APT List H 2021 2020 2019 2018 2017 2016
DATE | NAME | Info | CATEG. | WEB |
| 21.12.24 | Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware | The Lazarus Group, an infamous threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed leveraging a "complex infection | APT | |
| 18.12.24 | APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP | The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious | APT | |
30.10.24 | North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack | Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, | APT | |
29.10.24 | Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services | A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that | APT | |
27.10.24 | Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices | The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw | APT | |
27.10.24 | North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data | North Korean information technology (IT) workers who obtain employment under false identities in Western companies are not | ||
| 26.10.24 | Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant | The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies | APT | The Hacker News |
| 26.10.24 | SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack | An advanced persistent threat (APT) actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile | APT | The Hacker News |
| 26.10.24 | China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns | China's National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as Volt Typhoon is a fabrication of the U.S. and its allies. | APT | The Hacker News |
15.9.24 | Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration | A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero- | APT | The Hacker News |
15.9.24 | OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf | The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the | APT | The Hacker News |
27.9.24 | Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks | The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the | APT | The Hacker News |
26.9.24 | N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks | Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activity | APT | The Hacker News |
26.9.24 | From 12 to 21: how we discovered connections between the Twelve and BlackJack groups | An investigation of BlackJack’s software, TTPs, and motivations led Kaspersky experts to identify a possible connection with the Twelve group. | APT | Securelist |
26.9.24 | Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities | An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential | APT | The Hacker News |
26.9.24 | Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign | Nation-state threat actors backed by Beijing broke into a "handful" of U.S. internet service providers (ISPs) as part of a cyber espionage | APT | The Hacker News |
24.9.24 | US proposes ban on connected vehicle tech from China, Russia | Today, the Biden administration announced new proposed measures to defend the United States' national security from potential threats linked to connected vehicle technologies originating from China and Russia. | APT | |
21.9.24 | Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks | A hacktivist group known as Twelve has been observed using an arsenal of publicly available tools to conduct destructive cyber | APT | The Hacker News |
20.9.24 | Windows vulnerability abused braille “spaces” in zero-day attacks | A recently fixed "Windows MSHTML spoofing vulnerability" tracked under CVE-2024-43461 is now marked as previously exploited after it was used in attacks by the Void Banshee APT hacking group. | APT | BleepingComputer |
20.9.24 | Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East | An Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an initial access facilitator that provides remote access to | APT | The Hacker News |
19.9.24 | Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military | A Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain | APT | The Hacker News |
18.9.24 | North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware | A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in | APT | The Hacker News |
16.9.24 | North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware | Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on | APT | The Hacker News |
12.9.24 | Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack | Iraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran state- | APT | The Hacker News |
12.9.24 | DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe | A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe | APT | The Hacker News |
11.9.24 | Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware | Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of | APT | The Hacker News |
11.9.24 | Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia | A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as | APT | The Hacker News |
11.9.24 | Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments | The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and | APT | The Hacker News |
10.9.24 | Chinese hackers use new data theft malware in govt attacks | New attacks attributed to China-based cyber espionage group Mustang Panda show that the threat actor switched to new strategies and malware called FDMTP and PTSOCKET to download payloads and steal information from breached networks. | APT | |
9.9.24 | Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks | The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code | APT | The Hacker News |
8.9.24 | North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams | Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake | APT | The Hacker News |
6.9.24 | Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East | Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat | APT | The Hacker News |
5.9.24 | North Korean Hackers Targets Job Seekers with Fake FreeConference App | North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to | APT | The Hacker News |
31.8.24 | Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors | The Russian state-sponsored APT29 hacking group has been observed using the same iOS and Android exploits created by commercial spyware vendors in a series of cyberattacks between November 2023 and July 2024. | APT | |
31.8.24 | South Korean hackers exploited WPS Office zero-day to deploy malware | The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets. | APT | |
31.8.24 | New Tickler malware used to backdoor US govt, defense orgs | The APT33 Iranian hacking group has used new Tickler malware to backdoor the networks of organizations in the government, defense, satellite, oil and gas sectors in the United States and the United Arab Emirates. | APT | |
30.8.24 | Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign | Cybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-control | APT | The Hacker News |
30.8.24 | Iranian Hackers Set Up New Network to Target U.S. Political Campaigns | Cybersecurity researchers have unearthed new network infrastructure set up by Iranian threat actors to support activities | APT | The Hacker News |
30.8.24 | North Korean Hackers Target Developers with Malicious npm Packages | Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating | APT | The Hacker News |
30.8.24 | New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads | Chinese-speaking users are the target of a "highly organized and sophisticated attack" campaign that is likely leveraging phishing | APT | The Hacker News |
30.8.24 | Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32 | A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of | APT | The Hacker News |
28.8.24 | APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor | A South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution | APT | The Hacker News |
27.8.24 | Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs | The Chinese state-backed hacking group Volt Typhoon is behind attacks that exploited a zero-day flaw in Versa Director to upload a custom webshell to steal credentials and breach corporate networks. | APT | |
27.8.24 | Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors | The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day | APT | The Hacker News |
23.8.24 | US warns of Iranian hackers escalating influence operations | The U.S. government is warning of increased effort from Iran to influence upcoming elections through cyber operations targeting Presidential campaigns and the American public. | APT | |
21.8.24 | Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware | Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent | APT | The Hacker News |
20.8.24 | Microsoft Patches Zero-Day Flaw Exploited by North Korea's Lazarus Group | A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group , a prolific state-sponsored actor | APT | The Hacker News |
20.8.24 | Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group | Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7 . The two | APT | The Hacker News |
16.8.24 | Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware | Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to | APT | The Hacker News |
16.8.24 | Chinese hacking groups target Russian government, IT firms | A series of targeted cyberattacks that started at the end of July 2024, targeting dozens of systems used in Russian government organizations and IT companies, are linked to Chinese hackers of the APT31 and APT 27 groups. | APT | |
16.8.24 | US dismantles laptop farm used by undercover North Korean IT workers | The U.S. Justice Department arrested a Nashville man charged with helping North Korean IT workers obtain remote work at companies across the United States and operating a laptop farm they used to pose as U.S.-based individuals. | APT | |
15.8.24 | Russian-Linked Hackers Target Eastern European NGOs and Media | Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental | APT | The Hacker News |
15.8.24 | China-Backed Earth Baku Expands Cyber Attacks to Europe, Middle East, and Africa | The China-backed threat actor known as Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to include | APT | The Hacker News |
9.8.24 | North Korean hackers exploit VPN update flaw to install malware | South Korea's National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN's software update to deploy malware and breach networks. | APT | |
9.8.24 | Hackers breach ISP to poison software updates with malware | A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. | APT | |
8.8.24 | University Professors Targeted by North Korean Cyber Espionage Group | The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, | APT | The Hacker News |
| 6.8.24 | North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry | The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript | APT | The Hacker News |
5.8.24 | Kazakh Organizations Targeted by 'Bloody Wolf' Cyber Attacks | Organizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware called | APT | The Hacker News |
5.8.24 | China-Linked Hackers Compromise ISP to Deploy Malicious Software Updates | The China-linked threat actor known as Evasive Panda compromised an unnamed internet service provider (ISP) to push malicious | APT | The Hacker News |
2.8.24 | APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack | A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation- | APT | The Hacker News |
2.8.24 | APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure | A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular | APT | The Hacker News |
1.8.24 | North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS | The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS | APT | The Hacker News |
27.7.24 | Chinese hackers deploy new Macma macOS backdoor version | The Chinese hacking group tracked as 'Evasive Panda' was spotted using new versions of the Macma backdoor and the Nightdoor Windows malware. | APT | |
20.7.24 | Notorious FIN7 hackers sell EDR killer to other threat actors | The notorious FIN7 hacking group has been spotted selling its custom "AvNeutralizer" tool, used to evade detection by killing enterprise endpoint protection software on corporate networks. | APT | |
19.7.24 | APT41 Infiltrates Networks in Italy, Spain, Taiwan, Turkey, and the U.K. | Several organizations operating within global shipping and logistics, media and entertainment, technology, and automotive sectors in | APT | |
18.7.24 | TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks | Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting | APT | |
18.7.24 | North Korean Hackers Update BeaverTail Malware to Target MacOS Users | Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic | APT | The Hacker News |
17.7.24 | FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums | The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground | APT | |
17.7.24 | China-linked APT17 Targets Italian Companies with 9002 RAT Malware | A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant | APT | The Hacker News |
16.7.24 | Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks | The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent | APT | |
16.7.24 | Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer | An advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in the | APT | The Hacker News |
13.7.24 | Japan warns of attacks linked to North Korean Kimsuky hackers | Japan's Computer Emergency Response Team Coordination Center (JPCERT/CC) is warning that Japanese organizations are being targeted in attacks by the North Korean 'Kimsuky' threat actors. | APT | |
11.7.24 | Chinese APT40 hackers hijack SOHO routers to launch attacks | An advisory by CISA and multiple international cybersecurity agencies highlights the tactics, techniques, and procedures (TTPs) of APT40 (aka "Kryptonite Panda"), a state-sponsored Chinese cyber-espionage actor. | APT | |
11.7.24 | CloudSorcerer hackers abuse cloud services to steal Russian govt data | A new advanced persistent threat (APT) group named CloudSorcerer abuses public cloud services to steal data from Russian government organizations in cyberespionage attacks. | APT | |
11.7.24 | Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk | The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version" | APT | |
9.7.24 | Cybersecurity Agencies Warn of China-linked APT40's Rapid Exploit Adaptation | Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a | APT | The Hacker News |
8.7.24 | New APT Group "CloudSorcerer" Targets Russian Government Entities | A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and- | APT | The Hacker News |
1.7.24 | Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware | A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in | APT | The Hacker News |
30.6.24 | U.S. indicts Russian GRU hacker, offers $10 million reward | The U.S. indicted Russian national Amin Timovich Stigal for his alleged role in cyberattacks targeting Ukrainian government computer networks in an operation from the Russian foreign military intelligence agency (GRU) prior to invading the country. | APT | |
29.6.24 | Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data | The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's | APT | |
| 28.6.24 | Four FIN9 hackers indicted for cyberattacks causing $71M in losses | Four Vietnamese nationals linked to the international cybercrime group FIN9 have been indicted for their involvement in a series of computer intrusions that caused over $71 million in losses to companies in the U.S. | APT | |
| 27.6.24 | UNC3886 hackers use Linux rootkits to hide on VMware ESXi VMs | A suspected Chinese threat actor tracked as UNC3886 uses publicly available open-source rootkits named 'Reptile' and 'Medusa' to remain hidden on VMware ESXi virtual machines, allowing them to conduct credential theft, command execution, and lateral movement. | APT | |
| 27.6.24 | Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware | Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting | APT | The Hacker News |
| 25.6.24 | 4 FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime Spree | Four Vietnamese nationals with ties to the FIN9 cybercrime group have been indicted in the U.S. for their involvement in a series of | APT | The Hacker News |
| 25.6.24 | RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations | A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, | APT | The Hacker News |
| 23.6.24 | ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor | Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor | APT | The Hacker News |
| 23.6.24 | Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign | A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign | APT | The Hacker News |
| 19.6.24 | UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying | The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet , Ivanti , and VMware devices | APT | The Hacker News |
| 19.6.24 | New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers | Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious | APT | The Hacker News |
| 17.6.24 | China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices | A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization | APT | The Hacker News |
| 15.6.24 | Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks | A suspected Pakistan-based threat actor has been linked to a cyber espionage campaign targeting Indian government entities in 2024. | APT | The Hacker News |
| 14.6.24 | North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics | Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's | APT | The Hacker News |
| 13.6.24 | China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally | State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known | APT | The Hacker News |
| 12.6.24 | Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale | Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain | APT | The Hacker News |
| 8.6.24 | Chinese hacking groups team up in cyber espionage campaign | Chinese state-sponsored actors have been targeting a government agency since at least March 2023 in a cyberespionage campaign that researchers track as Crimson Palace | APT | |
31.5.24 | Microsoft links North Korean hackers to new FakePenny ransomware | Microsoft has linked a North Korean hacking group it tracks as Moonstone Sleet to FakePenny ransomware attacks, which have led to millions of dollars in ransom demands. | APT | |
31.5.24 | Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting | The Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe | APT | The Hacker News |
30.5.24 | Cyber Espionage Alert: LilacSquid Targets IT, Energy, and Pharma Sectors | A previously undocumented cyber espionage-focused threat actor named LilacSquid has been linked to targeted attacks spanning | APT | The Hacker News |
29.5.24 | Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker Group | A never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacks | APT | The Hacker News |
27.5.24 | Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets | The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and | APT | The Hacker News |
25.5.24 | State hackers turn to massive ORB proxy networks to evade detection | Security researchers are warning that China-linked state-backed hackers are increasingly relying on vast proxy networks of virtual private servers and compromised connected devices for cyberespionage operations. | APT | |
25.5.24 | Chinese hackers hide on military and govt networks for 6 years | A previously unknown threat actor dubbed "Unfading Sea Haze" has been targeting military and government entities in the South China Sea region since 2018, remaining undetected all this time. | APT | |
24.5.24 | New Frontiers, Old Tactics: Chinese Espionage Group Targets Africa & Caribbean Govts | The China-linked threat actor known as Sharp Panda has expanded their targeting to include governmental organizations in Africa and | APT | The Hacker News |
23.5.24 | Inside Operation Diplomatic Specter: Chinese APT Group's Stealthy Tactics Exposed | Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat (APT) group as part | APT | The Hacker News |
23.5.24 | Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries | Cybersecurity researchers have disclosed details of a previously undocumented threat group called Unfading Sea Haze that's | APT | The Hacker News |
20.5.24 | Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel | An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas | APT | The Hacker News |
18.5.24 | Kimsuky hackers deploy new Linux backdoor in attacks on South Korea | The North Korean hacker group Kimsuki has been using a new Linux malware called Gomir that is a version of the GoBear backdoor delivered via trojanized software installers. | APT | |
17.5.24 | North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign | The North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs | APT | The Hacker News |
16.5.24 | Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic Missions | An unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East were targeted by two | APT | The Hacker News |
11.5.24 | FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT | The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate | APT | The Hacker News |
11.5.24 | North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms | The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based | APT | The Hacker News |
10.5.24 | Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign | Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked | ||
| 8.5.24 | Iranian hackers pose as journalists to push backdoor malware | The Iranian state-backed threat actor tracked as APT42 is employing social engineering attacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets. | APT | |
| 7.5.24 | APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data | The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target | APT | The Hacker News |
| 7.5.24 | China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion | The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the | APT | |
| 6.5.24 | NSA warns of North Korean hackers exploiting weak DMARC email policies | The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spearphishing attacks. | APT | |
| 4.5.24 | Muddling Meerkat hackers manipulate DNS using China’s Great Firewall | A new cluster of activity tracked as "Muddling Meerkat" is believed to be linked to a Chinese state-sponsored threat actor's manipulation of DNS to probe networks globally since October 2019, with a spike in activity observed in September 2023. | APT | |
| 30.4.24 | China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global Scale | A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain | APT | The Hacker News |
| 27.4.24 | DPRK hacking groups breach South Korean defense contractors | The National Police Agency in South Korea issued an urgent warning today about North Korean hacking groups targeting defense industry entities to steal valuable technology information. | APT | |
| 25.4.24 | State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage | A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed | APT | The Hacker News |
| 25.4.24 | Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike | Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver malware | APT | The Hacker News |
| 24.4.24 | Microsoft: APT28 hackers exploit Windows flaw reported by NSA | Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg. | APT | |
| 23.4.24 | Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware | The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler | APT | The Hacker News |
| 23.4.24 | ToddyCat Hacker Group Uses Advanced Tools for Industrial-Scale Data Theft | The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments | APT | The Hacker News |
| 19.4.24 | FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor | The infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive | APT | The Hacker News |
| 18.4.24 | Russian Sandworm hackers pose as hacktivists in water utility breaches | The Sandworm hacking group associated with Russian military intelligence has been hiding attacks and operations behind multiple online personas posing as hacktivist groups. | APT | |
| 18.4.24 | Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks | A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern | APT | The Hacker News |
| 16.4.24 | Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks | The threat actor known as Muddled Libra has been observed actively targeting software-as-a-service (SaaS) applications and | APT | The Hacker News |
| 12.4.24 | Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign | The Iranian threat actor known as MuddyWater has been attributed to a new command-and-control (C2) infrastructure called | APT | The Hacker News |
| 5.4.24 | Vietnam-Based Hackers Steal Financial Data Across Asia with Malware | A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries | APT | The Hacker News |
| 4.4.24 | Winnti's new UNAPIMON tool hides malware from security software | The Chinese 'Winnti' hacking group was found using a previously undocumented malware called UNAPIMON to let malicous processes run without being detected. | APT | |
| 4.4.24 | U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers | The U.S. Cyber Safety Review Board ( CSRB ) has criticized Microsoft for a series of security lapses that led to the breach of | APT | The Hacker News |
| 2.4.24 | China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations | A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the | APT | The Hacker News |
| 30.3.24 | Finland confirms APT31 hackers behind 2021 parliament breach | The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security (MSS) was behind a breach of the country's parliament disclosed in March 2021. | APT | |
| 29.3.24 | Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack | The Police of Finland (aka Poliisi) has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber | APT | The Hacker News |
| 27.3.24 | US sanctions APT31 hackers behind critical infrastructure attacks | The U.S. Treasury Department has sanctioned a Wuhan-based company used by the Chinese Ministry of State Security (MSS) as cover in attacks against U.S. critical infrastructure organizations. | APT | |
| 27.3.24 | Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries | Two China-linked advanced persistent threat (APT) groups have been observed targeting entities and member countries affiliated | APT | The Hacker News |
| 26.3.24 | Key Lesson from Microsoft's Password Spray Hack: Secure Every Account | In January 2024, Microsoft discovered they'd been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard | APT | The Hacker News |
| 26.3.24 | Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks | The Iran-affiliated threat actor tracked as MuddyWater (aka Mango Sandstorm or TA450) has been linked to a new phishing campaign in March 2024 that aims to deliver a legitimate Remote Monitoring | APT | The Hacker News |
| 24.3.24 | N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks | The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shifting | APT | The Hacker News |
| 22.3.24 | China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws | A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable | APT | The Hacker News |
| 22.3.24 | Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems | The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in | APT | The Hacker News |
| 18.3.24 | APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme | The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating | APT | The Hacker News |
| 8.3.24 | Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets | Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to | APT | The Hacker News |
| 6.3.24 | North Korea hacks two South Korean chip firms to steal engineering data | The National Intelligence Service (NIS) in South Korea warns that North Korean hackers target domestic semiconductor manufacturers in cyber espionage attacks. | APT | |
| 6.3.24 | New APT Group 'Lotus Bane' Behind Recent Attacks on Vietnam's Financial Entities | A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023. | APT | The Hacker News |
| 2.3.24 | Lazarus hackers exploited Windows zero-day to gain Kernel privileges | North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques. | APT | |
| 2.3.24 | Russian hackers hijack Ubiquiti routers to launch stealthy attacks | Russian APT28 military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners. | APT | |
| 29.2.24 | Russian hackers shift to cloud attacks, US and allies warn | Members of the Five Eyes (FVEY) intelligence alliance warned today that APT29 Russian Foreign Intelligence Service (SVR) hackers are now switching to attacks targeting their victims' cloud services. | APT | |
| 29.2.24 | Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defense Sectors | An Iran-nexus threat actor known as UNC1549 has been attributed with medium confidence to a new set of attacks targeting aerospace, aviation, | APT | The Hacker News |
| 28.2.24 | Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat | In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take | APT | The Hacker News |
| 28.2.24 | Five Eyes Agencies Expose APT29's Evolving Cloud Attack Tactics | Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state- | APT | The Hacker News |
| 23.2.24 | North Korean hackers now launder stolen crypto via YoMix tumbler | The North Korean hacker collective Lazarus, infamous for having carried out numerous large-scale cryptocurrency heists over the years, has switched to using YoMix bitcoin mixer to launder stolen proceeds. | APT | |
| 21.2.24 | Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS | The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbed | APT | The Hacker News |
| 21.2.24 | Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks | Cybersecurity researchers have unearthed a new influence operation targeting Ukraine that leverages spam emails to propagate war-related | APT | The Hacker News |
| 20.2.24 | New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide | North Korean state-sponsored threat actors have been attributed to a cyber espionage campaign targeting the defense sector across the world. In a joint | APT | The Hacker News |
| 19.2.24 | Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws | Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross- | APT | The Hacker News |
| 19.2.24 | Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor | The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new | APT | The Hacker News |
| 9.2.24 | Chinese hackers hid in US infrastructure network for 5 years | The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies. | APT | |
| 8.2.24 | Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea | The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called | APT | The Hacker News |
3.2.24 | Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks | Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, | APT | The Hacker News |
31.1.24 | China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz | The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin | APT | The Hacker News |
26.1.24 | Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs | Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have | APT | The Hacker News |
20.1.24 | Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack | Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from | APT | The Hacker News |