Tag: espionage
-
Financially motivated hackers are helping their espionage counterparts and vice versa
Two players who mostly worked independently are increasingly collaborative. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/02/financially-motivated-hackers-are-helping-their-espionage-counterparts-and-vice-versa/
-
APT43 Hackers Targeting Academic Institutions Using Exposed Credentials
APT43, also known by aliases such as Black Banshee, Emerald Sleet, and Kimsuky, is a North Korean state-sponsored cyber threat actor linked to the Reconnaissance General Bureau (RGB). This group is primarily motivated by espionage and has recently expanded its operations to include financially driven cybercrime. APT43 has been actively targeting academic institutions in South…
-
Russian Hackers Leverages Weaponized Microsoft Key Management Service (KMS) to Hack Windows Systems
In a calculated cyber-espionage campaign, the Russian state-sponsored hacking group Sandworm (APT44), linked to the GRU (Russia’s Main Intelligence Directorate), has been exploiting pirated Microsoft Key Management Service (KMS) activation tools to target Ukrainian Windows systems. This operation, active since late 2023, employs trojanized KMS activators and fake Windows updates to deploy malware, including the…
-
Hackers Exploited PAN-OS Flaw to Deploy Chinese Malware in Ransomware Attack
An RA World ransomware attack in November 2024 targeting an unnamed Asian software and services company involved the use of a malicious tool exclusively used by China-based cyber espionage groups, raising the possibility that the threat actor may be moonlighting as a ransomware player in an individual capacity.”During the attack in late 2024, the attacker…
-
FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux
Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts.The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707. Some of the other targets…
-
Sandworm APT Hackers Weaponize Microsoft KMS Activation Tools To Compromise Windows
In a sophisticated cyber-espionage operation, the Russian state-sponsored hacking group Sandworm (APT44), linked to the GRU (Russia’s Main Intelligence Directorate), has been exploiting pirated Microsoft Key Management Service (KMS) activation tools to target Ukrainian Windows users. The campaign, which began in late 2023, leverages trojanized KMS activators and fake Windows updates to deploy malware, including…
-
Sandworm APT Exploits Trojanized KMS Tools to Target Ukrainian Users in Cyber Espionage Campaign
The notorious Sandworm APT (APT44), a Russian-state-sponsored threat actor affiliated with the GRU (Russia’s Main Intelligence Directorate), has First seen on securityonline.info Jump to article: securityonline.info/sandworm-apt-exploits-trojanized-kms-tools-to-target-ukrainian-users-in-cyber-espionage-campaign/
-
The Rise of Typhoon Cyber Groups
Tags: access, attack, breach, communications, control, cyber, cyberattack, cybersecurity, data, defense, dns, endpoint, espionage, exploit, finance, government, group, infrastructure, intelligence, iot, military, monitoring, network, phone, resilience, supply-chain, tactics, threat, tool, vulnerability, zero-day -
Russian military hackers deploy malicious Windows activators in Ukraine
The Sandworm Russian military cyber-espionage group is targeting Windows users in Ukraine with trojanized Microsoft Key Management Service (KMS) activators and fake Windows updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-military-hackers-deploy-malicious-windows-activators-in-ukraine/
-
Researchers Found North Korean Hackers Advanced Tactics, techniques, and procedures
Recent research has highlighted the increasingly sophisticated tactics, techniques, and procedures (TTPs) employed by North Korean state-sponsored hackers. These cyber actors have demonstrated a strategic focus on espionage, financial theft, and disruption, targeting a broad range of sectors globally. Their operations align with the regime’s geopolitical objectives, including funding nuclear programs, gathering intelligence, and undermining…
-
HPE is notifying individuals affected by a December 2023 attack
Hewlett Packard Enterprise (HPE) has begun notifying individuals affected by a December 2023 attack carried out by Russia-linked threat actors. Hewlett Packard Enterprise has started notifying individuals whose personal information was exposed in a December 2023 cyber attack. In January 2024, Hewlett Packard Enterprise (HPE) revealed that alleged Russia-linked cyber espionage group Midnight Blizzard gained access to…
-
NanoCore RAT Attack Windows Using Task Scheduler to Captures keystrokes, screenshots
NanoCore, a notorious Remote Access Trojan (RAT), continues to pose a significant threat to Windows systems. This malware, known for its espionage capabilities and modular design, is being leveraged by cybercriminals to exfiltrate sensitive data, control infected systems, and maintain persistence using advanced techniques. A recent analysis of a NanoCore sample (MD5 hash: 18B476D37244CB0B435D7B06912E9193) sheds…
-
Lazarus Group Lures Victims with Fake LinkedIn Job Offers, Warns Bitdefender
Bitdefender Labs has uncovered an active cyber espionage campaign by the Lazarus Group, a North Korean state-sponsored threat First seen on securityonline.info Jump to article: securityonline.info/lazarus-group-lures-victims-with-fake-linkedin-job-offers-warns-bitdefender/
-
Kimsuky Group Leverages RDP Wrapper for Persistent Cyber Espionage
The notorious North Korean APT group Kimsuky has continued its cyber espionage operations, leveraging spear-phishing attacks and remote First seen on securityonline.info Jump to article: securityonline.info/kimsuky-group-leverages-rdp-wrapper-for-persistent-cyber-espionage/
-
US cranks up espionage charges against ex-Googler accused of trade secrets heist
Tags: espionageMountain View clocked onto the scheme with days to spare First seen on theregister.com Jump to article: www.theregister.com/2025/02/05/google_espionage_charges/
-
MacOS Ferret operators add a deceptive bite to their malware family
The macOS Ferret family, variants of malware used by North Korean APTs for cyber espionage, has received a new member as samples of a detection-resistant variant, Flexible-Ferret, appear in the wild.The discovery of the samples was made by SentinelOne researchers who noted the variant’s capability to evade the recent XProtect signature update that Apple pushed…
-
Chinese Hackers Attacking Linux Devices With New SSH Backdoor
A sophisticated cyber espionage campaign attributed to the Chinese hacking group DaggerFly has been identified, targeting Linux systems through an advanced Secure Shell (SSH) backdoor known as ELF/Sshdinjector.A!tr. This malware, part of a broader attack framework, compromises Linux-based network appliances and Internet-of-Things (IoT) devices, enabling data exfiltration and prolonged persistence within compromised environments. Discovered in…
-
New trojan hijacks Linux and IoT devices
There’s a new trojan on the block, one that specifically targets network appliances and internet of things (IoT) devices running the open-source Linux operating system.FortiGuard Labs has identified a new malware kit, dubbed “ELF/Sshdinjector.A!tr”, that has the ability to infect and remotely control systems, establish root privilege, maintain malware presence, exfiltrate data such as user…
-
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign Unveiled
A newly uncovered cyber espionage campaign orchestrated by North Korea’s Lazarus Group has been exposed in SecurityScorecard’s latest First seen on securityonline.info Jump to article: securityonline.info/operation-phantom-circuit-north-koreas-global-data-exfiltration-campaign-unveiled/
-
Russian SmokeLoader Campaign in Ukraine Uses 7-Zip Zero-Day
Tags: credentials, cybercrime, espionage, government, hacker, open-source, russia, ukraine, vulnerability, zero-dayEspionage and Cybercrime Campaign Tied to 7-Zip Mark-of-the-Web Bypass Hits. Russian hackers targeting Ukrainian government agencies and businesses – including a major automotive manufacturer – have been targeting a zero-day vulnerability in the open source and widely used 7-Zip archive utility, to infect systems with credential-stealing SmokeLoader malware. First seen on govinfosecurity.com Jump to article:…
-
Russian cyber research companies post alerts about infostealer, industrial threats
Moscow-based cybersecurity company BI.ZONE posted an analysis of the Nova infostealer as other Russian firms warned about cyber-espionage and threats against industrial facilities. First seen on therecord.media Jump to article: therecord.media/russia-cybersecurity-research-bizone-nova-infostealer
-
Lazarus Group Exploits Trusted Apps for Data Theft via Dropbox
Tags: crypto, cyber, data, espionage, exploit, group, infrastructure, korea, lazarus, north-korea, programming, software, technology, theft, toolIn an alarming development, North Korea’s infamous Lazarus Group has been linked to a global cyber espionage campaign, code-named Operation Phantom Circuit. Beginning in September 2024, this operation exploited trusted software development tools to infiltrate systems worldwide, targeting cryptocurrency and technology developers. The campaign’s advanced obfuscation techniques and infrastructure demonstrate a significant evolution in the…
-
Russian APT28 Hackers Exploit Zero-Day Vulnerabilities to Target Government and Security Sectors
Tags: cyber, cybersecurity, espionage, exploit, government, group, hacker, intelligence, military, russia, strategy, tool, ukraine, vulnerability, zero-dayA detailed analysis from Maverits, a leading cybersecurity firm, reveals a significant evolution in the strategies and objectives of APT28, a cyber-espionage group linked to Russia’s GRU military intelligence unit. Covering activities from 2022 to 2024, the report highlights APT28’s integration of advanced tools, evolving methodologies, and intensified campaigns against Ukraine and its allies. Operating…
-
How Lazarus Group built a cyber espionage empire
Since September 2024, SecurityScorecard’s STRIKE team has been investigating Lazarus Group’s activity, uncovering key details about their infrastructure. Despite … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/29/lazarus-group-cyber-espionage-supply-chain-attack/
-
Google Researchers Breakdowns Scatterbrain Behind PoisonPlug Malware
Google’s Threat Intelligence Group (GTIG) in collaboration with Mandiant has revealed critical insights into ScatterBrain, a sophisticated obfuscation tool utilized by China-nexus cyber espionage groups, specifically APT41, to deploy the advanced backdoor family POISONPLUG.SHADOW. This analysis underscores the significant evolution of obfuscation techniques from earlier counterparts like ScatterBee, making ScatterBrain a primary contributor to the…
-
Silent Lynx APT Group: A New Espionage Threat Targeting Central Asia
Seqrite Labs APT-Team has uncovered two sophisticated campaigns orchestrated by a newly identified threat group, Silent Lynx. This First seen on securityonline.info Jump to article: securityonline.info/silent-lynx-apt-group-a-new-espionage-threat-targeting-central-asia/
-
GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities
A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities.The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon.…
-
GamaCopy: A New Cyber Espionage Group Imitating Gamaredon to Target Russia
A recent report from the Knownsec 404 Advanced Threat Intelligence team reveals the emergence of GamaCopy, a cyber First seen on securityonline.info Jump to article: securityonline.info/gamacopy-a-new-cyber-espionage-group-imitating-gamaredon-to-target-russia/
-
Operation (Giỗ Tổ Hùng Vương) Hurricane: New OceanLotus Group Revealed in Espionage Campaigns
A recent report from Qianxin details the sophisticated cyber-espionage tactics employed by the New OceanLotus group. Active intermittently First seen on securityonline.info Jump to article: securityonline.info/operation-gio-to-hung-vuong-hurricane-new-oceanlotus-group-revealed-in-espionage-campaigns/
-
PlushDaemon APT Targeted South Korean VPN Software
PlushDaemon APT hacked South Korean VPN software with SlowStepper backdoor as part of a 2023 espionage campaign First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/plushdaemon-apt-targeted-south/