Tag: espionage
-
Sandworm APT Exploits Trojanized KMS Tools to Target Ukrainian Users in Cyber Espionage Campaign
The notorious Sandworm APT (APT44), a Russian-state-sponsored threat actor affiliated with the GRU (Russia’s Main Intelligence Directorate), has First seen on securityonline.info Jump to article: securityonline.info/sandworm-apt-exploits-trojanized-kms-tools-to-target-ukrainian-users-in-cyber-espionage-campaign/
-
The Rise of Typhoon Cyber Groups
Tags: access, attack, breach, communications, control, cyber, cyberattack, cybersecurity, data, defense, dns, endpoint, espionage, exploit, finance, government, group, infrastructure, intelligence, iot, military, monitoring, network, phone, resilience, supply-chain, tactics, threat, tool, vulnerability, zero-day -
Russian military hackers deploy malicious Windows activators in Ukraine
The Sandworm Russian military cyber-espionage group is targeting Windows users in Ukraine with trojanized Microsoft Key Management Service (KMS) activators and fake Windows updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-military-hackers-deploy-malicious-windows-activators-in-ukraine/
-
Researchers Found North Korean Hackers Advanced Tactics, techniques, and procedures
Recent research has highlighted the increasingly sophisticated tactics, techniques, and procedures (TTPs) employed by North Korean state-sponsored hackers. These cyber actors have demonstrated a strategic focus on espionage, financial theft, and disruption, targeting a broad range of sectors globally. Their operations align with the regime’s geopolitical objectives, including funding nuclear programs, gathering intelligence, and undermining…
-
HPE is notifying individuals affected by a December 2023 attack
Hewlett Packard Enterprise (HPE) has begun notifying individuals affected by a December 2023 attack carried out by Russia-linked threat actors. Hewlett Packard Enterprise has started notifying individuals whose personal information was exposed in a December 2023 cyber attack. In January 2024, Hewlett Packard Enterprise (HPE) revealed that alleged Russia-linked cyber espionage group Midnight Blizzard gained access to…
-
NanoCore RAT Attack Windows Using Task Scheduler to Captures keystrokes, screenshots
NanoCore, a notorious Remote Access Trojan (RAT), continues to pose a significant threat to Windows systems. This malware, known for its espionage capabilities and modular design, is being leveraged by cybercriminals to exfiltrate sensitive data, control infected systems, and maintain persistence using advanced techniques. A recent analysis of a NanoCore sample (MD5 hash: 18B476D37244CB0B435D7B06912E9193) sheds…
-
Lazarus Group Lures Victims with Fake LinkedIn Job Offers, Warns Bitdefender
Bitdefender Labs has uncovered an active cyber espionage campaign by the Lazarus Group, a North Korean state-sponsored threat First seen on securityonline.info Jump to article: securityonline.info/lazarus-group-lures-victims-with-fake-linkedin-job-offers-warns-bitdefender/
-
Kimsuky Group Leverages RDP Wrapper for Persistent Cyber Espionage
The notorious North Korean APT group Kimsuky has continued its cyber espionage operations, leveraging spear-phishing attacks and remote First seen on securityonline.info Jump to article: securityonline.info/kimsuky-group-leverages-rdp-wrapper-for-persistent-cyber-espionage/
-
US cranks up espionage charges against ex-Googler accused of trade secrets heist
Tags: espionageMountain View clocked onto the scheme with days to spare First seen on theregister.com Jump to article: www.theregister.com/2025/02/05/google_espionage_charges/
-
MacOS Ferret operators add a deceptive bite to their malware family
The macOS Ferret family, variants of malware used by North Korean APTs for cyber espionage, has received a new member as samples of a detection-resistant variant, Flexible-Ferret, appear in the wild.The discovery of the samples was made by SentinelOne researchers who noted the variant’s capability to evade the recent XProtect signature update that Apple pushed…
-
Chinese Hackers Attacking Linux Devices With New SSH Backdoor
A sophisticated cyber espionage campaign attributed to the Chinese hacking group DaggerFly has been identified, targeting Linux systems through an advanced Secure Shell (SSH) backdoor known as ELF/Sshdinjector.A!tr. This malware, part of a broader attack framework, compromises Linux-based network appliances and Internet-of-Things (IoT) devices, enabling data exfiltration and prolonged persistence within compromised environments. Discovered in…
-
New trojan hijacks Linux and IoT devices
There’s a new trojan on the block, one that specifically targets network appliances and internet of things (IoT) devices running the open-source Linux operating system.FortiGuard Labs has identified a new malware kit, dubbed “ELF/Sshdinjector.A!tr”, that has the ability to infect and remotely control systems, establish root privilege, maintain malware presence, exfiltrate data such as user…
-
Operation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign Unveiled
A newly uncovered cyber espionage campaign orchestrated by North Korea’s Lazarus Group has been exposed in SecurityScorecard’s latest First seen on securityonline.info Jump to article: securityonline.info/operation-phantom-circuit-north-koreas-global-data-exfiltration-campaign-unveiled/
-
Russian SmokeLoader Campaign in Ukraine Uses 7-Zip Zero-Day
Tags: credentials, cybercrime, espionage, government, hacker, open-source, russia, ukraine, vulnerability, zero-dayEspionage and Cybercrime Campaign Tied to 7-Zip Mark-of-the-Web Bypass Hits. Russian hackers targeting Ukrainian government agencies and businesses – including a major automotive manufacturer – have been targeting a zero-day vulnerability in the open source and widely used 7-Zip archive utility, to infect systems with credential-stealing SmokeLoader malware. First seen on govinfosecurity.com Jump to article:…
-
Russian cyber research companies post alerts about infostealer, industrial threats
Moscow-based cybersecurity company BI.ZONE posted an analysis of the Nova infostealer as other Russian firms warned about cyber-espionage and threats against industrial facilities. First seen on therecord.media Jump to article: therecord.media/russia-cybersecurity-research-bizone-nova-infostealer
-
Lazarus Group Exploits Trusted Apps for Data Theft via Dropbox
Tags: crypto, cyber, data, espionage, exploit, group, infrastructure, korea, lazarus, north-korea, programming, software, technology, theft, toolIn an alarming development, North Korea’s infamous Lazarus Group has been linked to a global cyber espionage campaign, code-named Operation Phantom Circuit. Beginning in September 2024, this operation exploited trusted software development tools to infiltrate systems worldwide, targeting cryptocurrency and technology developers. The campaign’s advanced obfuscation techniques and infrastructure demonstrate a significant evolution in the…
-
Russian APT28 Hackers Exploit Zero-Day Vulnerabilities to Target Government and Security Sectors
Tags: cyber, cybersecurity, espionage, exploit, government, group, hacker, intelligence, military, russia, strategy, tool, ukraine, vulnerability, zero-dayA detailed analysis from Maverits, a leading cybersecurity firm, reveals a significant evolution in the strategies and objectives of APT28, a cyber-espionage group linked to Russia’s GRU military intelligence unit. Covering activities from 2022 to 2024, the report highlights APT28’s integration of advanced tools, evolving methodologies, and intensified campaigns against Ukraine and its allies. Operating…
-
How Lazarus Group built a cyber espionage empire
Since September 2024, SecurityScorecard’s STRIKE team has been investigating Lazarus Group’s activity, uncovering key details about their infrastructure. Despite … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/29/lazarus-group-cyber-espionage-supply-chain-attack/
-
Google Researchers Breakdowns Scatterbrain Behind PoisonPlug Malware
Google’s Threat Intelligence Group (GTIG) in collaboration with Mandiant has revealed critical insights into ScatterBrain, a sophisticated obfuscation tool utilized by China-nexus cyber espionage groups, specifically APT41, to deploy the advanced backdoor family POISONPLUG.SHADOW. This analysis underscores the significant evolution of obfuscation techniques from earlier counterparts like ScatterBee, making ScatterBrain a primary contributor to the…
-
Silent Lynx APT Group: A New Espionage Threat Targeting Central Asia
Seqrite Labs APT-Team has uncovered two sophisticated campaigns orchestrated by a newly identified threat group, Silent Lynx. This First seen on securityonline.info Jump to article: securityonline.info/silent-lynx-apt-group-a-new-espionage-threat-targeting-central-asia/
-
GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities
A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities.The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon.…
-
GamaCopy: A New Cyber Espionage Group Imitating Gamaredon to Target Russia
A recent report from the Knownsec 404 Advanced Threat Intelligence team reveals the emergence of GamaCopy, a cyber First seen on securityonline.info Jump to article: securityonline.info/gamacopy-a-new-cyber-espionage-group-imitating-gamaredon-to-target-russia/
-
Operation (Giỗ Tổ Hùng Vương) Hurricane: New OceanLotus Group Revealed in Espionage Campaigns
A recent report from Qianxin details the sophisticated cyber-espionage tactics employed by the New OceanLotus group. Active intermittently First seen on securityonline.info Jump to article: securityonline.info/operation-gio-to-hung-vuong-hurricane-new-oceanlotus-group-revealed-in-espionage-campaigns/
-
PlushDaemon APT Targeted South Korean VPN Software
PlushDaemon APT hacked South Korean VPN software with SlowStepper backdoor as part of a 2023 espionage campaign First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/plushdaemon-apt-targeted-south/
-
US Sanctions Chinese Hackers for Cyber Espionage Campaign
The U.S. Department of State has announced sanctions against two Chinese entities, Yin Kecheng and Sichuan Juxinhe Network First seen on securityonline.info Jump to article: securityonline.info/us-sanctions-chinese-hackers-for-cyber-espionage-campaign/
-
Silver Fox APT Targets Organizations with PNGPlug and ValleyRAT Malware
A sophisticated cyber-espionage campaign targeting organizations across China, Hong Kong, and Taiwan has been uncovered by Intezer’s research First seen on securityonline.info Jump to article: securityonline.info/silver-fox-apt-targets-organizations-with-pngplug-and-valleyrat-malware/
-
Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware
Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin’s efforts to gather economic and political intelligence in Central Asia.The campaign has been assessed to be the work of an intrusion set dubbed UAC-0063, which likely shares overlap with APT28, a nation-state group affiliated with Russia’s…
-
US Names One of the Hackers Allegedly Behind Massive Salt Typhoon Breaches
Plus: New details emerge about China’s cyber espionage against the US, the FBI remotely uninstalls malware on 4,200 US devices, and victims of the PowerSchool edtech breach reveal what hackers stole. First seen on wired.com Jump to article: www.wired.com/story/us-names-one-of-the-hackers-allegedly-behind-massive-salt-typhoon-breaches/
-
US hits back against China’s Salt Typhoon group
Tags: attack, backdoor, china, cisa, ciso, communications, computer, control, crypto, cve, cyber, cyberattack, cybersecurity, defense, detection, disinformation, espionage, exploit, finance, government, group, infosec, infrastructure, intelligence, ivanti, law, malicious, mandiant, microsoft, network, north-korea, office, tactics, technology, theft, threat, tool, vpn, vulnerabilityThe US is hitting back against the threat group, dubbed Salt Typhoon by Microsoft, which is allegedly behind recent cyber attacks against American telecommunications providers, as part of a wider campaign against Chinese-based hacking.On Friday the Department of the Treasury’s Office of Foreign Assets Control (OFAC) said it is sanctioning Sichuan Juxinhe Network Technology, a…
-
Russian espionage and financial theft campaigns have ramped up, Ukraine cyber agency says
Tags: cyber, cybersecurity, defense, espionage, finance, government, incident, incident response, russia, theft, ukraineOver the past year, Ukraine’s cyber incident response center identified and addressed 1,042 cybersecurity incidents impacting government, defense, and critical services.]]> First seen on therecord.media Jump to article: therecord.media/russian-espionage-financial-theft-campaign