Tag: apt

Operation Hanoi Thief: Pseudo-Polyglot Payloads Targeting IT Professionals

Dec 1, 2025 3:49 PM

Tags: apt, cyber, cyberattack, jobs, malicious, malware

SEQRITE Labs APT-Team has uncovered a sophisticated cyberattack campaign dubbed >>Operation Hanoi Thief,
Russian Tomiris APT Adopts >>Polyglot<< Strategy, Hijacking Telegram/Discord as Covert C2 for Diplomatic Spies

Dec 1, 2025 1:49 AM

Tags: apt, russia, strategy

The post Russian Tomiris APT Adopts >>Polyglot
Russian Tomiris APT Adopts >>Polyglot<< Strategy, Hijacking Telegram/Discord as Covert C2 for Diplomatic Spies

Dec 1, 2025 1:49 AM

Tags: apt, russia, strategy

The post Russian Tomiris APT Adopts >>Polyglot
Bloody Wolf APT Expands to Central Asia, Deploys NetSupport RAT via Custom Java Droppers and Geo-Fencing

Dec 1, 2025 1:49 AM

Tags: apt, rat

The post Bloody Wolf APT Expands to Central Asia, Deploys NetSupport RAT via Custom Java Droppers and Geo-Fencing appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/bloody-wolf-apt-expands-to-central-asia-deploys-netsupport-rat-via-custom-java-droppers-and-geo-fencing/
Bloody Wolf APT Expands to Central Asia, Deploys NetSupport RAT via Custom Java Droppers and Geo-Fencing

Dec 1, 2025 1:49 AM

Tags: apt, rat

The post Bloody Wolf APT Expands to Central Asia, Deploys NetSupport RAT via Custom Java Droppers and Geo-Fencing appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/bloody-wolf-apt-expands-to-central-asia-deploys-netsupport-rat-via-custom-java-droppers-and-geo-fencing/
What your firewall sees that your EDR doesn’t

Nov 27, 2025 7:49 PM

Tags: apt, credentials, edr, firewall, group, login, network, russia

The group known as Librarian Ghouls has infiltrated networks of technical universities and industrial organisations across Russia, Belarus and Kazakhstan, all without raising immediate alarms. They achieved this by leveraging legitimate logins to move laterally through internal networks, utilising valid credentials and avoiding alert triggers. Unlike many other APT groups, Librarian Ghouls does not rely…
Neues ToddyCat-Toolkit greift Outlook und Microsoft-Token an

Nov 27, 2025 2:49 PM

Tags: access, apt, backdoor, browser, chrome, cloud, cyberattack, exploit, governance, government, Internet, kaspersky, mail, microsoft, open-source, powershell, tool, update, vulnerability, windows

Die APT-Gruppe ToddyCat hat ihren Fokus auf den Diebstahl von Outlook-E-Mail-Daten und Microsoft 365-Zugriffstoken verlagert.Forscher von Kaspersky Labs haben festgestellt, dass sich die APT-Gruppe (Advanced Persistent Threat) ToddyCat jetzt darauf spezialisiert hat, Outlook-E-Mail-Daten und Microsoft 365-Zugriffstoken zu stehlen.Demnachhat die Hackerbande ihr Toolkit Ende 2024 und Anfang 2025 weiterentwickelt, um nicht nur wie bisher Browser-Anmeldedaten zu…
Rare APT Collaboration Emerges Between Russia and North Korea

Nov 26, 2025 8:49 PM

Tags: apt, infrastructure, korea, lazarus, north-korea, russia

Researchers say Russia’s Gamaredon and North Korea’s Lazarus may be sharing infrastructure, a rare APT collaboration. The post Rare APT Collaboration Emerges Between Russia and North Korea appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apt-collaboration-russia-north-korea/
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
ToddyCat APT evolves to target Outlook archives and Microsoft 365 tokens

Nov 26, 2025 1:49 PM

Tags: access, apt, backdoor, cloud, corporate, detection, email, espionage, government, group, kaspersky, mail, malicious, microsoft, military, network, open-source, software, tactics, theft, tool

Outlook in the Crosshairs: Another evolution involves accessing actual mail data. ToddyCat deployed a tool named TCSectorCopya C++ utility that opens the disk as a read-only device and copies Outlook’s offline storage files (OST) sector by sector, bypassing any file-lock mechanisms that Outlook may enforce.Once OST files are extracted, they are fed into XstReader, an…
Gamayun APT Exploits New MSC EvilTwin Vulnerability to Deliver Malicious Payloads

Nov 26, 2025 7:49 AM

Tags: apt, cyber, exploit, group, infrastructure, malicious, microsoft, powershell, social-engineering, threat, vulnerability, windows

Water Gamayun, a Russia”‘aligned advanced persistent threat (APT) group, has launched a new multi”‘stage intrusion campaign that weaponizes the recently disclosed MSC EvilTwin vulnerability in Windows Microsoft Management Console (MMC). Leveraging a blend of compromised infrastructure, social engineering, and heavily obfuscated PowerShell, the attackers exploited CVE”‘2025″‘26633 to inject malicious code into mmc.exe, ultimately delivering hidden…
Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack

Nov 26, 2025 12:49 AM

Tags: access, apt, attack, backdoor, cloud, control, credentials, cve, data, detection, exploit, government, group, infrastructure, intelligence, malicious, malware, network, open-source, password, powershell, risk, russia, social-engineering, supply-chain, tactics, theft, threat, tool, vulnerability, windows, zero-day, zero-trust

This blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability,…
Zscaler Threat Hunting Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack

Nov 26, 2025 12:49 AM

Tags: access, apt, attack, backdoor, cloud, control, credentials, cve, data, detection, exploit, government, group, infrastructure, intelligence, malicious, malware, network, open-source, password, powershell, risk, russia, social-engineering, supply-chain, tactics, theft, threat, tool, vulnerability, windows, zero-day, zero-trust

This blog is intended to share an in-depth analysis of a recent multi-stage attack attributed to the Water Gamayun advanced persistent threat group (APT). Drawing on telemetry, forensic reconstruction, and known threat intelligence, the Zscaler Threat Hunting team reconstructed how a seemingly innocuous web search led to a sophisticated exploitation of a Windows MMC vulnerability,…
Rare APT Collaboration Emerges Between Russia and North Korea

Nov 25, 2025 11:49 PM

Tags: apt, infrastructure, korea, lazarus, north-korea, russia

Researchers say Russia’s Gamaredon and North Korea’s Lazarus may be sharing infrastructure, a rare APT collaboration. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/news-russia-north-korea-apt-collab/
Telecommunications Network Security: Defending Against Nation State APTs with Unified AI Defense

Nov 25, 2025 5:49 PM

Tags: 5G, ai, apt, attack, breach, cloud, cyber, defense, iot, network, tool

The global telecommunications ecosystem has entered its most dangerous cyber era.As 5G, O RAN, cloud workloads, and massive IoT ecosystems expand, telecom networks have become the number one target for nation-state APTs. Attacks like Salt Typhoon, labeled the worst telecom breach in U.S. history, prove one reality: Traditional enterprise security tools cannot defend networks operating…
Telecommunications Network Security: Defending Against Nation State APTs with Unified AI Defense

Nov 25, 2025 5:49 PM

Tags: 5G, ai, apt, attack, breach, cloud, cyber, defense, iot, network, tool

The global telecommunications ecosystem has entered its most dangerous cyber era.As 5G, O RAN, cloud workloads, and massive IoT ecosystems expand, telecom networks have become the number one target for nation-state APTs. Attacks like Salt Typhoon, labeled the worst telecom breach in U.S. history, prove one reality: Traditional enterprise security tools cannot defend networks operating…
China-Nexus Autumn Dragon APT Exploits WinRAR Flaw to Deploy Telegram C2 Backdoor

Nov 25, 2025 1:49 AM

Tags: apt, backdoor, china, exploit, flaw

The post China-Nexus Autumn Dragon APT Exploits WinRAR Flaw to Deploy Telegram C2 Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/china-nexus-autumn-dragon-apt-exploits-winrar-flaw-to-deploy-telegram-c2-backdoor/
Attackers deliver ShadowPad via newly patched WSUS RCE bug

Nov 24, 2025 3:49 PM

Tags: access, apt, backdoor, china, exploit, flaw, group, intelligence, rce, remote-code-execution, threat

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
Attackers deliver ShadowPad via newly patched WSUS RCE bug

Nov 24, 2025 3:49 PM

Tags: access, apt, backdoor, china, exploit, flaw, group, intelligence, rce, remote-code-execution, threat

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
Attackers deliver ShadowPad via newly patched WSUS RCE bug

Nov 24, 2025 3:49 PM

Tags: access, apt, backdoor, china, exploit, flaw, group, intelligence, rce, remote-code-execution, threat

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
Attackers deliver ShadowPad via newly patched WSUS RCE bug

Nov 24, 2025 2:49 PM

Tags: access, apt, backdoor, china, exploit, flaw, group, intelligence, rce, remote-code-execution, threat

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
ToddyCat APT Targeting Internal Employee Communications at Organizations

Nov 24, 2025 12:49 PM

Tags: apt, communications, corporate, cyber, espionage, group, kaspersky, organized, threat

Advanced persistent threat actors continue to develop sophisticated techniques for compromising corporate communications, with the ToddyCat APT group demonstrating remarkable evolution in their operational capabilities. Recent research from Kaspersky reveals how this highly organized espionage group has refined methods for covertly accessing internal employee communications at target organizations throughout the second half of 2024 and…
ToddyCat APT Targeting Internal Employee Communications at Organizations

Nov 24, 2025 12:49 PM

Tags: apt, communications, corporate, cyber, espionage, group, kaspersky, organized, threat

Advanced persistent threat actors continue to develop sophisticated techniques for compromising corporate communications, with the ToddyCat APT group demonstrating remarkable evolution in their operational capabilities. Recent research from Kaspersky reveals how this highly organized espionage group has refined methods for covertly accessing internal employee communications at target organizations throughout the second half of 2024 and…
ToddyCat APT Targeting Internal Employee Communications at Organizations

Nov 24, 2025 12:49 PM

Tags: apt, communications, corporate, cyber, espionage, group, kaspersky, organized, threat

Advanced persistent threat actors continue to develop sophisticated techniques for compromising corporate communications, with the ToddyCat APT group demonstrating remarkable evolution in their operational capabilities. Recent research from Kaspersky reveals how this highly organized espionage group has refined methods for covertly accessing internal employee communications at target organizations throughout the second half of 2024 and…
ToddyCat APT Targeting Internal Employee Communications at Organizations

Nov 24, 2025 12:49 PM

Tags: apt, communications, corporate, cyber, espionage, group, kaspersky, organized, threat

Advanced persistent threat actors continue to develop sophisticated techniques for compromising corporate communications, with the ToddyCat APT group demonstrating remarkable evolution in their operational capabilities. Recent research from Kaspersky reveals how this highly organized espionage group has refined methods for covertly accessing internal employee communications at target organizations throughout the second half of 2024 and…
ToddyCat APT Targeting Internal Employee Communications at Organizations

Nov 24, 2025 12:49 PM

Tags: apt, communications, corporate, cyber, espionage, group, kaspersky, organized, threat

Advanced persistent threat actors continue to develop sophisticated techniques for compromising corporate communications, with the ToddyCat APT group demonstrating remarkable evolution in their operational capabilities. Recent research from Kaspersky reveals how this highly organized espionage group has refined methods for covertly accessing internal employee communications at target organizations throughout the second half of 2024 and…
State of Cybersecurity 2025 for USA MSPs/MSSPs: Challenges, Threats, and the Seceon Platform Solution

Nov 22, 2025 5:49 AM

Tags: apt, cybersecurity, group, ransomware, service, threat, tool, usa

Introduction: The Cybersecurity Crisis for Service Providers The landscape of cybersecurity for USA Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) in 2025 is defined by unprecedented complexity, operational frustration, and rapidly escalating threats. The “Best of Breed” tool stack, the evolution of nation-state APT groups, and the explosion in ransomware require a…
State of Cybersecurity 2025 for USA MSPs/MSSPs: Challenges, Threats, and the Seceon Platform Solution

Nov 22, 2025 5:49 AM

Tags: apt, cybersecurity, group, ransomware, service, threat, tool, usa

Introduction: The Cybersecurity Crisis for Service Providers The landscape of cybersecurity for USA Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) in 2025 is defined by unprecedented complexity, operational frustration, and rapidly escalating threats. The “Best of Breed” tool stack, the evolution of nation-state APT groups, and the explosion in ransomware require a…
North Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day Exploits

Nov 21, 2025 7:49 PM

Tags: apt, attack, blockchain, crypto, cyber, exploit, finance, framework, group, healthcare, infrastructure, intelligence, korea, lazarus, military, north-korea, threat, zero-day

North Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, this collaboration poses an unprecedented threat to critical infrastructure worldwide, with attacks targeting the military, financial, blockchain, energy, and healthcare sectors across the United…
North Korean Kimsuky and Lazarus Teams Target Critical Sectors with Zero-Day Exploits

Nov 21, 2025 7:49 PM

Tags: apt, attack, blockchain, crypto, cyber, exploit, finance, framework, group, healthcare, infrastructure, intelligence, korea, lazarus, military, north-korea, threat, zero-day

North Korea’s two most formidable APT groups Kimsuky and Lazarus have established a coordinated operational framework that combines intelligence gathering with large-scale cryptocurrency theft. According to a comprehensive Trend Micro analysis, this collaboration poses an unprecedented threat to critical infrastructure worldwide, with attacks targeting the military, financial, blockchain, energy, and healthcare sectors across the United…