APT

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor 2024-11-26 at 12:18 By Zeljka Zorz Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege vulnerability in Windows Task Scheduler, as zero-days earlier this year. “Chaining together two zero-day vulnerabilities armed […]

React to this headline:

Loading spinner

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor Read More »

Faraway Russian hackers breached US organization via Wi-Fi

Faraway Russian hackers breached US organization via Wi-Fi 2024-11-25 at 19:03 By Zeljka Zorz Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems of nearby firms, which they leveraged to authenticate to the target’s enterprise Wi-Fi network. The repeated attacks Volexity, a company

React to this headline:

Loading spinner

Faraway Russian hackers breached US organization via Wi-Fi Read More »

Researchers unearth two previously unknown Linux backdoors

Researchers unearth two previously unknown Linux backdoors 2024-11-21 at 12:12 By Help Net Security ESET researchers have identified multiple samples of two previously unknown Linux backdoors: WolfsBane and FireWood. The goal of the backdoors and tools discovered is cyberespionage that targets sensitive data such as system information, user credentials, and specific files and directories. These

React to this headline:

Loading spinner

Researchers unearth two previously unknown Linux backdoors Read More »

Sailing Into Danger: DONOT APT’s Attack on Maritime & Defense Manufacturing

Sailing Into Danger: DONOT APT’s Attack on Maritime & Defense Manufacturing 2024-11-15 at 12:49 By rohansinhacyblecom Key Takeaways Overview CRIL recently came across a campaign seemingly aimed at Pakistan’s manufacturing industry, which supports the country’s maritime and defense sectors. After analyzing the files involved in the campaign, it was determined that the attack was linked

React to this headline:

Loading spinner

Sailing Into Danger: DONOT APT’s Attack on Maritime & Defense Manufacturing Read More »

FBI confirms China-linked cyber espionage involving breached telecom providers

FBI confirms China-linked cyber espionage involving breached telecom providers 2024-11-14 at 14:16 By Zeljka Zorz After months of news reports that Chinese threat actors have breached the networks of US telecommunications and internet service providers, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have confirmed the success of the attacks, which were part

React to this headline:

Loading spinner

FBI confirms China-linked cyber espionage involving breached telecom providers Read More »

Aerospace employees targeted with malicious “dream job” offers

Aerospace employees targeted with malicious “dream job” offers 2024-11-13 at 12:49 By Zeljka Zorz It’s not just North Korean hackers who reach out to targets via LinkedIn: since at least September 2023, Iranian threat actor TA455 has been trying to compromise workers in the aerospace industry by impersonating job recruiters on the popular employment-focused social

React to this headline:

Loading spinner

Aerospace employees targeted with malicious “dream job” offers Read More »

North Korean hackers employ new tactics to compromise crypto-related businesses

North Korean hackers employ new tactics to compromise crypto-related businesses 2024-11-07 at 13:49 By Zeljka Zorz North Korean hackers are targeting crypto-related businesses with phishing emails and novel macOS-specific malware. The crypto-related phishing campaign Since July 2024, phishing emails seemingly containing helpful information on risks related to the rise of the price of Bitcoin have

React to this headline:

Loading spinner

North Korean hackers employ new tactics to compromise crypto-related businesses Read More »

Russian hackers deliver malicious RDP configuration files to thousands

Russian hackers deliver malicious RDP configuration files to thousands 2024-10-30 at 12:49 By Zeljka Zorz Midnight Blizzard – a cyber espionage group that has been linked to the Russian Foreign Intelligence Service (SVR) – is targeting government, academia, defense, and NGO workers with phishing emails containing a signed Remote Desktop Protocol (RDP) configuration file. “Based

React to this headline:

Loading spinner

Russian hackers deliver malicious RDP configuration files to thousands Read More »

GoldenJackal APT group breaches air-gapped systems in Europe

GoldenJackal APT group breaches air-gapped systems in Europe 2024-10-09 at 07:01 By Help Net Security ESET researchers have discovered a series of attacks that took place in Europe from May 2022 to March 2024, where the attackers used a toolset capable of targeting air-gapped systems, in a governmental organization of a European Union country. Cyberespionage

React to this headline:

Loading spinner

GoldenJackal APT group breaches air-gapped systems in Europe Read More »

100+ domains seized to stymie Russian Star Blizzard hackers

100+ domains seized to stymie Russian Star Blizzard hackers 2024-10-04 at 14:18 By Zeljka Zorz Microsoft and the US Justice Department have seized over 100 domains used by Star Blizzard, a Russian nation-state threat actor. “Between January 2023 and August 2024, Microsoft observed Star Blizzard target over 30 civil society organizations – journalists, think tanks,

React to this headline:

Loading spinner

100+ domains seized to stymie Russian Star Blizzard hackers Read More »

Private US companies targeted by Stonefly APT

Private US companies targeted by Stonefly APT 2024-10-03 at 14:01 By Zeljka Zorz Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat analysts warned. About Stonefly Also known as Andariel and OnyxFleet, Stonefly has been linked to

React to this headline:

Loading spinner

Private US companies targeted by Stonefly APT Read More »

Nexe Backdoor Unleashed: Patchwork APT Group’s Sophisticated Evasion of Defenses

Nexe Backdoor Unleashed: Patchwork APT Group’s Sophisticated Evasion of Defenses 2024-09-26 at 20:16 By rohansinhacyblecom Key takeaways Overview Patchwork, also known as Dropping Elephant, is a highly active advanced persistent threat (APT) group that has been engaged in cyber espionage operations since 2009. Believed to be based in India, this group primarily targets high-profile organizations

React to this headline:

Loading spinner

Nexe Backdoor Unleashed: Patchwork APT Group’s Sophisticated Evasion of Defenses Read More »

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) 2024-09-16 at 15:46 By Zeljka Zorz CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior to July 2024,”

React to this headline:

Loading spinner

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) Read More »

How human-led threat hunting complements automation in detecting cyber threats

How human-led threat hunting complements automation in detecting cyber threats 2024-09-10 at 07:01 By Mirko Zorz In this Help Net Security interview, Shane Cox, Director, Cyber Fusion Center at MorganFranklin Consulting, discusses the evolving methodologies and strategies in threat hunting and explains how human-led approaches complement each other to form a robust defense. Cox also

React to this headline:

Loading spinner

How human-led threat hunting complements automation in detecting cyber threats Read More »

Spear-Phishing in the Battlefield: Gamaredon’s Ongoing Assault on Ukraine’s Military

Spear-Phishing in the Battlefield: Gamaredon’s Ongoing Assault on Ukraine’s Military 2024-09-06 at 11:46 By rohansinhacyblecom Key Takeaways Executive Summary As the Russia-Ukraine conflict continues to evolve, we remain vigilant in monitoring emerging threats. Previously, we tracked the activities of UNC1151, which targeted Ukraine’s Ministry of Defence with a malicious Excel document designed to compromise sensitive

React to this headline:

Loading spinner

Spear-Phishing in the Battlefield: Gamaredon’s Ongoing Assault on Ukraine’s Military Read More »

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites 2024-08-29 at 16:16 By Zeljka Zorz Suspected Russian hackers have been hitting iPhone and Android users visiting government websites with exploits first leveraged by commercial surveillance vendors, Google TAG researchers shared. The watering hole campaigns Between November 2023 and July 2024, threat actors have repeatedly

React to this headline:

Loading spinner

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites Read More »

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) 2024-08-28 at 12:02 By Help Net Security ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespionage group, was exploiting it to target East Asian countries. When examining the root cause, ESET discovered another way to

React to this headline:

Loading spinner

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) Read More »

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) 2024-08-27 at 19:01 By Zeljka Zorz Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentials enabling the attackers to access the providers’ downstream

React to this headline:

Loading spinner

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) Read More »

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) 2024-08-20 at 16:01 By Zeljka Zorz CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers have revealed. About CVE-2024-38193 CVE-2024-38193 is a use-after-free

React to this headline:

Loading spinner

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) Read More »

Cryptocurrency Lures and Pupy RAT: Analysing the UTG-Q-010 Campaign 

Cryptocurrency Lures and Pupy RAT: Analysing the UTG-Q-010 Campaign  2024-08-14 at 13:16 By Cyble Key Takeaways  Executive Summary  In May 2024, QiAnXin Threat Intelligence Centre identified a campaign from a financially motivated advanced persistent threat (APT) group from East Asia, which they named UTG-Q-010. According to the researchers, UTG-Q-010’s activities date back to late 2022, and

React to this headline:

Loading spinner

Cryptocurrency Lures and Pupy RAT: Analysing the UTG-Q-010 Campaign  Read More »

Scroll to Top