APT Blog News(46) - 2024 2023 2022 2021 2020 2019 2018
APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog
21.9.24 | Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC | We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China. | APT blog | |
DATE | NAME | Info | CATEG. | WEB |
21.9.24 | The Iranian Cyber Capability | In this blog, we will provide an overview of the Iranian threat landscape and discuss the tools, tactics and techniques used by these groups. | APT blog | Trelix |
14.9.24 | CUCKOO SPEAR Part 1: Analyzing NOOPDOOR from an IR Perspective | In this report, Cybereason confirms the ties between Cuckoo Spear and APT10 Intrusion Set by tying multiple incidents together and disclosing new information about this group’s new arsenal and techniques | APT blog | Cybereason |
14.9.24 | Chinese APT Abuses VSCode to Target Government in Asia | Unit 42 researchers recently found that Stately Taurus abused the popular Visual Studio Code software in espionage operations targeting government entities in Southeast Asia. Stately Taurus is a Chinese advanced persistent threat (APT) group that carries out cyberespionage attacks. | APT blog | Palo Alto |
14.9.24 | Targeted Iranian Attacks Against Iraqi Government Infrastructure | Check Point Research discovered a new set of malware called Veaty and Spearal that was used in attacks against different Iraqi entities including government networks. | APT blog | Checkpoint |
14.9.24 | DragonRank, a Chinese-speaking SEO manipulator service provider | Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation | APT blog | |
31.8.24 | Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool | Threat actors are targeting users in the Middle East by distributing sophisticated malware disguised as the Palo Alto GlobalProtect tool. | APT blog | |
10.8.24 | Fighting Ursa Luring Targets With Car for Sale | A Russian threat actor we track as Fighting Ursa advertised a car for sale as a lure to distribute HeadLace backdoor malware. The campaign likely targeted diplomats and began as early as March 2024. Fighting Ursa (aka APT28, Fancy Bear and Sofacy) has been associated with Russian military intelligence and classified as an advanced persistent threat (APT). | APT blog | |
3.8.24 | APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike | ShadowPad, widely considered the successor of PlugX, is a modular remote access trojan (RAT) only seen sold to Chinese hacking groups. | APT blog | Cisco Blog |
13.7.24 | Cracking Cobalt Strike: Taking Down Malicious Cybercriminal Infrastructure with Threat Intelligence | Trellix and global law enforcement dismantle malicious Cobalt Strike infrastructure, enhancing cybersecurity and protecting critical sectors. Learn about our fight against cybercrime. | APT blog | Trelix |
| 29.6.24 | Behind the Great Wall: Void Arachne Targets Chinese-Speaking Users With the Winos 4.0 C&C Framework | We recently discovered a new threat actor group that we dubbed Void Arachne. This group targets Chinese-speaking users with malicious Windows Installer (MSI) files in a recent campaign. These MSI files contain legitimate software installer files for AI software and other popular software but are bundled with malicious Winos payloads. | APT blog | Trend Micro |
| 15.6.24 | ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024 | The I-SOON data leak confirms that this contractor is involved in cyberespionage for China, while Iran-aligned groups step up aggressive tactics following the Hamas-led attack on Israel in 2023 | APT blog | Eset |
| 8.6.24 | Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks | Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult. This shared interest results in malicious internet traffic blending financial and espionage motives. | APT blog | Trend Micro |
1.6.24 | LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader | Cisco Talos is disclosing a new suspected data theft campaign, active since at least 2021, we attribute to an advanced persistent threat actor (APT) we’re calling “LilacSquid.” Multiple TTPs utilized in this campaign bear some overlap with North Korean APT groups. | APT blog | Cisco Blog |
25.5.24 | Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia | A Chinese advanced persistent threat (APT) group has been conducting an ongoing campaign, which we call Operation Diplomatic Specter. This campaign has been targeting political entities in the Middle East, Africa and Asia since at least late 2022. | APT blog | Palo Alto |
25.5.24 | BAD KARMA, NO JUSTICE: VOID MANTICORE DESTRUCTIVE ACTIVITIES IN ISRAEL | Void Manticore is an Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS). They carry out destructive wiping attacks combined with influence operations. | APT blog | Checkpoint |
25.5.24 | SHARP DRAGON EXPANDS TOWARDS AFRICA AND THE CARIBBEAN | Sharp Dragon’s (Formerly referred to as Sharp Panda) operations continue, expanding their focus now to new regions – Africa and the Caribbean. | APT blog | Checkpoint |
18.5.24 | The who, where, and how of APT attacks – Week in security with Tony Anscombe | This week, ESET experts released several research publications that shine the spotlight on a number of notable campaigns and broader developments on the threat landscape | APT blog | Eset |
18.5.24 | To the Moon and back(doors): Lunar landing in diplomatic missions | ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs | APT blog | Eset |
18.5.24 | ESET APT Activity Report Q4 2023–Q1 2024 | An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2023 and Q1 2024 | APT blog | Eset |
| 4.5.24 | Muddled Libra’s Evolution to the Cloud | Unit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments. | APT blog | Palo Alto |
| 4.5.24 | James Nutland studies what makes threat actors tick, growing our understanding of the current APT landscape | Nutland says he goes into every engagement or new project with a completely open mind and a blank slate — using his background investigating terror operations to find out as much as he can about a particular adversary’s operation. | APT blog | Cisco Blog |
| 13.4.24 | Muddled Libra’s Evolution to the Cloud | Unit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments. | APT blog | Palo Alto |
| 23.3.24 | New details on TinyTurla’s post-compromise activity reveal full kill chain | We now have new information on the entire kill chain this actor uses, including the tactics, techniques and procedures (TTPs) utilized to steal valuable information from their victims and propagate through their infected enterprises. | APT blog | Cisco Blog |
| 9.3.24 | Threat Group Assessment: Muddled Libra (Updated) | Muddled Libra stands at the intersection of devious social engineering and nimble technology adaptation. With an intimate knowledge of enterprise information technology, this threat group presents a significant risk even to organizations with well-developed legacy cyber defenses. | APT blog | Palo Alto |
| 9.3.24 | APT attacks taking aim at Tibetans – Week in security with Tony Anscombe | Evasive Panda has been spotted targeting Tibetans in several countries and territories with payloads that included a previously undocumented backdoor ESET has named Nightdoor | APT blog | Eset |
| 9.3.24 | Evasive Panda leverages Monlam Festival to target Tibetans | ESET researchers uncover strategic web compromise and supply-chain attacks targeting Tibetans | APT blog | Eset |
| 25.2.24 | Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT Campaigns | On Feb. 16, 2024, someone uploaded data to GitHub that included possible internal company communications, sales-related materials and product manuals belonging to the Chinese IT security services company i-Soon, also known as Anxun Information Technology. | APT blog | Palo Alto |
| 25.2.24 | TinyTurla-NG in-depth tooling and command and control analysis | Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed. | APT blog | Cisco Blog |
| 18.2.24 | Threat Brief: Attacks on Critical Infrastructure Attributed to Insidious Taurus (Volt Typhoon) | Insidious Taurus (aka Volt Typhoon) is identified by U.S. government agencies and international government partners as People’s Republic of China (PRC) state-sponsored cyber actors. | APT blog | Palo Alto |
| 18.2.24 | TinyTurla Next Generation - Turla APT spies on Polish NGOs | This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation. | APT blog | Cisco Blog |
| 4.2.24 | VajraSpy: A Patchwork of espionage apps | ESET researchers discovered several Android apps carrying VajraSpy, a RAT used by the Patchwork APT group | APT blog | Eset |
| 4.2.24 | Blackwood hijacks software updates to deploy NSPX30 – Week in security with Tony Anscombe | The previously unknown threat actor used the implant to target Chinese and Japanese companies, as well as individuals in China, Japan, and the UK | APT blog | Eset |
| 4.2.24 | NSPX30: A sophisticated AitM-enabled implant evolving since 2005 | ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group we have named Blackwood | APT blog | Eset |