APT

Researchers unearth two previously unknown Linux backdoors

APT, backdoor, cybersecurity, Don't miss, ESET, Hot stuff, Linux, Malware, News, threat, VirusTotal /

Researchers unearth two previously unknown Linux backdoors 2024-11-21 at 12:12 By Help Net Security ESET researchers have identified multiple samples of two previously unknown Linux backdoors: WolfsBane and FireWood. The goal of the backdoors and tools discovered is cyberespionage that targets sensitive data such as system information, user credentials, and specific files and directories. These […]

React to this headline:

Loading spinner

Researchers unearth two previously unknown Linux backdoors Read More »

Sailing Into Danger: DONOT APT’s Attack on Maritime & Defense Manufacturing

APT, cyberattack /

Sailing Into Danger: DONOT APT’s Attack on Maritime & Defense Manufacturing 2024-11-15 at 12:49 By rohansinhacyblecom Key Takeaways Overview CRIL recently came across a campaign seemingly aimed at Pakistan’s manufacturing industry, which supports the country’s maritime and defense sectors. After analyzing the files involved in the campaign, it was determined that the attack was linked

React to this headline:

Loading spinner

Sailing Into Danger: DONOT APT’s Attack on Maritime & Defense Manufacturing Read More »

FBI confirms China-linked cyber espionage involving breached telecom providers

APT, China, CISA, cyber espionage, data breach, Don't miss, FBI, Hot stuff, News, telecommunications, USA /

FBI confirms China-linked cyber espionage involving breached telecom providers 2024-11-14 at 14:16 By Zeljka Zorz After months of news reports that Chinese threat actors have breached the networks of US telecommunications and internet service providers, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have confirmed the success of the attacks, which were part

React to this headline:

Loading spinner

FBI confirms China-linked cyber espionage involving breached telecom providers Read More »

Aerospace employees targeted with malicious “dream job” offers

aerospace, APT, backdoor, ClearSky Cyber Security, Don't miss, Hot stuff, Iran, LinkedIn, News, spear-phishing /

Aerospace employees targeted with malicious “dream job” offers 2024-11-13 at 12:49 By Zeljka Zorz It’s not just North Korean hackers who reach out to targets via LinkedIn: since at least September 2023, Iranian threat actor TA455 has been trying to compromise workers in the aerospace industry by impersonating job recruiters on the popular employment-focused social

React to this headline:

Loading spinner

Aerospace employees targeted with malicious “dream job” offers Read More »

North Korean hackers employ new tactics to compromise crypto-related businesses

APT, backdoor, Cryptocurrency, Don't miss, financial industry, Hot stuff, macOS, Malware, News, North Korea, phishing, SentinelOne /

North Korean hackers employ new tactics to compromise crypto-related businesses 2024-11-07 at 13:49 By Zeljka Zorz North Korean hackers are targeting crypto-related businesses with phishing emails and novel macOS-specific malware. The crypto-related phishing campaign Since July 2024, phishing emails seemingly containing helpful information on risks related to the rise of the price of Bitcoin have

React to this headline:

Loading spinner

North Korean hackers employ new tactics to compromise crypto-related businesses Read More »

Russian hackers deliver malicious RDP configuration files to thousands

Amazon, APT, Australia, cyber espionage, Don't miss, Europe, Government, Hot stuff, Japan, Microsoft, News, RDP, Russian Federation, spear-phishing, UK /

Russian hackers deliver malicious RDP configuration files to thousands 2024-10-30 at 12:49 By Zeljka Zorz Midnight Blizzard – a cyber espionage group that has been linked to the Russian Foreign Intelligence Service (SVR) – is targeting government, academia, defense, and NGO workers with phishing emails containing a signed Remote Desktop Protocol (RDP) configuration file. “Based

React to this headline:

Loading spinner

Russian hackers deliver malicious RDP configuration files to thousands Read More »

GoldenJackal APT group breaches air-gapped systems in Europe

APT, cyber espionage, cybercrime, cybersecurity, ESET, EU, News /

GoldenJackal APT group breaches air-gapped systems in Europe 2024-10-09 at 07:01 By Help Net Security ESET researchers have discovered a series of attacks that took place in Europe from May 2022 to March 2024, where the attackers used a toolset capable of targeting air-gapped systems, in a governmental organization of a European Union country. Cyberespionage

React to this headline:

Loading spinner

GoldenJackal APT group breaches air-gapped systems in Europe Read More »

100+ domains seized to stymie Russian Star Blizzard hackers

APT, Don't miss, Hot stuff, Justice Department, Microsoft, News, phishing /

100+ domains seized to stymie Russian Star Blizzard hackers 2024-10-04 at 14:18 By Zeljka Zorz Microsoft and the US Justice Department have seized over 100 domains used by Star Blizzard, a Russian nation-state threat actor. “Between January 2023 and August 2024, Microsoft observed Star Blizzard target over 30 civil society organizations – journalists, think tanks,

React to this headline:

Loading spinner

100+ domains seized to stymie Russian Star Blizzard hackers Read More »

Private US companies targeted by Stonefly APT

APT, Don't miss, enterprise, extortion, government-backed attacks, Hot stuff, Mandiant, News, North Korea, Symantec, USA /

Private US companies targeted by Stonefly APT 2024-10-03 at 14:01 By Zeljka Zorz Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat analysts warned. About Stonefly Also known as Andariel and OnyxFleet, Stonefly has been linked to

React to this headline:

Loading spinner

Private US companies targeted by Stonefly APT Read More »

Nexe Backdoor Unleashed: Patchwork APT Group’s Sophisticated Evasion of Defenses

APT, cybercrime /

Nexe Backdoor Unleashed: Patchwork APT Group’s Sophisticated Evasion of Defenses 2024-09-26 at 20:16 By rohansinhacyblecom Key takeaways Overview Patchwork, also known as Dropping Elephant, is a highly active advanced persistent threat (APT) group that has been engaged in cyber espionage operations since 2009. Believed to be based in India, this group primarily targets high-profile organizations

React to this headline:

Loading spinner

Nexe Backdoor Unleashed: Patchwork APT Group’s Sophisticated Evasion of Defenses Read More »

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)

0-day, APT, Check Point, CVE, Don't miss, Hot stuff, Microsoft, News, security update, Trend Micro, vulnerability, Windows /

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) 2024-09-16 at 15:46 By Zeljka Zorz CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior to July 2024,”

React to this headline:

Loading spinner

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) Read More »

How human-led threat hunting complements automation in detecting cyber threats

APT, Artificial Intelligence, automation, cybersecurity, Don't miss, Features, Hot stuff, MorganFranklin Consulting, News, threat hunting /

How human-led threat hunting complements automation in detecting cyber threats 2024-09-10 at 07:01 By Mirko Zorz In this Help Net Security interview, Shane Cox, Director, Cyber Fusion Center at MorganFranklin Consulting, discusses the evolving methodologies and strategies in threat hunting and explains how human-led approaches complement each other to form a robust defense. Cox also

React to this headline:

Loading spinner

How human-led threat hunting complements automation in detecting cyber threats Read More »

Spear-Phishing in the Battlefield: Gamaredon’s Ongoing Assault on Ukraine’s Military

APT, Cyberwarfare /

Spear-Phishing in the Battlefield: Gamaredon’s Ongoing Assault on Ukraine’s Military 2024-09-06 at 11:46 By rohansinhacyblecom Key Takeaways Executive Summary As the Russia-Ukraine conflict continues to evolve, we remain vigilant in monitoring emerging threats. Previously, we tracked the activities of UNC1151, which targeted Ukraine’s Ministry of Defence with a malicious Excel document designed to compromise sensitive

React to this headline:

Loading spinner

Spear-Phishing in the Battlefield: Gamaredon’s Ongoing Assault on Ukraine’s Military Read More »

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites

APT, Don't miss, exploit, Government, government-backed attacks, Hot stuff, Malware, News, Russian Federation /

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites 2024-08-29 at 16:16 By Zeljka Zorz Suspected Russian hackers have been hitting iPhone and Android users visiting government websites with exploits first leveraged by commercial surveillance vendors, Google TAG researchers shared. The watering hole campaigns Between November 2023 and July 2024, threat actors have repeatedly

React to this headline:

Loading spinner

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites Read More »

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)

APT, CVE, cybercrime, Don't miss, ESET, exploit, Hot stuff, News, Windows /

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) 2024-08-28 at 12:02 By Help Net Security ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespionage group, was exploiting it to target East Asian countries. When examining the root cause, ESET discovered another way to

React to this headline:

Loading spinner

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) Read More »

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)

0-day, APT, Don't miss, Hot stuff, ISP, Lumen, Malware, misconfiguration, MSP, News, USA, Versa Networks, web shell /

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) 2024-08-27 at 19:01 By Zeljka Zorz Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentials enabling the attackers to access the providers’ downstream

React to this headline:

Loading spinner

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) Read More »

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)

0-day, APT, Don't miss, drivers, Hot stuff, News, North Korea, rootkits, vulnerability /

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) 2024-08-20 at 16:01 By Zeljka Zorz CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers have revealed. About CVE-2024-38193 CVE-2024-38193 is a use-after-free

React to this headline:

Loading spinner

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) Read More »

Cryptocurrency Lures and Pupy RAT: Analysing the UTG-Q-010 Campaign 

APT /

Cryptocurrency Lures and Pupy RAT: Analysing the UTG-Q-010 Campaign  2024-08-14 at 13:16 By Cyble Key Takeaways  Executive Summary  In May 2024, QiAnXin Threat Intelligence Centre identified a campaign from a financially motivated advanced persistent threat (APT) group from East Asia, which they named UTG-Q-010. According to the researchers, UTG-Q-010’s activities date back to late 2022, and

React to this headline:

Loading spinner

Cryptocurrency Lures and Pupy RAT: Analysing the UTG-Q-010 Campaign  Read More »

Chinese hackers compromised an ISP to deliver malicious software updates

APT, cyber espionage, DNS, Don't miss, ESET, Hot stuff, ISP, Malware, News, supply chain compromise, Symantec, Volexity /

Chinese hackers compromised an ISP to deliver malicious software updates 2024-08-05 at 13:46 By Zeljka Zorz APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared. Malware delivery via automatic software updates StormBamboo (aka Evasive Panda, aka StormCloud), a Chinese-speaking threat

React to this headline:

Loading spinner

Chinese hackers compromised an ISP to deliver malicious software updates Read More »

Indian APT Targeting Mediterranean Ports and Maritime Facilities

APT, India, Malware & Threats, Maritime /

Indian APT Targeting Mediterranean Ports and Maritime Facilities 2024-07-30 at 17:01 By Ionut Arghire The SideWinder APT has been targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea in recent attacks. The post Indian APT Targeting Mediterranean Ports and Maritime Facilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Indian APT Targeting Mediterranean Ports and Maritime Facilities Read More »

Scroll to Top