APT

Spear-Phishing in the Battlefield: Gamaredon’s Ongoing Assault on Ukraine’s Military

APT, Cyberwarfare /

Spear-Phishing in the Battlefield: Gamaredon’s Ongoing Assault on Ukraine’s Military 2024-09-06 at 11:46 By rohansinhacyblecom Key Takeaways Executive Summary As the Russia-Ukraine conflict continues to evolve, we remain vigilant in monitoring emerging threats. Previously, we tracked the activities of UNC1151, which targeted Ukraine’s Ministry of Defence with a malicious Excel document designed to compromise sensitive […]

React to this headline:

Loading spinner

Spear-Phishing in the Battlefield: Gamaredon’s Ongoing Assault on Ukraine’s Military Read More »

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites

APT, Don't miss, exploit, Government, government-backed attacks, Hot stuff, Malware, News, Russian Federation /

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites 2024-08-29 at 16:16 By Zeljka Zorz Suspected Russian hackers have been hitting iPhone and Android users visiting government websites with exploits first leveraged by commercial surveillance vendors, Google TAG researchers shared. The watering hole campaigns Between November 2023 and July 2024, threat actors have repeatedly

React to this headline:

Loading spinner

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites Read More »

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)

APT, CVE, cybercrime, Don't miss, ESET, exploit, Hot stuff, News, Windows /

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) 2024-08-28 at 12:02 By Help Net Security ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespionage group, was exploiting it to target East Asian countries. When examining the root cause, ESET discovered another way to

React to this headline:

Loading spinner

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) Read More »

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)

0-day, APT, Don't miss, Hot stuff, ISP, Lumen, Malware, misconfiguration, MSP, News, USA, Versa Networks, web shell /

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) 2024-08-27 at 19:01 By Zeljka Zorz Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentials enabling the attackers to access the providers’ downstream

React to this headline:

Loading spinner

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) Read More »

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)

0-day, APT, Don't miss, drivers, Hot stuff, News, North Korea, rootkits, vulnerability /

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) 2024-08-20 at 16:01 By Zeljka Zorz CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers have revealed. About CVE-2024-38193 CVE-2024-38193 is a use-after-free

React to this headline:

Loading spinner

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) Read More »

Cryptocurrency Lures and Pupy RAT: Analysing the UTG-Q-010 Campaign 

APT /

Cryptocurrency Lures and Pupy RAT: Analysing the UTG-Q-010 Campaign  2024-08-14 at 13:16 By Cyble Key Takeaways  Executive Summary  In May 2024, QiAnXin Threat Intelligence Centre identified a campaign from a financially motivated advanced persistent threat (APT) group from East Asia, which they named UTG-Q-010. According to the researchers, UTG-Q-010’s activities date back to late 2022, and

React to this headline:

Loading spinner

Cryptocurrency Lures and Pupy RAT: Analysing the UTG-Q-010 Campaign  Read More »

Chinese hackers compromised an ISP to deliver malicious software updates

APT, cyber espionage, DNS, Don't miss, ESET, Hot stuff, ISP, Malware, News, supply chain compromise, Symantec, Volexity /

Chinese hackers compromised an ISP to deliver malicious software updates 2024-08-05 at 13:46 By Zeljka Zorz APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared. Malware delivery via automatic software updates StormBamboo (aka Evasive Panda, aka StormCloud), a Chinese-speaking threat

React to this headline:

Loading spinner

Chinese hackers compromised an ISP to deliver malicious software updates Read More »

Indian APT Targeting Mediterranean Ports and Maritime Facilities

APT, India, Malware & Threats, Maritime /

Indian APT Targeting Mediterranean Ports and Maritime Facilities 2024-07-30 at 17:01 By Ionut Arghire The SideWinder APT has been targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea in recent attacks. The post Indian APT Targeting Mediterranean Ports and Maritime Facilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Indian APT Targeting Mediterranean Ports and Maritime Facilities Read More »

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks

APT, Check Point, CVE, Don't miss, Hot stuff, Internet Explorer, News, spear-phishing, Trend Micro, Windows /

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks 2024-07-16 at 16:46 By Zeljka Zorz The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to targets in North America, Europe, and Southeast Asia, threat hunters with Trend Micro’s

React to this headline:

Loading spinner

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks Read More »

Chinese APT40 group swifly leverages public PoC exploits

APT, Australia, China, CISA, Don't miss, Hot stuff, News, PoC, web application, web shell /

Chinese APT40 group swifly leverages public PoC exploits 2024-07-09 at 14:46 By Zeljka Zorz Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept (PoC) exploits for vulnerabilities in widely used software, an advisory released by intelligence and cybersecurity agencies from eight countries warns. The group, which is also known as Kryptonite Panda

React to this headline:

Loading spinner

Chinese APT40 group swifly leverages public PoC exploits Read More »

TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack

APT, data breach, Don't miss, enterprise, Hot stuff, Microsoft, News, TeamViewer /

TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack 2024-07-08 at 20:31 By Zeljka Zorz TeamViewer, the company developing the popular remote access/control software with the same name, has finished the investigation into the breach it detected in late June 2024, and has confirmed that it was limited to their internal corporate IT environment. “Neither our separated

React to this headline:

Loading spinner

TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack Read More »

Vietnamese Entities Targeted by China-Linked Mustang Panda in Cyber Espionage 

APT /

Vietnamese Entities Targeted by China-Linked Mustang Panda in Cyber Espionage  2024-06-10 at 15:16 By neetha871ad236bd Key Takeaways:  Overview    In April 2017, researchers at CrowdStrike Falcon Intelligence identified a previously unattributed TA group targeting a U.S.-based think tank with ties to China. Further investigation uncovered a broader campaign exhibiting distinctive tactics, techniques, and procedures (TTPs). This

React to this headline:

Loading spinner

Vietnamese Entities Targeted by China-Linked Mustang Panda in Cyber Espionage  Read More »

90% of threats are social engineering

APT, Avast, cybersecurity, Don't miss, Gen, Hot stuff, Malware, phishing, Ransomware, scams, social engineering, threats, Video /

90% of threats are social engineering 2024-06-06 at 06:32 By Help Net Security In this Help Net Security video, Jakub Kroustek, Malware Research Director at Gen, discusses the Avast Q1 2024 Threat Report. The report highlights significant trends and incidents in cybersecurity. Key findings include: Surge in social engineering attacks: Nearly 90% of threats blocked

React to this headline:

Loading spinner

90% of threats are social engineering Read More »

UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine’s Ministry of Defence

APT, cyberespionage /

UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine’s Ministry of Defence 2024-06-04 at 15:31 By neetha871ad236bd Key Takeaways  Overview  Mandiant Threat Intelligence has uncovered a persistent information operation called “Ghostwriter/UNC1151,” which is part of a larger influence campaign supporting Russian security interests and promoting narratives critical of NATO. Active since at least March 2017, this

React to this headline:

Loading spinner

UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine’s Ministry of Defence Read More »

Tiny BackDoor Goes Undetected – Suspected Turla leveraging MSBuild to Evade detection 

APT /

Tiny BackDoor Goes Undetected – Suspected Turla leveraging MSBuild to Evade detection  2024-05-20 at 13:46 By neetha871ad236bd Key Takeaways  Overview  CRIL identified a campaign utilizing malicious .LNK files masquerading as a PDF document. Upon execution, the .LNK file loads and displays a human rights seminar invitation as a lure document, suggesting that the threat actor

React to this headline:

Loading spinner

Tiny BackDoor Goes Undetected – Suspected Turla leveraging MSBuild to Evade detection  Read More »

The Overlapping Cyber Strategies of Transparent Tribe and SideCopy Against India

APT /

The Overlapping Cyber Strategies of Transparent Tribe and SideCopy Against India 2024-05-14 at 19:46 By neetha871ad236bd Key Takeaways  Overview  During the first week of May, CRIL identified a malicious website created or utilized by the SideCopy APT group, as shown in the figure below. Figure 1 – SideCopy’s malicious website Upon investigation, it was found

React to this headline:

Loading spinner

The Overlapping Cyber Strategies of Transparent Tribe and SideCopy Against India Read More »

MITRE breach details reveal attackers’ successes and failures

APT, backdoor, data breach, Don't miss, government-backed attacks, Hot stuff, Ivanti, Mandiant, MITRE, News, reconnaissance, Volexity, web shell /

MITRE breach details reveal attackers’ successes and failures 2024-05-08 at 14:16 By Zeljka Zorz MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect

React to this headline:

Loading spinner

MITRE breach details reveal attackers’ successes and failures Read More »

US Says North Korean Hackers Exploiting Weak DMARC Settings 

APT, DMARC, email security, Featured, Kimsuky, Malware & Threats, Nation-State, North Korea /

US Says North Korean Hackers Exploiting Weak DMARC Settings  2024-05-03 at 19:16 By Ionut Arghire The US government warns of a North Korean threat actor abusing weak email DMARC settings to hide spear-phishing attacks. The post US Says North Korean Hackers Exploiting Weak DMARC Settings  appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

US Says North Korean Hackers Exploiting Weak DMARC Settings  Read More »

Threat Actor profile: SideCopy 

APT, Threat Actor /

Threat Actor profile: SideCopy  2024-04-29 at 16:01 By rohansinhacyblecom Since early 2019, Operation SideCopy has remained active, exclusively targeting Indian defense forces and armed forces personnel. The malware modules associated with this Threat Actor are continually evolving, with updated versions released following reconnaissance of victim data. Threat Actors behind Operation SideCopy closely monitor malware detections

React to this headline:

Loading spinner

Threat Actor profile: SideCopy  Read More »

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)

0-day, APT, CVE, cyber espionage, Don't miss, exploit, Hot stuff, Microsoft, News, Windows /

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) 2024-04-23 at 17:01 By Zeljka Zorz For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028). Dubbed GooseEgg, the tool is a

React to this headline:

Loading spinner

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) Read More »

Scroll to Top