APT

Sandworm hackers incapacitated Ukrainian power grid amid missile strike

Sandworm hackers incapacitated Ukrainian power grid amid missile strike 09/11/2023 at 19:17 By Helga Labus Russia-backed ATP group Sandworm is behind the cyberattack that caused disruption of parts of the Ukrainian power grid in late 2022, according to Mandiant. About Sandworm “Sandworm is a threat actor that has carried out cyber operations in support of […]

Sandworm hackers incapacitated Ukrainian power grid amid missile strike Read More »

DoNot APT expands its arsenal to spy on victim’s VoIP calls

DoNot APT expands its arsenal to spy on victim’s VoIP calls 01/11/2023 at 17:17 By cybleinc Cyble analyzes the latest version of Android malware used by the DoNot APT group in their espionage campaign. The post DoNot APT expands its arsenal to spy on victim’s VoIP calls appeared first on Cyble. This article is an

DoNot APT expands its arsenal to spy on victim’s VoIP calls Read More »

Higaisa APT Resurfaces via Phishing Website targeting Chinese Users

Higaisa APT Resurfaces via Phishing Website targeting Chinese Users 26/10/2023 at 13:46 By cybleinc CRIL analyzes Higaisa APT targeting Chinese users through phishing websites to deliver a Rust-based Shellcode Loader. The post Higaisa APT Resurfaces via Phishing Website targeting Chinese Users appeared first on Cyble. This article is an excerpt from Cyble View Original Source

Higaisa APT Resurfaces via Phishing Website targeting Chinese Users Read More »

‘YoroTrooper’ Espionage Group Linked to Kazakhstan

‘YoroTrooper’ Espionage Group Linked to Kazakhstan 25/10/2023 at 23:46 By Ionut Arghire Cisco links the espionage-focused ‘YoroTrooper’ threat actor to Kazakhstan. The post ‘YoroTrooper’ Espionage Group Linked to Kazakhstan appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

‘YoroTrooper’ Espionage Group Linked to Kazakhstan Read More »

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631)

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) 25/10/2023 at 14:46 By Zeljka Zorz The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers. “Exploitation of the XSS vulnerability can

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) Read More »

Bracing for AI-enabled ransomware and cyber extortion attacks

Bracing for AI-enabled ransomware and cyber extortion attacks 24/10/2023 at 07:37 By Help Net Security AI has been the shiniest thing in tech since at least November 2022, when ChatGPT was made available to the masses and unveiled the transformative potential of large language models for all the world to see. As businesses scramble to

Bracing for AI-enabled ransomware and cyber extortion attacks Read More »

North Korean hackers are targeting software developers and impersonating IT workers

North Korean hackers are targeting software developers and impersonating IT workers 20/10/2023 at 13:52 By Helga Labus State-sponsored North Korean hackers have significantly intensified their focus on the IT sector in recent years, by infiltrating firms developing software and companies lookind for IT workers. North Korean hackers targeting developers Microsoft has outlined on Wednesday how

North Korean hackers are targeting software developers and impersonating IT workers Read More »

Aptos resumes operation after 5-hour outage that ‘impacted’ transactions

Aptos resumes operation after 5-hour outage that ‘impacted’ transactions 19/10/2023 at 09:01 By Cointelegraph By Martin Young Aptos suffered a five-hour outage, coincidentally in the same week that the network launched this time last year. This article is an excerpt from Cointelegraph.com News View Original Source

Aptos resumes operation after 5-hour outage that ‘impacted’ transactions Read More »

State-sponsored APTs are leveraging WinRAR bug

State-sponsored APTs are leveraging WinRAR bug 18/10/2023 at 18:21 By Zeljka Zorz A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows. CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE vulnerability (CVE-2023-40477). Exploited as a zero-day by cybercriminals

State-sponsored APTs are leveraging WinRAR bug Read More »

Threat Actor deploys Mythic’s Athena Agent to target Russian Semiconductor Suppliers

Threat Actor deploys Mythic’s Athena Agent to target Russian Semiconductor Suppliers 10/10/2023 at 17:03 By cybleinc CRIL analyzes Mythic’s Athena Agent targeting Russian Semiconductor suppliers via spear-phishing emails. The post Threat Actor deploys Mythic’s Athena Agent to target Russian Semiconductor Suppliers appeared first on Cyble. This article is an excerpt from Cyble View Original Source

Threat Actor deploys Mythic’s Athena Agent to target Russian Semiconductor Suppliers Read More »

Lazarus impersonated Meta recruiter to breach Spanish aerospace firm

Lazarus impersonated Meta recruiter to breach Spanish aerospace firm 02/10/2023 at 11:48 By Help Net Security Operators of the North Korea-linked Lazarus APT obtained initial access to the network of an aerospace company in Spain last year after a successful spearphishing campaign, by masquerading as a recruiter for Meta — the company behind Facebook, Instagram,

Lazarus impersonated Meta recruiter to breach Spanish aerospace firm Read More »

Crypto exchange Upbit stems fake APT token flood, resumes services

Crypto exchange Upbit stems fake APT token flood, resumes services 25/09/2023 at 06:03 By Cointelegraph By Brayden Lindrea The newly created fake APT token called “ClaimAPTGift.com” made its way to 400,000 Aptos wallets, and users found they were able to deposit and sell it on the exchange. This article is an excerpt from Cointelegraph.com News

Crypto exchange Upbit stems fake APT token flood, resumes services Read More »

New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware

New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware 21/09/2023 at 23:32 By Ryan Naraine New and mysterious APT Sandman spotted targeting telcos in Europe and Asia as part of a cyberespionage campaign. The post New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware appeared first on SecurityWeek. This article is an excerpt

New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware Read More »

How Next-Gen Threats Are Taking a Page From APTs

How Next-Gen Threats Are Taking a Page From APTs 13/09/2023 at 18:49 By Derek Manky Cybercriminals are increasingly trying to find ways to get around security, detection, intelligence and controls as APTs start to merge with conventional cybercrime. The post How Next-Gen Threats Are Taking a Page From APTs appeared first on SecurityWeek. This article

How Next-Gen Threats Are Taking a Page From APTs Read More »

Crash Dump Error: How a Chinese Espionage Group Exploited Microsoft’s Mistakes

Crash Dump Error: How a Chinese Espionage Group Exploited Microsoft’s Mistakes 07/09/2023 at 00:03 By Ryan Naraine Microsoft reveals how a crash dump from 2021 inadvertently exposed a key that Chinese cyberspies later leveraged to hack US government emails. The post Crash Dump Error: How a Chinese Espionage Group Exploited Microsoft’s Mistakes appeared first on

Crash Dump Error: How a Chinese Espionage Group Exploited Microsoft’s Mistakes Read More »

APTs use of lesser-known TTPs are no less of a headache

APTs use of lesser-known TTPs are no less of a headache 14/08/2023 at 08:32 By Help Net Security APT (advanced persistent threat) attacks were once considered to be primarily a problem for large corporations, but the number of these (often state-sponsored) attacks against small- and medium-sized businesses has increased significantly. Everyone is fair game, and

APTs use of lesser-known TTPs are no less of a headache Read More »

Russian APT phished government employees via Microsoft Teams

Russian APT phished government employees via Microsoft Teams 03/08/2023 at 15:17 By Zeljka Zorz An APT group linked to Russia’s Foreign Intelligence Service has hit employees of several dozen global organizations with phishing attacks via Microsoft Teams, says Microsoft. A social engineering attack to bypass MFA protection “To facilitate their attack, the actor uses Microsoft

Russian APT phished government employees via Microsoft Teams Read More »

Ivanti Zero-Day Exploited by APT Since at Least April in Norwegian Government Attack

Ivanti Zero-Day Exploited by APT Since at Least April in Norwegian Government Attack 02/08/2023 at 09:31 By Eduard Kovacs The recently patched Ivanti EPMM zero-day CVE-2023-35078 has been exploited to hack the Norwegian government since at least April 2023. The post Ivanti Zero-Day Exploited by APT Since at Least April in Norwegian Government Attack appeared

Ivanti Zero-Day Exploited by APT Since at Least April in Norwegian Government Attack Read More »

Iran-Run ISP ‘Cloudzy’ Caught Supporting Nation-State APTs, Cybercrime Hacking Groups

Iran-Run ISP ‘Cloudzy’ Caught Supporting Nation-State APTs, Cybercrime Hacking Groups 01/08/2023 at 20:15 By Ionut Arghire Researchers unmask an Iranian-run company providing command-and-control services to hacking groups, including state-sponsored APT actors. The post Iran-Run ISP ‘Cloudzy’ Caught Supporting Nation-State APTs, Cybercrime Hacking Groups appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

Iran-Run ISP ‘Cloudzy’ Caught Supporting Nation-State APTs, Cybercrime Hacking Groups Read More »

North Korean hackers targeted tech companies through JumpCloud and GitHub

North Korean hackers targeted tech companies through JumpCloud and GitHub 21/07/2023 at 16:03 By Helga Labus North Korean state-sponsored hackers have been linked to two recent cyberattack campaigns: one involving a spear-phishing attack on JumpCloud and the other targeting tech employees on GitHub through a social engineering campaign. The JumpCloud intrusion On June 27, JumpCloud

North Korean hackers targeted tech companies through JumpCloud and GitHub Read More »

Scroll to Top