servers, the attackers deploy a variety of web shells, including Behinder, Neo-reGeorg, and Godzilla.On Linux servers the group has been seen deploying a rootkit dubbed…
-
New APT group breached gov and critical infrastructure orgs in 37 countries
Tags: apt, backdoor, computer, control, espionage, finance, framework, government, group, infrastructure, linux, malware, monitoring, network, software, threat, tool, usa, vulnerabilityA complex toolset of implants: In addition to Cobalt Strike, the group uses various other malware payloads and command-and-control (C2) frameworks, including VShell, Havoc, SparkRat, and Sliver. On compromised web servers, the attackers deploy a variety of web shells, including Behinder, Neo-reGeorg, and Godzilla.On Linux servers the group has been seen deploying a rootkit dubbed…
-
Amaranth-Dragon Zielgerichtete Cyberspionage gegen Behörden in Südostasien
Check Point Software Technologies hat über die Sicherheitsforscher von Check Point Research (CPR) hochgradig zielgerichtete Cyberspionagekampagnen aufgedeckt. Sie richteten sich im Jahr 2025 gegen Regierungs- und Strafverfolgungsbehörden in der ASEAN-Region. Die Aktivitäten werden einem bislang öffentlich nicht dokumentierten Bedrohungsakteur namens ‘Amaranth-Dragon” zugeschrieben, der eng mit dem chinesisch zugeordneten APT-41-Ökosystem verbunden ist. Die wichtigsten Ergebnisse im…
-
China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025.Check Point Research is tracking the previously undocumented activity cluster under the moniker Amaranth-Dragon, which it said shares links to the APT 41 ecosystem. Targeted countries include Cambodia, First…
-
HoneyMyte Hacker Group Expands CoolClient Malware With New Advanced Toolset
The HoneyMyte APT group, also known as Mustang Panda and Bronze President, continues expanding its cyber-espionage operations across Asia and Europe, with Southeast Asia being the most heavily targeted region. Recent investigations reveal that the group has significantly enhanced its malware arsenal during 2025, introducing new capabilities to the CoolClient backdoor and deploying multiple browser…
-
Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509)
Russian state-sponsored hackers Fancy Bear (aka APT 28) are exploiting CVE-2026-21509, a Microsoft Office vulnerability for which Microsoft released an emergency fix last … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/russian-hackers-are-exploiting-recently-patched-microsoft-office-vulnerability-cve-2026-21509/