Tag: apt
-
APT Groups Target Construction Firms to Steal RDP, SSH, and Citrix Credentials
Tags: apt, china, citrix, credentials, cyber, cybercrime, group, iran, korea, network, north-korea, organized, ransomware, russia, threatThe construction industry has emerged as a primary target for sophisticated cyber adversaries in 2025, with threat actors including state-sponsored APT groups, ransomware operators, and organized cybercriminal networks actively targeting organizations across the building and construction sector. Nation-state actors from China, Russia, Iran, and North Korea are leveraging the industry’s rapid digital transformation and security…
-
APT Groups Target Construction Firms to Steal RDP, SSH, and Citrix Credentials
Tags: apt, china, citrix, credentials, cyber, cybercrime, group, iran, korea, network, north-korea, organized, ransomware, russia, threatThe construction industry has emerged as a primary target for sophisticated cyber adversaries in 2025, with threat actors including state-sponsored APT groups, ransomware operators, and organized cybercriminal networks actively targeting organizations across the building and construction sector. Nation-state actors from China, Russia, Iran, and North Korea are leveraging the industry’s rapid digital transformation and security…
-
China APT Infiltrates US Policy Nonprofit in Months-Long Espionage Campaign Using DLL Sideloading
The post China APT Infiltrates US Policy Nonprofit in Months-Long Espionage Campaign Using DLL Sideloading appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/china-apt-infiltrates-us-policy-nonprofit-in-months-long-espionage-campaign-using-dll-sideloading/
-
China-linked hackers target U.S. non-profit in long-term espionage campaign
A China-linked group targeted a U.S. non-profit to gain long-term access, part of wider attacks on U.S. entities tied to policy matters. China-linked hackers breached a U.S. policy-focused nonprofit in April 2025, maintaining weeks of access. They used DLL sideloading via vetysafe.exe, a tactic used by other Chinese APT groups like Space Pirates, Kelp, and…
-
ESET APT Activity Report Q2 2025-Q3 2025
Tags: aptESET gibt einen Überblick über die Aktivitäten ausgewählter APT-Gruppen im 2. und 3. Quartal 2025 First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/eset-apt-activity-report-q22025-q32025/
-
Russian APT abuses Windows Hyper-V for persistence and malware execution
Tags: apt, attack, authentication, cctv, defense, group, infrastructure, malware, password, powershell, russia, threat, tool, windowsOther malware tools: The researchers also found additional malware payloads left by the attackers on systems, including a custom PowerShell script used to inject a Kerberos ticket into LSASS to enable authentication and command execution on remote systems.Another PowerShell script was pushed to multiple systems via domain Group Policy to change the password of an…
-
Russia-linked APT InedibleOchotense impersonates ESET to deploy backdoor on Ukrainian systems
Russia-linked group InedibleOchotense used fake ESET installers in phishing attacks on Ukrainian targets in May 2025. Russia-linked group InedibleOchotense used trojanized ESET installers in phishing attacks against Ukrainian entities detected in May 2025. The campaign used emails and Signal messages to deliver trojanized ESET installers that installed both legitimate software and the Kalambur backdoor. >>Another…
-
Russia-linked APT InedibleOchotense impersonates ESET to deploy backdoor on Ukrainian systems
Russia-linked group InedibleOchotense used fake ESET installers in phishing attacks on Ukrainian targets in May 2025. Russia-linked group InedibleOchotense used trojanized ESET installers in phishing attacks against Ukrainian entities detected in May 2025. The campaign used emails and Signal messages to deliver trojanized ESET installers that installed both legitimate software and the Kalambur backdoor. >>Another…
-
Sandworm Hackers Target Ukrainian Organizations With Data-Wiping Malware
Russia-aligned threat actor Sandworm has intensified its destructive cyber operations against Ukrainian organizations, deploying data wiper malware to cripple critical infrastructure and weaken the nation’s economy. Unlike other Russia-aligned advanced persistent threat groups that primarily engage in cyberespionage activities, Sandworm’s operations are characterized by their explicitly destructive intent. According to the latest ESET APT Activity…
-
Russia-linked hackers intensify attacks as global APT activity shifts
State-aligned hacking groups have spent the past six months ramping up espionage, sabotage, and cybercrime campaigns across multiple regions, according to ESET’s APT Activity … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/06/global-apt-activity-report-2025/
-
Russia-linked hackers intensify attacks as global APT activity shifts
State-aligned hacking groups have spent the past six months ramping up espionage, sabotage, and cybercrime campaigns across multiple regions, according to ESET’s APT Activity … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/06/global-apt-activity-report-2025/
-
New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage
The post New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/new-iranian-linked-apt-unk_smudgedserpent-uses-rmm-tools-and-m365-spoofing-for-espionage/
-
Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM
The post Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/curly-comrades-apt-bypasses-edr-by-hiding-linux-backdoor-inside-covert-hyper-v-vm/
-
New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage
The post New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/new-iranian-linked-apt-unk_smudgedserpent-uses-rmm-tools-and-m365-spoofing-for-espionage/
-
APT60 Targets Japan: New SpyGlace Malware Uses VHDX LNK and GitHub Tasking for Persistent Espionage
The post APT-C-60 Targets Japan: New SpyGlace Malware Uses VHDX LNK and GitHub Tasking for Persistent Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/apt-c-60-targets-japan-new-spyglace-malware-uses-vhdx-lnk-and-github-tasking-for-persistent-espionage/
-
Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM
The post Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/curly-comrades-apt-bypasses-edr-by-hiding-linux-backdoor-inside-covert-hyper-v-vm/
-
APT ‘Bronze Butler’ Exploits Zero-Day to Root Japan Orgs
A critical security issue in a popular endpoint manager (CVE-2025-61932) allowed Chinese state-sponsored attackers to backdoor Japanese businesses. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/bronze-butler-apt-exploits-zero-day-vuln-root-japan
-
Iran’s Elusive SmudgedSerpent’ APT Phishes Influential US Policy Wonks
Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-apt-phishes-us-policy-wonks
-
Iran’s Elusive SmudgedSerpent’ APT Phishes Influential US Policy Wonks
Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-apt-phishes-us-policy-wonks
-
APT60 Campaign: Malicious VHDX Hosted on Google Drive Lures Job Applicants
JPCERT/CC has issued an urgent warning about ongoing attacks by the advanced persistent threat group APT-C-60, which continues to target recruitment professionals in Japan through sophisticated spear-phishing campaigns. The attack campaign specifically impersonates job seekers contacting recruitment staff, exploiting the natural workflow of human resources professionals who regularly review candidate submissions. Between June and August…
-
APT60 Campaign: Malicious VHDX Hosted on Google Drive Lures Job Applicants
JPCERT/CC has issued an urgent warning about ongoing attacks by the advanced persistent threat group APT-C-60, which continues to target recruitment professionals in Japan through sophisticated spear-phishing campaigns. The attack campaign specifically impersonates job seekers contacting recruitment staff, exploiting the natural workflow of human resources professionals who regularly review candidate submissions. Between June and August…
-
Elusive Iranian APT Phishes Influential US Policy Wonks
Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-apt-phishes-us-policy-wonks
-
Elusive Iranian APT Phishes Influential US Policy Wonks
Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-apt-phishes-us-policy-wonks
-
Silent Lynx APT New Attack Targeting Governmental Employees Posing as Officials
Seqrite Labs’ APT Team has documented fresh campaigns from Silent Lynx, a sophisticated threat actor group known for orchestrating spear-phishing operations that impersonate government officials to target diplomatic and governmental employees across Central Asia. The group, also tracked under aliases including YoroTrooper, Sturgeon Phisher, and Cavalry Werewolf, continues its espionage-focused activities with minimal operational security…
-
NSFOCUS in SAS 2025: Unveiling Secrets Behind Large-Scale DDoS Attacks on AI Platform and Social Media
SANTA CLARA, Calif., November 4, 2025 The 18th Global Security Analyst Summit (SAS) concluded successfully in Khao Lak, Thailand. Focused on the complexity of APT attacks, the summit exposed the latest attack activities from Hacking Team and disclosed multiple major security risk incidents. It gathered top global cybersecurity experts, academic elites, and law enforcement representatives to…The…
-
NSFOCUS in SAS 2025: Unveiling Secrets Behind Large-Scale DDoS Attacks on AI Platform and Social Media
SANTA CLARA, Calif., November 4, 2025 The 18th Global Security Analyst Summit (SAS) concluded successfully in Khao Lak, Thailand. Focused on the complexity of APT attacks, the summit exposed the latest attack activities from Hacking Team and disclosed multiple major security risk incidents. It gathered top global cybersecurity experts, academic elites, and law enforcement representatives to…The…
-
Operation PeekBaku: Silent Lynx APT Exploits LNK Flaws to Deploy Reverse Shells via GitHub Against Central Asian Diplomacy
The post Operation Peek-A-Baku: Silent Lynx APT Exploits LNK Flaws to Deploy Reverse Shells via GitHub Against Central Asian Diplomacy appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/operation-peek-a-baku-silent-lynx-apt-exploits-lnk-flaws-to-deploy-reverse-shells-via-github-against-central-asian-diplomacy/
-
Operation PeekBaku: Silent Lynx APT Exploits LNK Flaws to Deploy Reverse Shells via GitHub Against Central Asian Diplomacy
The post Operation Peek-A-Baku: Silent Lynx APT Exploits LNK Flaws to Deploy Reverse Shells via GitHub Against Central Asian Diplomacy appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/operation-peek-a-baku-silent-lynx-apt-exploits-lnk-flaws-to-deploy-reverse-shells-via-github-against-central-asian-diplomacy/
-
Chinese APT UNC6384 Pivots to Europe, Exploits Windows LNK Flaw to Deploy PlugX via Canon DLL Sideloading
The post Chinese APT UNC6384 Pivots to Europe, Exploits Windows LNK Flaw to Deploy PlugX via Canon DLL Sideloading appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/chinese-apt-unc6384-pivots-to-europe-exploits-windows-lnk-flaw-to-deploy-plugx-via-canon-dll-sideloading/
-
North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT
The post North Korean APTs Upgrade Arsenal: Kimsuky Uses Stealthy HttpTroy, Lazarus Deploys New BLINDINGCAN RAT appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/north-korean-apts-upgrade-arsenal-kimsuky-uses-stealthy-httptroy-lazarus-deploys-new-blindingcan-rat/