Tag: middle-east
-
Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft’s July Patch
Tags: breach, china, country, exploit, flaw, government, microsoft, middle-east, technology, threat, update, usa, vulnerabilityThreat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025.Also targeted were government departments in an African country, as well as government agencies in South America, a university in the U.S., as…
-
China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors
China-linked APT Phantom Taurus targets government and telecom orgs with Net-Star malware for espionage, using unique tactics over two years. China-nexus APT Phantom Taurus has targeted government and telecom organizations for espionage, using Net-Star malware and distinct TTPs. Phantom Taurus is a previously undocumented Chinese APT, it has targeted entities in Africa, the Middle East,…
-
Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth Malware
Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously undocumented China-aligned nation-state actor dubbed Phantom Taurus over the past two-and-a-half years.”Phantom Taurus’ main focus areas include ministries of foreign affairs, embassies, geopolitical events, and military operations,” Palo Alto Networks Unit 42 First seen on thehackernews.com…
-
New Chinese Nexus APT Group Targeting Organizations to Deploy NET-STAR Malware Suite
China-linked advanced persistent threat (APT) group Phantom Taurus has intensified espionage operations against government and telecommunications targets across Africa, the Middle East, and Asia, deploying a newly discovered .NET malware suite called NET-STAR. First tracked by Unit 42 in June 2023 as cluster CL-STA-0043 and temporarily designated TGR-STA-0043 (Operation Diplomatic Specter) in May 2024, the…
-
EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations
Threat actors have been observed using seemingly legitimate artificial intelligence (AI) tools and software to sneakily slip malware for future attacks on organizations worldwide.According to Trend Micro, the campaign is using productivity or AI-enhanced tools to deliver malware targeting various regions, including Europe, the Americas, and the Asia, Middle East, and Africa (AMEA) region. First…
-
5 ways to improve cybersecurity function while spending less
Tags: advisory, ai, authentication, ceo, ciso, control, cyber, cybersecurity, firewall, governance, incident response, mfa, microsoft, middle-east, risk, scam, service, siem, skills, soc, technology, threat, tool, training, windows2. Focus on people and processes: “Teamwork and influential leadership are pivotal in Orange County. We work side-by-side as extensions across our departments. We can’t all do everything, and we don’t want to reinvent the wheel. We shoulder the burden together, revisit existing initiatives, and reduce that tech debt,” Cheramie explains. “That’s how you do…
-
New Charon ransomware targets Middle East public sector, aviation firms
The hacker group behind the campaign used methods similar to those of the China-linked group Earth Baxia, known for targeting government agencies in the Asia-Pacific region. First seen on therecord.media Jump to article: therecord.media/charon-ransomware-targeting-middle-east-aviation
-
Saviynt Accelerates Global Expansion in Europe, Asia Pacific, Japan, and the Middle East
Identity security leader Saviynt has announced a major global expansion, opening new offices in London and Singapore, launching dedicated customer operations in Europe, and preparing for a significantly larger presence in India. The moves come amid growing demand for its AI-powered Identity Cloud platform and follow a record-breaking 2024. The expanded footprint underscores Saviynt’s ambitions…
-
Hackers Exploit IIS Servers with New Web Shell Script for Full Remote Control
Tags: control, cyber, exploit, hacker, incident response, Internet, microsoft, middle-east, service, windowsSecurity researchers have examined a complex online shell script called UpdateChecker.aspx that was installed on compromised Internet Information Services (IIS) servers in response to a notable increase in cyberthreats directed at Microsoft Windows installations. This analysis stems from a follow-up investigation by FortiGuard’s Incident Response Team into a prolonged intrusion at a Middle East critical…
-
Keymous+ Hacker Group Claims Responsibility for Over 700 Global DDoS Attacks
A shadowy group known as Keymous+ has emerged as a formidable force in the cyber landscape, claiming responsibility for over 700 Distributed Denial of Service (DDoS) attacks in 2025 alone. Operating with a self-proclaimed identity as “North African hackers,” the group has targeted a wide array of entities across Europe, North Africa, the Middle East,…
-
Frequently Asked Questions About Iranian Cyber Operations
Tags: access, advisory, api, apt, attack, authentication, awareness, cisa, cloud, credentials, cve, cyber, cybersecurity, data, data-breach, defense, dos, exploit, finance, framework, government, group, Hardware, identity, infrastructure, injection, Internet, iran, ivanti, malware, mfa, microsoft, middle-east, military, mitre, monitoring, network, password, ransomware, rce, remote-code-execution, risk, service, software, supply-chain, tactics, technology, terrorism, threat, tool, update, vpn, vulnerability, windowsTenable’s Research Special Operations team focuses on some frequently asked questions about Iranian cyber operations, including the tactics, techniques and procedures employed by Iran-based threat actors. Background Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding Iranian cyber operations in the wake of the recent conflict and…
-
‘Cyber Fattah’ Hacktivist Group Leaks Saudi Games Data
As tensions in the Middle East rise, hacktivist groups are coming out of the woodwork with their own agendas, leading to notable shifts in the hacktivist threat landscape. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/cyber-fattah-hacktivist-leaks-saudi-games-data
-
Cyber lessons from the recent escalation of tensions in the Middle East
First seen on scworld.com Jump to article: www.scworld.com/perspective/cyber-lessons-from-the-recent-escalation-of-tensions-in-the-middle-east
-
US Warns of Iranian Cyber Threats as Tensions Rise Over Middle East Conflict
Pro-Iranian hacktivists targeted Trump’s Truth Social after U.S. airstrikes, underscoring the growing cyber threat as Middle East tensions escalate. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/iranian-cyberattacks-truth-social-airstrikes/
-
Middle East Cyberwar Escalates: GPS Spoofing, Fake Alerts, Crypto Hacks, IP Camera Spying Revealed
The post Middle East Cyberwar Escalates: GPS Spoofing, Fake Alerts, Crypto Hacks, IP Camera Spying Revealed appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/middle-east-cyberwar-escalates-gps-spoofing-fake-alerts-crypto-hacks-ip-camera-spying-revealed/
-
Successful Military Attacks are Driving Nation States to Cyber Options
Tags: attack, china, communications, computing, cyber, cyberattack, cybersecurity, data, defense, exploit, extortion, finance, fraud, government, healthcare, infrastructure, iran, korea, middle-east, military, north-korea, russia, service, tactics, technology, tool, ukraine, vulnerability, warfareWith daring military attacks, kinetic warfare is shifting the balance of power in regions across the globe, upending the perception of power projection. Powerful nations are reeling from the impacts of bold assaults and seeking additional methods to drive foreign policy”Š”, “Šcyber may look as an appealing asymmetric warfare capability that is worth doubling-down on.…
-
DHS Warns of Rise in Cyberattacks in Light of US-Iran Conflict
After President’s Trump decision to enter the US into the conflict in the Middle East, the Department of Homeland Security expects there to be an uptick in Iranian hacktivists and state-sponsored actors targeting US systems. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/dhs-cyberattacks-iran-conflict
-
Threat Casting a Nation State Attack on Critical Infrastructure Scenario at CognectCon2025
Tags: attack, conference, cyber, cyberattack, cybersecurity, data, disinformation, infrastructure, iran, malicious, middle-east, risk, threat, vulnerability, wormDuring exercises at CognectCon2025 a number of cyberattack scenarios were discussed that highlighted the risks of cyber attackers leveraging cognitive vulnerabilities to cause major impacts to nation critical infrastructures. This video is a short report-out on one such possible scenario, before we began discussing how to prevent, detect, and respond to such an event. In…
-
NSFOCUS APT Monthly Briefing April 2025
Regional APT Threat Situation Overview In April 2025, the global threat hunting system of Fuying Lab discovered a total of 20 APT attack activities. These activities are mainly distributed in East Asia, South Asia, Middle East and Eastern Europe, as shown in the following figure. In terms of group activity, the most active APT group…The…
-
CISA, Microsoft warn of Windows zero-day used in attack on ‘major’ Turkish defense org
Check Point attributed the attack to a group known as Stealth Falcon, a hacking group with longstanding ties to the UAE that has been implicated in dozens of spyware cases and hacking incidents involving governments across the Middle East and Africa. First seen on therecord.media Jump to article: therecord.media/microsoft-cisa-zero-day-turkish-defense-org
-
Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions
Cybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called Netbird to target Chief Financial Officers (CFOs) and financial executives at banks, energy companies, insurers, and investment firms across Europe, Africa, Canada, the Middle East, and South Asia. “In what appears to be a multi-stage phishing operation, the…
-
INE Security And RedTeam Hacker Academy Announce Partnership To Advance Cybersecurity Skills In The Middle East
INE Security, a global cybersecurity training and certification provider, today announced a strategic partnership with RedTeam Hacker Academy through the signing of a Memorandum of Understanding (MoU). This agreement significantly accelerates INE Security’s expansion strategy in the Middle East and Africa (MEA) region while enhancing cybersecurity training capabilities across the market. The agreement was formalized…
-
INE Security and RedTeam Hacker Academy Announce Partnership to Advance Cybersecurity Skills in the Middle East
Cary, North Carolina, 28th May 2025, CyberNewsWire First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/ine-security-and-redteam-hacker-academy-announce-partnership-to-advance-cybersecurity-skills-in-the-middle-east/
-
Operation Endgame 2.0: DanaBusted
Tags: access, attack, backup, banking, breach, business, cloud, communications, control, crypto, cybercrime, data, defense, detection, email, espionage, firewall, fraud, government, group, Hardware, infection, intelligence, international, law, malicious, malware, middle-east, network, programming, ransomware, russia, service, supply-chain, switch, threat, tool, ukraine, update, windowsIntroductionOn May 22, 2025, international law enforcement agencies released information about additional actions that were taken in conjunction with Operation Endgame, an ongoing, coordinated effort to dismantle and prosecute cybercriminal organizations, including those behind DanaBot. This action mirrors the original Operation Endgame, launched in May 2024, which disrupted SmokeLoader, IcedID, SystemBC, Pikabot, and Bumblebee. Zscaler…
-
Qatar National Bank Breach Explained: How the Attack Happened and What’s Next
Tags: attack, breach, credentials, cybersecurity, data, data-breach, finance, group, hacker, middle-eastIn a significant cybersecurity incident, Qatar National Bank (QNB), Trend Micro reports that one of the Middle East’s largest financial institutions, suffered a data breach attributed to the Turkish hacker group Bozkurt Hackers. The attackers leaked a 1.5-gigabyte file containing sensitive customer information, including bank credentials, payment card details, and personal data. The Breach Details…
-
APT Group 123 Targets Windows Systems in Ongoing Malicious Payload Campaign
Group123, a North Korean state-sponsored Advanced Persistent Threat (APT) group also known by aliases such as APT37, Reaper, and ScarCruft, continues to target Windows-based systems across multiple regions. Active since at least 2012, the group has historically focused on South Korea but has broadened its operations since 2017 to include Japan, Vietnam, the Middle East,…
-
‘Lemon Sandstorm’ Underscores Risks to Middle East Infrastructure
The Iranian state-backed group targeted the operational technology of a critical national infrastructure (CNI) network and persisted in its network for years, but ultimately failed. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/lemon-sandstorm-risks-middle-east-infrastructure
-
Iranian Hackers Breach Middle East Infrastructure
Tags: breach, credentials, cyberespionage, fortinet, group, hacker, infrastructure, iran, middle-east, network, technology, theft, threatFortinet Uncovers Long-Term Cyberespionage in Region. An Iranian state-sponsored threat group conducted a years-long cyberespionage campaign targeting a Middle East critical infrastructure provider, with its operational technology network a key target. The attackers focused reconnaissance activity and credential theft on the OT network. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/iranian-hackers-breach-middle-east-infrastructure-a-28284