APT

Chinese hackers compromised an ISP to deliver malicious software updates

Chinese hackers compromised an ISP to deliver malicious software updates 2024-08-05 at 13:46 By Zeljka Zorz APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared. Malware delivery via automatic software updates StormBamboo (aka Evasive Panda, aka StormCloud), a Chinese-speaking threat […]

React to this headline:

Loading spinner

Chinese hackers compromised an ISP to deliver malicious software updates Read More »

Indian APT Targeting Mediterranean Ports and Maritime Facilities

Indian APT Targeting Mediterranean Ports and Maritime Facilities 2024-07-30 at 17:01 By Ionut Arghire The SideWinder APT has been targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea in recent attacks. The post Indian APT Targeting Mediterranean Ports and Maritime Facilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Indian APT Targeting Mediterranean Ports and Maritime Facilities Read More »

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks 2024-07-16 at 16:46 By Zeljka Zorz The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to targets in North America, Europe, and Southeast Asia, threat hunters with Trend Micro’s

React to this headline:

Loading spinner

Void Banshee APT exploited “lingering Windows relic” in zero-day attacks Read More »

Chinese APT40 group swifly leverages public PoC exploits

Chinese APT40 group swifly leverages public PoC exploits 2024-07-09 at 14:46 By Zeljka Zorz Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept (PoC) exploits for vulnerabilities in widely used software, an advisory released by intelligence and cybersecurity agencies from eight countries warns. The group, which is also known as Kryptonite Panda

React to this headline:

Loading spinner

Chinese APT40 group swifly leverages public PoC exploits Read More »

TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack

TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack 2024-07-08 at 20:31 By Zeljka Zorz TeamViewer, the company developing the popular remote access/control software with the same name, has finished the investigation into the breach it detected in late June 2024, and has confirmed that it was limited to their internal corporate IT environment. “Neither our separated

React to this headline:

Loading spinner

TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack Read More »

Vietnamese Entities Targeted by China-Linked Mustang Panda in Cyber Espionage 

Vietnamese Entities Targeted by China-Linked Mustang Panda in Cyber Espionage  2024-06-10 at 15:16 By neetha871ad236bd Key Takeaways:  Overview    In April 2017, researchers at CrowdStrike Falcon Intelligence identified a previously unattributed TA group targeting a U.S.-based think tank with ties to China. Further investigation uncovered a broader campaign exhibiting distinctive tactics, techniques, and procedures (TTPs). This

React to this headline:

Loading spinner

Vietnamese Entities Targeted by China-Linked Mustang Panda in Cyber Espionage  Read More »

90% of threats are social engineering

90% of threats are social engineering 2024-06-06 at 06:32 By Help Net Security In this Help Net Security video, Jakub Kroustek, Malware Research Director at Gen, discusses the Avast Q1 2024 Threat Report. The report highlights significant trends and incidents in cybersecurity. Key findings include: Surge in social engineering attacks: Nearly 90% of threats blocked

React to this headline:

Loading spinner

90% of threats are social engineering Read More »

UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine’s Ministry of Defence

UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine’s Ministry of Defence 2024-06-04 at 15:31 By neetha871ad236bd Key Takeaways  Overview  Mandiant Threat Intelligence has uncovered a persistent information operation called “Ghostwriter/UNC1151,” which is part of a larger influence campaign supporting Russian security interests and promoting narratives critical of NATO. Active since at least March 2017, this

React to this headline:

Loading spinner

UNC1151 Strikes Again: Unveiling Their Tactics Against Ukraine’s Ministry of Defence Read More »

Tiny BackDoor Goes Undetected – Suspected Turla leveraging MSBuild to Evade detection 

Tiny BackDoor Goes Undetected – Suspected Turla leveraging MSBuild to Evade detection  2024-05-20 at 13:46 By neetha871ad236bd Key Takeaways  Overview  CRIL identified a campaign utilizing malicious .LNK files masquerading as a PDF document. Upon execution, the .LNK file loads and displays a human rights seminar invitation as a lure document, suggesting that the threat actor

React to this headline:

Loading spinner

Tiny BackDoor Goes Undetected – Suspected Turla leveraging MSBuild to Evade detection  Read More »

The Overlapping Cyber Strategies of Transparent Tribe and SideCopy Against India

The Overlapping Cyber Strategies of Transparent Tribe and SideCopy Against India 2024-05-14 at 19:46 By neetha871ad236bd Key Takeaways  Overview  During the first week of May, CRIL identified a malicious website created or utilized by the SideCopy APT group, as shown in the figure below. Figure 1 – SideCopy’s malicious website Upon investigation, it was found

React to this headline:

Loading spinner

The Overlapping Cyber Strategies of Transparent Tribe and SideCopy Against India Read More »

MITRE breach details reveal attackers’ successes and failures

MITRE breach details reveal attackers’ successes and failures 2024-05-08 at 14:16 By Zeljka Zorz MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect

React to this headline:

Loading spinner

MITRE breach details reveal attackers’ successes and failures Read More »

US Says North Korean Hackers Exploiting Weak DMARC Settings 

US Says North Korean Hackers Exploiting Weak DMARC Settings  2024-05-03 at 19:16 By Ionut Arghire The US government warns of a North Korean threat actor abusing weak email DMARC settings to hide spear-phishing attacks. The post US Says North Korean Hackers Exploiting Weak DMARC Settings  appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

US Says North Korean Hackers Exploiting Weak DMARC Settings  Read More »

Threat Actor profile: SideCopy 

Threat Actor profile: SideCopy  2024-04-29 at 16:01 By rohansinhacyblecom Since early 2019, Operation SideCopy has remained active, exclusively targeting Indian defense forces and armed forces personnel. The malware modules associated with this Threat Actor are continually evolving, with updated versions released following reconnaissance of victim data. Threat Actors behind Operation SideCopy closely monitor malware detections

React to this headline:

Loading spinner

Threat Actor profile: SideCopy  Read More »

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) 2024-04-23 at 17:01 By Zeljka Zorz For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028). Dubbed GooseEgg, the tool is a

React to this headline:

Loading spinner

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) Read More »

A “cascade” of errors let Chinese hackers into US government inboxes

A “cascade” of errors let Chinese hackers into US government inboxes 2024-04-03 at 16:46 By Zeljka Zorz Microsoft still doesn’t known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials. “The stolen 2016 MSA key in

React to this headline:

Loading spinner

A “cascade” of errors let Chinese hackers into US government inboxes Read More »

Zero-day exploitation surged in 2023, Google finds

Zero-day exploitation surged in 2023, Google finds 2024-03-28 at 17:17 By Zeljka Zorz 2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer more possibilities for attack. Another interesting conclusion from

React to this headline:

Loading spinner

Zero-day exploitation surged in 2023, Google finds Read More »

Cyberespionage Campaign Targets Government, Energy Entities in India

Cyberespionage Campaign Targets Government, Energy Entities in India 2024-03-28 at 17:17 By Ionut Arghire Threat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India. The post Cyberespionage Campaign Targets Government, Energy Entities in India appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Cyberespionage Campaign Targets Government, Energy Entities in India Read More »

Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon

Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon 2024-03-20 at 15:01 By Ionut Arghire Government agencies in the Five Eyes countries warn critical infrastructure entities of Chinese state-sponsored hacking group Volt Typhoon. The post Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Five Eyes Agencies Issue New Alert on Chinese APT Volt Typhoon Read More »

New Open Source Tool Hunts for APT Activity in the Cloud

New Open Source Tool Hunts for APT Activity in the Cloud 2024-03-11 at 12:47 By Ionut Arghire The CloudGrappler open source tool can detect the presence of known threat actors in cloud environments. The post New Open Source Tool Hunts for APT Activity in the Cloud appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

New Open Source Tool Hunts for APT Activity in the Cloud Read More »

Scroll to Top