APT

11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft

11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft 2025-03-18 at 16:02 By Eduard Kovacs ZDI has uncovered 1,000 malicious .lnk files used by state-sponsored and cybercrime threat actors to execute malicious commands. The post 11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft appeared first on SecurityWeek. This article is an excerpt […]

11 State-Sponsored APTs Exploiting LNK Files for Espionage, Data Theft Read More »

North Korean Hackers Distributed Android Spyware via Google Play

North Korean Hackers Distributed Android Spyware via Google Play 2025-03-13 at 15:01 By Eduard Kovacs The North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play. The post North Korean Hackers Distributed Android Spyware via Google Play appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

North Korean Hackers Distributed Android Spyware via Google Play Read More »

1,600 Victims Hit by South American APT’s Malware

1,600 Victims Hit by South American APT’s Malware 2025-03-11 at 14:08 By Ionut Arghire South American cyberespionage group Blind Eagle has infected over 1,600 organizations in Colombia in a recent campaign. The post 1,600 Victims Hit by South American APT’s Malware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

1,600 Victims Hit by South American APT’s Malware Read More »

China-based Silver Fox spoofs healthcare app to deliver malware

China-based Silver Fox spoofs healthcare app to deliver malware 2025-02-25 at 18:33 By Zeljka Zorz Silver Fox, a China-based threat actor that may or may not be backed by the Chinese government, has been delivering the ValleyRAT backdoor to unsuspecting users by disguising the malware as legitimate healthcare app (the Philips DICOM viewer), a Windows

China-based Silver Fox spoofs healthcare app to deliver malware Read More »

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) 2025-02-17 at 15:49 By Zeljka Zorz The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in December 2024 did so by leveraging not one, but two zero-days, according to Rapid7 researchers. It was initially reported that the attackers compromised the

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) Read More »

Sandworm APT’s initial access subgroup hits organizations accross the globe

Sandworm APT’s initial access subgroup hits organizations accross the globe 2025-02-13 at 15:34 By Zeljka Zorz A subgroup of Russia’s Sandworm APT has been working to achieve initial and persistent access to the IT networks of organizations working in economic sectors Russia is interested in. “In 2022, its primary focus was Ukraine, specifically targeting the

Sandworm APT’s initial access subgroup hits organizations accross the globe Read More »

Can AI Early Warning Systems Reboot the Threat Intel Industry?

Can AI Early Warning Systems Reboot the Threat Intel Industry? 2025-02-10 at 13:02 By Ryan Naraine News analysis: The big AI platforms are emerging as frontline early warning systems, detecting nation-state hackers at the outset of their campaigns. Can this help save the threat intel industry? The post Can AI Early Warning Systems Reboot the

Can AI Early Warning Systems Reboot the Threat Intel Industry? Read More »

China-aligned PlushDaemon APT compromises supply chain of Korean VPN

China-aligned PlushDaemon APT compromises supply chain of Korean VPN 2025-01-22 at 08:04 By Help Net Security ESET researchers have uncovered a supply chain attack targeting a South Korean VPN provider, carried out by PlushDaemon, a newly identified China-aligned APT group. In this cyberespionage campaign, the attackers compromised the legitimate installer, replacing it with a malicious

China-aligned PlushDaemon APT compromises supply chain of Korean VPN Read More »

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor 2024-11-26 at 12:18 By Zeljka Zorz Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege vulnerability in Windows Task Scheduler, as zero-days earlier this year. “Chaining together two zero-day vulnerabilities armed

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor Read More »

Faraway Russian hackers breached US organization via Wi-Fi

Faraway Russian hackers breached US organization via Wi-Fi 2024-11-25 at 19:03 By Zeljka Zorz Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems of nearby firms, which they leveraged to authenticate to the target’s enterprise Wi-Fi network. The repeated attacks Volexity, a company

Faraway Russian hackers breached US organization via Wi-Fi Read More »

Researchers unearth two previously unknown Linux backdoors

Researchers unearth two previously unknown Linux backdoors 2024-11-21 at 12:12 By Help Net Security ESET researchers have identified multiple samples of two previously unknown Linux backdoors: WolfsBane and FireWood. The goal of the backdoors and tools discovered is cyberespionage that targets sensitive data such as system information, user credentials, and specific files and directories. These

Researchers unearth two previously unknown Linux backdoors Read More »

Sailing Into Danger: DONOT APT’s Attack on Maritime & Defense Manufacturing

Sailing Into Danger: DONOT APT’s Attack on Maritime & Defense Manufacturing 2024-11-15 at 12:49 By rohansinhacyblecom Key Takeaways Overview CRIL recently came across a campaign seemingly aimed at Pakistan’s manufacturing industry, which supports the country’s maritime and defense sectors. After analyzing the files involved in the campaign, it was determined that the attack was linked

Sailing Into Danger: DONOT APT’s Attack on Maritime & Defense Manufacturing Read More »

FBI confirms China-linked cyber espionage involving breached telecom providers

FBI confirms China-linked cyber espionage involving breached telecom providers 2024-11-14 at 14:16 By Zeljka Zorz After months of news reports that Chinese threat actors have breached the networks of US telecommunications and internet service providers, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have confirmed the success of the attacks, which were part

FBI confirms China-linked cyber espionage involving breached telecom providers Read More »

Aerospace employees targeted with malicious “dream job” offers

Aerospace employees targeted with malicious “dream job” offers 2024-11-13 at 12:49 By Zeljka Zorz It’s not just North Korean hackers who reach out to targets via LinkedIn: since at least September 2023, Iranian threat actor TA455 has been trying to compromise workers in the aerospace industry by impersonating job recruiters on the popular employment-focused social

Aerospace employees targeted with malicious “dream job” offers Read More »

North Korean hackers employ new tactics to compromise crypto-related businesses

North Korean hackers employ new tactics to compromise crypto-related businesses 2024-11-07 at 13:49 By Zeljka Zorz North Korean hackers are targeting crypto-related businesses with phishing emails and novel macOS-specific malware. The crypto-related phishing campaign Since July 2024, phishing emails seemingly containing helpful information on risks related to the rise of the price of Bitcoin have

North Korean hackers employ new tactics to compromise crypto-related businesses Read More »

Russian hackers deliver malicious RDP configuration files to thousands

Russian hackers deliver malicious RDP configuration files to thousands 2024-10-30 at 12:49 By Zeljka Zorz Midnight Blizzard – a cyber espionage group that has been linked to the Russian Foreign Intelligence Service (SVR) – is targeting government, academia, defense, and NGO workers with phishing emails containing a signed Remote Desktop Protocol (RDP) configuration file. “Based

Russian hackers deliver malicious RDP configuration files to thousands Read More »

GoldenJackal APT group breaches air-gapped systems in Europe

GoldenJackal APT group breaches air-gapped systems in Europe 2024-10-09 at 07:01 By Help Net Security ESET researchers have discovered a series of attacks that took place in Europe from May 2022 to March 2024, where the attackers used a toolset capable of targeting air-gapped systems, in a governmental organization of a European Union country. Cyberespionage

GoldenJackal APT group breaches air-gapped systems in Europe Read More »

100+ domains seized to stymie Russian Star Blizzard hackers

100+ domains seized to stymie Russian Star Blizzard hackers 2024-10-04 at 14:18 By Zeljka Zorz Microsoft and the US Justice Department have seized over 100 domains used by Star Blizzard, a Russian nation-state threat actor. “Between January 2023 and August 2024, Microsoft observed Star Blizzard target over 30 civil society organizations – journalists, think tanks,

100+ domains seized to stymie Russian Star Blizzard hackers Read More »

Private US companies targeted by Stonefly APT

Private US companies targeted by Stonefly APT 2024-10-03 at 14:01 By Zeljka Zorz Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat analysts warned. About Stonefly Also known as Andariel and OnyxFleet, Stonefly has been linked to

Private US companies targeted by Stonefly APT Read More »

Scroll to Top