Tag: cyberespionage
-
APT36 Deploys Python-Based ELF Malware in Targeted Attacks on Indian Government Agencies
Pakistan-linked cyberespionage group APT36 (Transparent Tribe) has escalated its campaign against Indian government institutions with the deployment of sophisticated Python-based ELF malware specifically designed to compromise Linux-based BOSS operating environments, according to research published by CYFIRMA. The threat actor, historically focused on Windows systems, has demonstrated expanded technical maturity through multi-platform tooling that bypasses conventional…
-
APT36 Deploys Python-Based ELF Malware in Targeted Attacks on Indian Government Agencies
Pakistan-linked cyberespionage group APT36 (Transparent Tribe) has escalated its campaign against Indian government institutions with the deployment of sophisticated Python-based ELF malware specifically designed to compromise Linux-based BOSS operating environments, according to research published by CYFIRMA. The threat actor, historically focused on Windows systems, has demonstrated expanded technical maturity through multi-platform tooling that bypasses conventional…
-
Security Affairs newsletter Round 551 by Pierluigi Paganini INTERNATIONAL EDITION
Tags: attack, cisa, cyberespionage, email, international, malware, oracle, supply-chain, WeeklyReviewA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks U.S. CISA adds an Oracle…
-
BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks
APT24 used supply chain attacks and varied techniques to deploy the BadAudio malware in a long-running cyberespionage campaign. China-linked group APT24 used supply-chain attacks and multiple techniques over three years to deploy the BadAudio downloader and additional malware payloads, Google Threat Intelligence Group (GTIG) warns. According to the researchers, the group shifted from broad web…
-
SEC drops case against SolarWinds tied to monumental breach
The Securities and Exchange Commission on Thursday dropped its case against SolarWinds and its chief information security officer over its handling of an alleged Russian cyberespionage campaign uncovered in 2020, an incident that penetrated at least nine federal agencies and hundreds of companies. The SEC’s decision brings to a halt one of the more divisive…
-
Asus Routers Hacked in ‘WrtHug’ Campaign
Researchers Suspect a Chinese ROB-Building Operation. Suspected Chinese cyberespionage hackers have commandeered tens of thousands of Asus routers in an operation showing a heavy emphasis on infecting devices stationed in Taiwan. The campaign tracks with reports that Beijing is actively pressing unpatched routers into ORB networks. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/asus-routers-hacked-in-wrthug-campaign-a-30064
-
China-aligned threat actor is conducting widespread cyberespionage campaigns
The threat group PlushDaemon uses routers and other network device implants to redirect domain name system (DNS) queries to malicious external servers which take over updates to unleash tools used for cyberespionage. First seen on therecord.media Jump to article: therecord.media/china-aligned-threat-actor-espionage-network-devices
-
China-aligned threat actor is conducting widespread cyberespionage campaigns
The threat group PlushDaemon uses routers and other network device implants to redirect domain name system (DNS) queries to malicious external servers which take over updates to unleash tools used for cyberespionage. First seen on therecord.media Jump to article: therecord.media/china-aligned-threat-actor-espionage-network-devices
-
Lazarus APT Group’s New ScoringMathTea RAT Enhances Remote Command Execution and More
The Lazarus APT Group, an advanced persistent threat (APT) attributed to North Korea, has deployed a sophisticated new Remote Access Trojan (RAT) called ScoringMathTea as part of its ongoing Operation DreamJob cyberespionage campaign. ScoringMathTea represents a significant evolution in Lazarus’s malware toolkit, implementing a modular architecture designed specifically to evade detection across both network and…
-
Lazarus APT Group’s New ScoringMathTea RAT Enhances Remote Command Execution and More
The Lazarus APT Group, an advanced persistent threat (APT) attributed to North Korea, has deployed a sophisticated new Remote Access Trojan (RAT) called ScoringMathTea as part of its ongoing Operation DreamJob cyberespionage campaign. ScoringMathTea represents a significant evolution in Lazarus’s malware toolkit, implementing a modular architecture designed specifically to evade detection across both network and…
-
AI Tool Ran Bulk of Cyberattack, Anthropic Says
Claude Ran Up to 90% Intrusion Tasks Autonomously in China-Linked Campaign. A Chinese state-linked hacking group relied on the Claude Code model to automate most of a cyberespionage campaign against dozens of organizations, Anthropic said. The AI firm describes the campaign as the first verified case of an AI system handling the bulk of a…
-
Kimsuky APT Takes Over South Korean Androids, Abuses KakaoTalk
Konni, a subset of the state-sponsored DPRK cyberespionage group, first exploits Google Find Hub, which ironically aims to protect lost Android devices, to remotely wipe devices. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/kimsuky-apt-south-korean-androids-abuses-kakaotalk
-
Sandworm Hackers Target Ukrainian Organizations With Data-Wiping Malware
Russia-aligned threat actor Sandworm has intensified its destructive cyber operations against Ukrainian organizations, deploying data wiper malware to cripple critical infrastructure and weaken the nation’s economy. Unlike other Russia-aligned advanced persistent threat groups that primarily engage in cyberespionage activities, Sandworm’s operations are characterized by their explicitly destructive intent. According to the latest ESET APT Activity…
-
Chinesischsprachiges Cyberspionage-Tool auf über 1.500 Servern
Der europäische Cybersicherheitsspezialist NVISO hat eine großangelegte Kampagne zur Cyberspionage aufgedeckt. Über 1.500 Server waren betroffen und mit der modularen Backdoor VShell infiziert. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/chinesischsprachiges-cyberspionage-tool-auf-1-500-servern
-
Drohn-Gebärden aus Nordkorea: Lazarus greift europäische UAV-Hersteller an
ESET Forscher analysieren eine aktuelle Cyberspionage-Kampagne der berüchtigten nordkoreanischen Hackergruppe First seen on welivesecurity.com Jump to article: www.welivesecurity.com/drohn-gebarden-aus-nordkorea-lazarus-greift-europaische-uav-hersteller-an/
-
Cyberspionage – Hybride Angriffe auf Europas Drohnenindustrie
First seen on security-insider.de Jump to article: www.security-insider.de/cyberspionage-desinformationskampagnen-gefahr-europas-drohnenindustrie-a-6941492a7051af8da7e3148f3762d375/
-
Cyberspionage gegen diplomatische Einrichtungen in Europa durch chinesische APT-Gruppe
Arctic Wolf hat eine laufende Cyberspionagekampagne des chinesisch-affiliierten Bedrohungsakteurs UNC6384 aufgedeckt, die sich im September und Oktober gezielt gegen diplomatische Einrichtungen in Ungarn, Belgien und weiteren europäischen Staaten richtete. Die Angreifer kombinieren eine neu entdeckte Windows-Schwachstelle (ZDI-CAN-25373) mit der seit Jahren aktiven Spionage-Malware PlugX und setzen dabei auf täuschend echte Phishing-Mails mit EU- und NATO-Konferenzthemen.…
-
Cyberspionage gegen diplomatische Einrichtungen in Europa durch chinesische APT-Gruppe
Arctic Wolf hat eine laufende Cyberspionagekampagne des chinesisch-affiliierten Bedrohungsakteurs UNC6384 aufgedeckt, die sich im September und Oktober gezielt gegen diplomatische Einrichtungen in Ungarn, Belgien und weiteren europäischen Staaten richtete. Die Angreifer kombinieren eine neu entdeckte Windows-Schwachstelle (ZDI-CAN-25373) mit der seit Jahren aktiven Spionage-Malware PlugX und setzen dabei auf täuschend echte Phishing-Mails mit EU- und NATO-Konferenzthemen.…
-
Cyberspionage gegen diplomatische Einrichtungen in Europa durch chinesische APT-Gruppe
Arctic Wolf hat eine laufende Cyberspionagekampagne des chinesisch-affiliierten Bedrohungsakteurs UNC6384 aufgedeckt, die sich im September und Oktober gezielt gegen diplomatische Einrichtungen in Ungarn, Belgien und weiteren europäischen Staaten richtete. Die Angreifer kombinieren eine neu entdeckte Windows-Schwachstelle (ZDI-CAN-25373) mit der seit Jahren aktiven Spionage-Malware PlugX und setzen dabei auf täuschend echte Phishing-Mails mit EU- und NATO-Konferenzthemen.…
-
Neue Hacking-Team-Spyware entdeckt
Forscher von Kaspersky haben nach intensiver Analyse eine Verbindung zwischen der berüchtigten Hackergruppe Memento Labs und einer aktuellen Cyberspionage-Kampagne entdeckt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/neue-hacking-team-spyware-entdeckt
-
North Korean Hackers Target UAV Industry to Steal Confidential Data
ESET researchers have uncovered a sophisticated cyberespionage campaign targeting European defense companies specializing in unmanned aerial vehicle (UAV) technology. The attacks, attributed to the North Korea-aligned Lazarus group operating under Operation DreamJob, reveal a coordinated effort to steal proprietary manufacturing data and design specifications from critical players in the drone industry. The campaign, observed beginning…
-
North Korean Hackers Target UAV Industry to Steal Confidential Data
ESET researchers have uncovered a sophisticated cyberespionage campaign targeting European defense companies specializing in unmanned aerial vehicle (UAV) technology. The attacks, attributed to the North Korea-aligned Lazarus group operating under Operation DreamJob, reveal a coordinated effort to steal proprietary manufacturing data and design specifications from critical players in the drone industry. The campaign, observed beginning…
-
PassiveNeuron Cyberespionage Resurfaces: APT Abuses MS SQL Servers to Deploy Stealthy Neursite Backdoor
The post PassiveNeuron Cyberespionage Resurfaces: APT Abuses MS SQL Servers to Deploy Stealthy Neursite Backdoor appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/passiveneuron-cyberespionage-resurfaces-apt-abuses-ms-sql-servers-to-deploy-stealthy-neursite-backdoor/
-
PassiveNeuron Targets High-Profile Servers to Deploy Malware
A sophisticated cyberespionage campaign dubbed PassiveNeuron has emerged from the shadows after months of dormancy, with security researchers uncovering fresh details about its operations and attack methods. The campaign, first detected in June 2024, has resurfaced with renewed vigor, targeting government, financial and industrial organizations across Asia, Africa and Latin America with previously unknown malware…
-
Salt Typhoon Targets European Telecom
Attack Began With Citrix NetScaler Gateway Compromise, Darktrace Said. The Chinese cyberespionage hackers commonly tracked as Salt Typhoon haven’t stopped their campaign against global telecoms, says managed threat detection firm Darktrace. The group has made telecoms and other digital infrastructure a primary target. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/salt-typhoon-targets-european-telecom-a-29766
-
Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor
China-linked cyberespionage group Flax Typhoon hijacked an ArcGIS system for over a year and used it as a backdoor. China-linked APT group Flax Typhoon (aka Ethereal Panda or RedJuliett) compromised an ArcGIS system for over a year, using it as a backdoor. ArcGIS, a key GIS platform for mapping and analysis, supports vital services like…
-
Arrests Underscore Fears of Teen Cyberespionage Recruitment
Telegram Used to Lure Teen Recon Recruits. The late September arrest of two teenagers in the Netherlands on suspicion of capturing Wi-Fi signals for pro-Russian hackers has sparked warnings from security analysts over a digital drive for low-skill reconnaissance tasks by nation-state spymasters. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/arrests-underscore-fears-teen-cyberespionage-recruitment-a-29681
-
Chinese Hackers Deploy New PlugX Variant
Sophisticated Cyberespionage Campaign Targets Asian Telecom, Manufacturing Sectors. A remote access Trojan that’s a staple of Chinese nation-state hacking is part of an ongoing campaign targeting telecom and manufacturing sectors in Central and South Asian countries. The threat actor, tracked as Naikon, apparently has access to a new variant of PlugX malware. First seen on…