government-backed attacks

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations

aerospace, cyber espionage, Don't miss, EclecticIQ, EU, financial industry, Government, government-backed attacks, healthcare, Hot stuff, Ivanti, manufacturing sector, News, telecommunications, USA, Wiz /

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations 2025-05-23 at 17:21 By Zeljka Zorz CVE-2025-4427 and CVE-2025-4428 – the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti last week – are being leveraged by a Chinese cyber espionage

React to this headline:

Loading spinner

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations Read More »

44% of the zero-days exploited in 2024 were in enterprise solutions

0-day, cyber espionage, Don't miss, enterprise, exploit, Google, government-backed attacks, Hot stuff, News, report, spyware, tips, trends /

44% of the zero-days exploited in 2024 were in enterprise solutions 2025-04-29 at 21:18 By Zeljka Zorz In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of attacks. Of these, 33 vulnerabilities (44%) affected enterprise solutions, which is up

React to this headline:

Loading spinner

44% of the zero-days exploited in 2024 were in enterprise solutions Read More »

CISA says Treasury was the only US agency breached via BeyondTrust

BeyondTrust, CISA, Don't miss, government-backed attacks, Hot stuff, News, USA /

CISA says Treasury was the only US agency breached via BeyondTrust 2025-01-07 at 14:18 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has shared on Monday that the Treasury Department was the only US federal agency affected by the recent cybersecurity incident involving compromised BeyondTrust Remote Support SaaS instances. On the same

React to this headline:

Loading spinner

CISA says Treasury was the only US agency breached via BeyondTrust Read More »

How widespread is mercenary spyware? More than you think

Don't miss, government-backed attacks, Hot stuff, iVerify, News, nso group, smartphone hacking, spyware /

How widespread is mercenary spyware? More than you think 2024-12-04 at 16:18 By Zeljka Zorz A targeted hunt on 2,500 mobile devices for indicators of compromise associated with mercenary spyware has revealed that its use is not as rare as one would hope. The results of the hunt Earlier this year, iVerify added a threat

React to this headline:

Loading spinner

How widespread is mercenary spyware? More than you think Read More »

Faraway Russian hackers breached US organization via Wi-Fi

APT, brute-force, credentials, Don't miss, enterprise, government-backed attacks, Hot stuff, MFA, News, Russian Federation, wireless /

Faraway Russian hackers breached US organization via Wi-Fi 2024-11-25 at 19:03 By Zeljka Zorz Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems of nearby firms, which they leveraged to authenticate to the target’s enterprise Wi-Fi network. The repeated attacks Volexity, a company

React to this headline:

Loading spinner

Faraway Russian hackers breached US organization via Wi-Fi Read More »

Private US companies targeted by Stonefly APT

APT, Don't miss, enterprise, extortion, government-backed attacks, Hot stuff, Mandiant, News, North Korea, Symantec, USA /

Private US companies targeted by Stonefly APT 2024-10-03 at 14:01 By Zeljka Zorz Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat analysts warned. About Stonefly Also known as Andariel and OnyxFleet, Stonefly has been linked to

React to this headline:

Loading spinner

Private US companies targeted by Stonefly APT Read More »

FBI forced Flax Typhoon to abandon its botnet

botnet, China, consumer, Don't miss, DVR, enterprise, FBI, government-backed attacks, Hot stuff, IoT, Justice Department, Lumen, NAS, News, router, security cameras, SMBs /

FBI forced Flax Typhoon to abandon its botnet 2024-09-19 at 14:16 By Zeljka Zorz A botnet operated by the Chinese state-sponsored threat actor known as Flax Typhoon has been disrupted by the law enforcement agency and abandoned by the group, FBI Director Chris Wray confirmed on Wednesday. “We executed court-authorized operations to take control of

React to this headline:

Loading spinner

FBI forced Flax Typhoon to abandon its botnet Read More »

North Korean hackers’ social engineering tricks

Cryptocurrency, Cryptocurrency Exchange, Don't miss, government-backed attacks, Hot stuff, News, North Korea, social engineering /

North Korean hackers’ social engineering tricks 2024-09-04 at 15:31 By Zeljka Zorz “North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months,” the FBI has warned through a public service announcement. This suggests that they are likely to target companies associated with

React to this headline:

Loading spinner

North Korean hackers’ social engineering tricks Read More »

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites

APT, Don't miss, exploit, Government, government-backed attacks, Hot stuff, Malware, News, Russian Federation /

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites 2024-08-29 at 16:16 By Zeljka Zorz Suspected Russian hackers have been hitting iPhone and Android users visiting government websites with exploits first leveraged by commercial surveillance vendors, Google TAG researchers shared. The watering hole campaigns Between November 2023 and July 2024, threat actors have repeatedly

React to this headline:

Loading spinner

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites Read More »

US offers $10 million for information on indicted WhisperGate malware suspect

Government, government-backed attacks, Justice Department, law enforcement, Malware, News, Russian Federation, Ukraine, USA /

US offers $10 million for information on indicted WhisperGate malware suspect 2024-06-27 at 10:36 By Help Net Security A federal grand jury in Maryland returned an indictment charging a Russian citizen with conspiracy to hack into and destroy computer systems and data. If convicted, he faces a maximum penalty of five years in prison. The

React to this headline:

Loading spinner

US offers $10 million for information on indicted WhisperGate malware suspect Read More »

20,000 FortiGate appliances compromised by Chinese hackers

attacks, China, Don't miss, enterprise, Fortinet, Government, government-backed attacks, hardware, Hot stuff, Malware, News, Remote Access Trojan /

20,000 FortiGate appliances compromised by Chinese hackers 2024-06-12 at 14:16 By Zeljka Zorz Coathanger – a piece of malware specifically built to persist on Fortinet’s FortiGate appliances – may still be lurking on too many devices deployed worldwide. How Coathanger persists on FortiGate devices In February 2024, the Dutch Military Intelligence and Security Service (MIVD)

React to this headline:

Loading spinner

20,000 FortiGate appliances compromised by Chinese hackers Read More »

MITRE breach details reveal attackers’ successes and failures

APT, backdoor, data breach, Don't miss, government-backed attacks, Hot stuff, Ivanti, Mandiant, MITRE, News, reconnaissance, Volexity, web shell /

MITRE breach details reveal attackers’ successes and failures 2024-05-08 at 14:16 By Zeljka Zorz MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect

React to this headline:

Loading spinner

MITRE breach details reveal attackers’ successes and failures Read More »

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

0-day, CISA, Cisco, Don't miss, firewall, government-backed attacks, Hot stuff, Lumen, Microsoft, NCSC, News, security update /

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) 2024-04-24 at 21:31 By Zeljka Zorz A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on them, Cisco Talos researchers have shared on Wednesday.

React to this headline:

Loading spinner

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) Read More »

A “cascade” of errors let Chinese hackers into US government inboxes

APT, CISA, cloud security, CSP, Don't miss, Government, government-backed attacks, Hot stuff, Microsoft, News, UK, USA /

A “cascade” of errors let Chinese hackers into US government inboxes 2024-04-03 at 16:46 By Zeljka Zorz Microsoft still doesn’t known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials. “The stolen 2016 MSA key in

React to this headline:

Loading spinner

A “cascade” of errors let Chinese hackers into US government inboxes Read More »

State-sponsored hackers know enterprise VPN appliances inside out

attacks, cyber espionage, Don't miss, enterprise, Fortinet, government-backed attacks, Hot stuff, Ivanti, Mandiant, News, threat, Threat Intelligence /

State-sponsored hackers know enterprise VPN appliances inside out 2024-02-28 at 14:19 By Zeljka Zorz Suspected Chinese state-sponsored hackers who have been leveraging Ivanti Connect Secure VPN flaws to breach a variety of organizations have demonstrated “a nuanced understanding of the appliance”, according to Mandiant incident responders and threat hunters. They were able to perform a

React to this headline:

Loading spinner

State-sponsored hackers know enterprise VPN appliances inside out Read More »

How are state-sponsored threat actors leveraging AI?

APT, Artificial Intelligence, Don't miss, generative AI, government-backed attacks, Hot stuff, LLMs, Microsoft, News, OpenAI, threats /

How are state-sponsored threat actors leveraging AI? 2024-02-14 at 18:31 By Helga Labus Microsoft and OpenAI have identified attempts by various state-affiliated threat actors to use large language models (LLMs) to enhance their cyber operations. Threat actors use LLMs for various tasks Just as defenders do, threat actors are leveraging AI (more specifically: LLMs) to

React to this headline:

Loading spinner

How are state-sponsored threat actors leveraging AI? Read More »

Scroll to Top