APT
DATE | NAME | CATEGORY | SUB | INFO |
|
29.10.24 |
CloudScout | APT | APT | ESET researchers discovered a previously undocumented toolset used by Evasive Panda to access and retrieve data from cloud services |
28.9.24 | Louse APT Group launches malware campaign targeting Chinese entities | The Louse APT group (also known as Patchwork and Dropping Elephant) has reportedly launched a malware campaign targeting Chinese entities. The attack vector involves a malicious LNK file, likely originating from a phishing email. | ||
20.09.24 | APT | UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks | ||
20.09.24 | North Korean APT group Appleworm delivers PondRAT via poisoned Python packages | An ongoing campaign involving poisoned Python packages delivering backdoors for Linux and macOS, dubbed PondRAT, has been reported. | ||
17.09.24 | Fireant (APT31) unveils new tools in recent campaign against Asia-Pacific government entities | The China-linked threat actor known as Fireant (also referred to as Mustang Panda or APT31) has recently been observed using new tools, including PUBLOAD, FDMTP, and PTSOCKET, in espionage attacks targeting government entities in the Asia-Pacific region. | ||
13.09.24 | APT | Targeted Iranian Attacks Against Iraqi Government Infrastructure | ||
13.09.24 | Stately Taurus, a Chinese APT group that carries out cyber-espionage attacks, has abused Visual Studio Code software in espionage operations targeting government entities in Southeast Asia. | |||
09.09.24 | APT | BlindEagle Targets Colombian Insurance Sector with BlotchyQuasar | ||
09.09.24 | APT | Chinese APT Abuses VSCode to Target Government in Asia | ||
07.09.24 | APT | Tropic Trooper spies on government entities in the Middle East | ||
06.09.24 | Tropic Trooper unleashes new China Chopper variant and Crowdoor loader | Tropic Trooper, a Chinese-speaking APT group, has been reported targeting Middle Eastern government entities in a cyber espionage campaign. | ||
05.09.24 | APT | APT Lazarus: Eager Crypto Beavers, Video calls and Games | ||
30.08.24 | GreenCharlie Infrastructure Targeting US Political Entities with Advanced Phishing and Malware | |||
30.08.24 | APT | Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders | ||
30.08.24 | APT | State-backed attackers and commercial surveillance vendors repeatedly use the same exploits | ||
21.08.24 | APT | BlindEagle flying high in Latin America | ||
21.08.24 | APT | FIN7: The Truth Doesn't Need to be so STARK | ||
20.08.24 | Threat actor Damselfly conducts campaigns against the U.S. and Israel | Damselfy (aka APT42, Charming Kitten) is a well established Iranian-based threat actor. The group has routinely attacked high value targets in both the U.S. and Israel | ||
03.08.24 | APT | Today, APT28 is consistently attributed to GRU Unit 26165, 85th Main Special Service Centre (GTsSS) of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GU/GRU). | ||
03.08.24 | APT | A Russian threat actor we track as Fighting Ursa advertised a car for sale as a lure to distribute HeadLace backdoor malware. The campaign likely targeted diplomats and began as early as March 24 | ||
03.08.24 | APT | APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike | ||
03.08.24 | Grayfly (aka APT41) threat group deploying ShadowPad and Cobalt Strike in a recent attacks | As reported by researchers from Cisco Talos, Grayfly threat grup (also known as APT41) has been deploying ShadowPad malware and Cobalt Strike beacons in a recent distribution campaign observed in Taiwan. | ||
02.08.24 | APT | Turla: A Master’s Art of Evasion | ||
02.08.24 | APT-C-35 (aka DoNot APT Group) has been active in conducting cyberattacks since at least 2013. Recently, they have targeted Pakistani Android mobile users. | |||
27.07.24 | Continuous espionage activities attributed to the Stonefly APT | Symantec Security Response is aware of the recent joint alert from CISA, FBI and several other partners concerning a number of recent targeted activities attributed to the Stonefly APT group (also known as Andariel or DarkSeoul). | ||
24.07.24 | Over the past few weeks, multiple campaigns have been reported, carried out by the China-linked APT group Grayfly also known as APT41. | |||
19.07.24 | APT | APT41 Has Arisen From the DUST | ||
19.07.24 | APT17 Campaign: New variants of 9002 RAT targeting Italian government entities | A malware campaign by the APT17 group has been reported, distributing newer variants of 9002 RAT. The campaign specifically targets government entities and Italian companies. | ||
17.07.24 | APT | Italian government agencies and companies in the target of a Chinese APT | ||
17.07.24 | APT | FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks | ||
12.07.24 | OilAlpha continues to target Arabic-speaking entities, as well as those interested in humanitarian organizations and NGOs operating in Yemen. | |||
09.07.24 | APT | People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action | ||
09.07.24 | A recent report by (CTA) member Rapid7 has recently disclosed that popular sticky-note app 'Notezilla' installers have been trojanized in order to deliver malware. | |||
08.07.24 | APT | CloudSorcerer – A new APT targeting Russian government entities | ||
02.07.24 | Renewed malicious activity associated to the Datebug APT (aka. Transparent Tribe or APT36) has been reported by researchers from Sentinel One. | |||
14.06.24 | APT | Arid Viper poisons Android apps with AridSpy | ||
14.06.24 | APT | Arid Viper | APT’s Nest of SpyC23 Malware Continues to Target Android Devices | ||
12.06.24 | Fireant APT targets Vietnamese entities with LNK file malware campaign | A malware campaign conducted by the Fireant (also known as Mustang Panda) APT group using Windows shortcut (LNK) files has been reported. | ||
08.06.24 | Sticky Werewolf is a threat group initially discovered over a year ago. The attackers have been known to target various organizations, most recently the pharmaceutical and aviation sectors. | |||
08.06.24 | UNC1151 APT targets the Ukrainian Ministry of Defence with malicious Excel campaign | The UNC1151 APT group has been observed conducting a malware campaign utilizing a malicious Excel document. This group is known for targeting Eastern European countries. | ||
30.05.24 | APT group Datebug, in operation since 2013, has been observed updating their toolkit with a new data exfiltration tool written in Golang created with the goal of targeting APAC governments and defense sectors. | |||
30.05.24 | Emergence of a new North Korean threat actor dubbed Moonstone Sleet | A recent emergence in the threat landscape involves a new North Korean actor dubbed Moonstone Sleet. This actor has been detected engaging in various deceptive tactics, including the establishment of fake companies and job listings to lure potential targets. | ||
25.05.24 | An ongoing campaign dubbed Operation Diplomatic Specter, targeting political entities in the Middle East, Africa, and Asia, has been reported. A Chinese APT group behind the campaign has been leveraging rare email exfiltration techniques against compromised servers. | |||
23.05.24 | As reported by Checkpoint, Sharp Dragon APT group (also formerly known as Sharp Panda) has been expanding its operations towards targets in Africa and in the Caribbean. | |||
21.05.24 | In a newly released report, Symantec’s Threat Hunter Team sheds light on a recently discovered Linux backdoor developed by the North-Korean Springtail espionage group (aka Kimsuky). | |||
17.05.24 | APT | Kimsuky APT attack discovered using Facebook & MS management console | ||
11.05.24 | APT | FIN7 Uses Trusted Brands and Sponsored Google Ads to Distribute MSIX Payloads | ||
07.05.24 | APT | Uncharmed: Untangling Iran's APT42 Operations | ||
03.05.24 | NiceCurl and TameCat custom backdoors leveraged by Damselfly APT | NiceCurl and TameCat are two custom backdoor variants recently leveraged in malicious campaigns attributed to the Damselfly APT (also known as APT42). | ||
25.04.24 | SSLoad and Cobalt Strike leveraged in compromised "Contact Form" campaign | A new loader has emerged called SSLoad, distinct from SLoad. Reports reveal a campaign where attackers were observed abusing and sending malicious links via contact forms. | ||
25.04.24 | SpyNote campaign using Vietnam's National Public Service as bait | SpyNote remote access trojan and its variants are proliferating globally, with groups and individuals employing various social engineering tactics to target mobile users. | ||
25.04.24 | The APT43 group has been observed distributing TutorialRAT by actively exploiting Dropbox cloud storage as a base for their attacks to evade threat monitoring. | |||
23.04.24 | APT | Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials | ||
23.04.24 | APT | We continue covering the activities of the APT group ToddyCat.This time, we have investigated how attackers obtain constant access to compromised infrastructure, what information on the hosts they are interested in, and what tools they use to extract it. | ||
22.04.24 | Core Werewolf APT group targets Russian defense organizations in espionage campaign | Espionage activity of the Core Werewolf APT group targeting Russian defense organizations was observed around mid-April. | ||
20.04.24 | Coreid (aka Fin7) uses backdoor against US Automaker victims | A recent report provided details of activity by the Coreid (aka Fin7) threat group in which victims in the US automaker industry were targeted. | ||
20.04.24 | APT Group exploits Web3 gaming hype in campaign for cryptocurrency earnings | A campaign centered around imitating web3 gaming projects has been observed, likely operated by a Russian-language APT group aiming for potential cryptocurrency earnings by leveraging the allure of blockchain-based gaming. | ||
08.04.24 | African based telecommunications organizations targeted by Iranian Seedworm group | The Symantec Threat Hunter Team, part of Broadcom, observed a recent campaign by the Seedworm threat actor group, targeting telecommunications organizations in North and East Africa. | ||
27.03.24 | Researchers observed a recent Stately Taurus (aka Mustang Panda) APT campaign during an ASEAN-Australia Special Summit held just this month targeting Asian countries. | |||
28.02.24 | APT | SVR cyber actors adapt tactics for initial cloud access | ||
17.02.24 | APT | Water Hydra’s Zero-Day Attack Chain Targets Financial Traders | ||
29.01.24 | APT | Midnight Blizzard: Guidance for responders on nation-state attack | ||
27.9.24 | Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks | The threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in the | ||
26.9.24 | N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks | Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activity | ||
26.9.24 | From 12 to 21: how we discovered connections between the Twelve and BlackJack groups | An investigation of BlackJack’s software, TTPs, and motivations led Kaspersky experts to identify a possible connection with the Twelve group. | ||
26.9.24 | Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities | An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential | ||
26.9.24 | Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign | Nation-state threat actors backed by Beijing broke into a "handful" of U.S. internet service providers (ISPs) as part of a cyber espionage | ||
24.9.24 | US proposes ban on connected vehicle tech from China, Russia | Today, the Biden administration announced new proposed measures to defend the United States' national security from potential threats linked to connected vehicle technologies originating from China and Russia. | ||
21.9.24 | Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber Attacks | A hacktivist group known as Twelve has been observed using an arsenal of publicly available tools to conduct destructive cyber | ||
20.9.24 | Windows vulnerability abused braille “spaces” in zero-day attacks | A recently fixed "Windows MSHTML spoofing vulnerability" tracked under CVE-24-43461 is now marked as previously exploited after it was used in attacks by the Void Banshee APT hacking group. | ||
20.9.24 | Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East | An Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an initial access facilitator that provides remote access to | ||
19.9.24 | Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military | A Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtain | ||
18.9.24 | North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware | A North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims in | ||
16.9.24 | North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware | Cybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims on | ||
12.9.24 | Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack | Iraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran state- | ||
12.9.24 | DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe | A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe | ||
11.9.24 | Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware | Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of | ||
11.9.24 | Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia | A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as | ||
11.9.24 | Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments | The threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and | ||
10.9.24 | New attacks attributed to China-based cyber espionage group Mustang Panda show that the threat actor switched to new strategies and malware called FDMTP and PTSOCKET to download payloads and steal information from breached networks. | |||
9.9.24 | Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks | The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code | ||
8.9.24 | North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams | Threat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fake | ||
6.9.24 | Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East | Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat | ||
5.9.24 | North Korean Hackers Targets Job Seekers with Fake FreeConference App | North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to | ||
31.8.24 | Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors | The Russian state-sponsored APT29 hacking group has been observed using the same iOS and Android exploits created by commercial spyware vendors in a series of cyberattacks between November 2023 and July 24. | ||
31.8.24 | South Korean hackers exploited WPS Office zero-day to deploy malware | The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets. | ||
31.8.24 | The APT33 Iranian hacking group has used new Tickler malware to backdoor the networks of organizations in the government, defense, satellite, oil and gas sectors in the United States and the United Arab Emirates. | |||
30.8.24 | Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign | Cybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-control | ||
30.8.24 | Iranian Hackers Set Up New Network to Target U.S. Political Campaigns | Cybersecurity researchers have unearthed new network infrastructure set up by Iranian threat actors to support activities | ||
30.8.24 | North Korean Hackers Target Developers with Malicious npm Packages | Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating | ||
30.8.24 | New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads | Chinese-speaking users are the target of a "highly organized and sophisticated attack" campaign that is likely leveraging phishing | ||
30.8.24 | Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32 | A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of | ||
28.8.24 | APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor | A South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code execution | ||
27.8.24 | Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs | The Chinese state-backed hacking group Volt Typhoon is behind attacks that exploited a zero-day flaw in Versa Director to upload a custom webshell to steal credentials and breach corporate networks. | ||
27.8.24 | Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors | The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day | ||
23.8.24 | The U.S. government is warning of increased effort from Iran to influence upcoming elections through cyber operations targeting Presidential campaigns and the American public. | |||
21.8.24 | Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware | Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent | ||
20.8.24 | Microsoft Patches Zero-Day Flaw Exploited by North Korea's Lazarus Group | A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group , a prolific state-sponsored actor | ||
20.8.24 | Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group | Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7 . The two | ||
16.8.24 | Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware | Cybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to | ||
16.8.24 | A series of targeted cyberattacks that started at the end of July 24, targeting dozens of systems used in Russian government organizations and IT companies, are linked to Chinese hackers of the APT31 and APT 27 groups. | |||
16.8.24 | US dismantles laptop farm used by undercover North Korean IT workers | The U.S. Justice Department arrested a Nashville man charged with helping North Korean IT workers obtain remote work at companies across the United States and operating a laptop farm they used to pose as U.S.-based individuals. | ||
15.8.24 | Russian-Linked Hackers Target Eastern European NGOs and Media | Russian and Belarusian non-profit organizations, Russian independent media, and international non-governmental | ||
15.8.24 | China-Backed Earth Baku Expands Cyber Attacks to Europe, Middle East, and Africa | The China-backed threat actor known as Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to include | ||
9.8.24 | North Korean hackers exploit VPN update flaw to install malware | South Korea's National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN's software update to deploy malware and breach networks. | ||
9.8.24 | A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. | |||
8.8.24 | University Professors Targeted by North Korean Cyber Espionage Group | The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, | ||
6.8.24 | North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry | The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript | ||
5.8.24 | Kazakh Organizations Targeted by 'Bloody Wolf' Cyber Attacks | Organizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware called | ||
5.8.24 | China-Linked Hackers Compromise ISP to Deploy Malicious Software Updates | The China-linked threat actor known as Evasive Panda compromised an unnamed internet service provider (ISP) to push malicious | ||
2.8.24 | APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack | A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation- | ||
2.8.24 | APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure | A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular | ||
1.8.24 | North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS | The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS | ||
27.7.24 | The Chinese hacking group tracked as 'Evasive Panda' was spotted using new versions of the Macma backdoor and the Nightdoor Windows malware. | |||
20.7.24 | Notorious FIN7 hackers sell EDR killer to other threat actors | The notorious FIN7 hacking group has been spotted selling its custom "AvNeutralizer" tool, used to evade detection by killing enterprise endpoint protection software on corporate networks. | ||
19.7.24 | APT41 Infiltrates Networks in Italy, Spain, Taiwan, Turkey, and the U.K. | Several organizations operating within global shipping and logistics, media and entertainment, technology, and automotive sectors in | ||
18.7.24 | TAG-100: New Threat Actor Uses Open-Source Tools for Widespread Attacks | Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting | ||
18.7.24 | North Korean Hackers Update BeaverTail Malware to Target MacOS Users | Cybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the Democratic | ||
17.7.24 | FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums | The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground | ||
17.7.24 | China-linked APT17 Targets Italian Companies with 9002 RAT Malware | A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant | ||
16.7.24 | Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks | The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent | ||
16.7.24 | Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer | An advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in the | ||
13.7.24 | Japan warns of attacks linked to North Korean Kimsuky hackers | Japan's Computer Emergency Response Team Coordination Center (JPCERT/CC) is warning that Japanese organizations are being targeted in attacks by the North Korean 'Kimsuky' threat actors. | ||
11.7.24 | An advisory by CISA and multiple international cybersecurity agencies highlights the tactics, techniques, and procedures (TTPs) of APT40 (aka "Kryptonite Panda"), a state-sponsored Chinese cyber-espionage actor. | |||
11.7.24 | CloudSorcerer hackers abuse cloud services to steal Russian govt data | A new advanced persistent threat (APT) group named CloudSorcerer abuses public cloud services to steal data from Russian government organizations in cyberespionage attacks. | ||
11.7.24 | Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk | The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version" | ||
9.7.24 | Cybersecurity Agencies Warn of China-linked APT40's Rapid Exploit Adaptation | Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a | ||
8.7.24 | New APT Group "CloudSorcerer" Targets Russian Government Entities | A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and- | ||
1.7.24 | Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware | A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in | ||
30.6.24 | The U.S. indicted Russian national Amin Timovich Stigal for his alleged role in cyberattacks targeting Ukrainian government computer networks in an operation from the Russian foreign military intelligence agency (GRU) prior to invading the country. | |||
29.6.24 | Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data | The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's | ||
28.6.24 | Four FIN9 hackers indicted for cyberattacks causing $71M in losses | Four Vietnamese nationals linked to the international cybercrime group FIN9 have been indicted for their involvement in a series of computer intrusions that caused over $71 million in losses to companies in the U.S. | ||
27.6.24 | UNC3886 hackers use Linux rootkits to hide on VMware ESXi VMs | A suspected Chinese threat actor tracked as UNC3886 uses publicly available open-source rootkits named 'Reptile' and 'Medusa' to remain hidden on VMware ESXi virtual machines, allowing them to conduct credential theft, command execution, and lateral movement. | ||
27.6.24 | Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware | Threat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targeting | ||
25.6.24 | 4 FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime Spree | Four Vietnamese nationals with ties to the FIN9 cybercrime group have been indicted in the U.S. for their involvement in a series of | ||
25.6.24 | RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations | A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, | ||
23.6.24 | ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor | Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor | ||
23.6.24 | Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign | A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign | ||
19.6.24 | UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying | The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet , Ivanti , and VMware devices | ||
19.6.24 | New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers | Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious | ||
17.6.24 | China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices | A suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organization | ||
15.6.24 | Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks | A suspected Pakistan-based threat actor has been linked to a cyber espionage campaign targeting Indian government entities in 24. | ||
14.6.24 | North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics | Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's | ||
13.6.24 | China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally | State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known | ||
12.6.24 | Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale | Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain | ||
8.6.24 | Chinese state-sponsored actors have been targeting a government agency since at least March 2023 in a cyberespionage campaign that researchers track as Crimson Palace | |||
31.5.24 | Microsoft links North Korean hackers to new FakePenny ransomware | Microsoft has linked a North Korean hacking group it tracks as Moonstone Sleet to FakePenny ransomware attacks, which have led to millions of dollars in ransom demands. | ||
31.5.24 | Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting | The Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe | ||
30.5.24 | Cyber Espionage Alert: LilacSquid Targets IT, Energy, and Pharma Sectors | A previously undocumented cyber espionage-focused threat actor named LilacSquid has been linked to targeted attacks spanning | ||
29.5.24 | Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker Group | A never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacks | ||
27.5.24 | Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets | The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and | ||
25.5.24 | State hackers turn to massive ORB proxy networks to evade detection | Security researchers are warning that China-linked state-backed hackers are increasingly relying on vast proxy networks of virtual private servers and compromised connected devices for cyberespionage operations. | ||
25.5.24 | Chinese hackers hide on military and govt networks for 6 years | A previously unknown threat actor dubbed "Unfading Sea Haze" has been targeting military and government entities in the South China Sea region since 2018, remaining undetected all this time. | ||
24.5.24 | New Frontiers, Old Tactics: Chinese Espionage Group Targets Africa & Caribbean Govts | The China-linked threat actor known as Sharp Panda has expanded their targeting to include governmental organizations in Africa and | ||
23.5.24 | Inside Operation Diplomatic Specter: Chinese APT Group's Stealthy Tactics Exposed | Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat (APT) group as part | ||
23.5.24 | Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries | Cybersecurity researchers have disclosed details of a previously undocumented threat group called Unfading Sea Haze that's | ||
20.5.24 | Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel | An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas | ||
18.5.24 | Kimsuky hackers deploy new Linux backdoor in attacks on South Korea | The North Korean hacker group Kimsuki has been using a new Linux malware called Gomir that is a version of the GoBear backdoor delivered via trojanized software installers. | ||
17.5.24 | North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign | The North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employs | ||
16.5.24 | Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic Missions | An unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East were targeted by two | ||
11.5.24 | FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT | The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate | ||
11.5.24 | North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms | The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based | ||
10.5.24 | Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign | Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked | ||
8.5.24 | Iranian hackers pose as journalists to push backdoor malware | The Iranian state-backed threat actor tracked as APT42 is employing social engineering attacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets. | ||
7.5.24 | APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data | The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target | ||
7.5.24 | China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion | The MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of the | ||
6.5.24 | NSA warns of North Korean hackers exploiting weak DMARC email policies | The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spearphishing attacks. | ||
4.5.24 | Muddling Meerkat hackers manipulate DNS using China’s Great Firewall | A new cluster of activity tracked as "Muddling Meerkat" is believed to be linked to a Chinese state-sponsored threat actor's manipulation of DNS to probe networks globally since October 2019, with a spike in activity observed in September 2023. | ||
30.4.24 | China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global Scale | A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain | ||
27.4.24 | The National Police Agency in South Korea issued an urgent warning today about North Korean hacking groups targeting defense industry entities to steal valuable technology information. | |||
25.4.24 | State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage | A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed | ||
25.4.24 | Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike | Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver malware | ||
24.4.24 | Microsoft: APT28 hackers exploit Windows flaw reported by NSA | Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg. | ||
23.4.24 | Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware | The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler | ||
23.4.24 | ToddyCat Hacker Group Uses Advanced Tools for Industrial-Scale Data Theft | The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments | ||
19.4.24 | FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor | The infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive | ||
18.4.24 | Russian Sandworm hackers pose as hacktivists in water utility breaches | The Sandworm hacking group associated with Russian military intelligence has been hiding attacks and operations behind multiple online personas posing as hacktivist groups. | ||
18.4.24 | Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks | A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern | ||
16.4.24 | Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks | The threat actor known as Muddled Libra has been observed actively targeting software-as-a-service (SaaS) applications and | ||
12.4.24 | Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign | The Iranian threat actor known as MuddyWater has been attributed to a new command-and-control (C2) infrastructure called | ||
5.4.24 | Vietnam-Based Hackers Steal Financial Data Across Asia with Malware | A suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countries | ||
4.4.24 | Winnti's new UNAPIMON tool hides malware from security software | The Chinese 'Winnti' hacking group was found using a previously undocumented malware called UNAPIMON to let malicous processes run without being detected. | ||
4.4.24 | U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers | The U.S. Cyber Safety Review Board ( CSRB ) has criticized Microsoft for a series of security lapses that led to the breach of | ||
2.4.24 | China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations | A threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under the | ||
30.3.24 | Finland confirms APT31 hackers behind 2021 parliament breach | The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security (MSS) was behind a breach of the country's parliament disclosed in March 2021. | ||
29.3.24 | Finland Blames Chinese Hacking Group APT31 for Parliament Cyber Attack | The Police of Finland (aka Poliisi) has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyber | ||
27.3.24 | US sanctions APT31 hackers behind critical infrastructure attacks | The U.S. Treasury Department has sanctioned a Wuhan-based company used by the Chinese Ministry of State Security (MSS) as cover in attacks against U.S. critical infrastructure organizations. | ||
27.3.24 | Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries | Two China-linked advanced persistent threat (APT) groups have been observed targeting entities and member countries affiliated | ||
26.3.24 | Key Lesson from Microsoft's Password Spray Hack: Secure Every Account | In January 24, Microsoft discovered they'd been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard | ||
26.3.24 | Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks | The Iran-affiliated threat actor tracked as MuddyWater (aka Mango Sandstorm or TA450) has been linked to a new phishing campaign in March 24 that aims to deliver a legitimate Remote Monitoring | ||
24.3.24 | N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks | The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shifting | ||
22.3.24 | China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws | A China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capable | ||
22.3.24 | Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems | The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in | ||
18.3.24 | APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme | The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating | ||
8.3.24 | Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets | Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to | ||
6.3.24 | North Korea hacks two South Korean chip firms to steal engineering data | The National Intelligence Service (NIS) in South Korea warns that North Korean hackers target domestic semiconductor manufacturers in cyber espionage attacks. | ||
6.3.24 | New APT Group 'Lotus Bane' Behind Recent Attacks on Vietnam's Financial Entities | A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023. | ||
2.3.24 | Lazarus hackers exploited Windows zero-day to gain Kernel privileges | North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques. | ||
2.3.24 | Russian hackers hijack Ubiquiti routers to launch stealthy attacks | Russian APT28 military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners. | ||
29.2.24 | Members of the Five Eyes (FVEY) intelligence alliance warned today that APT29 Russian Foreign Intelligence Service (SVR) hackers are now switching to attacks targeting their victims' cloud services. | |||
29.2.24 | Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defense Sectors | An Iran-nexus threat actor known as UNC1549 has been attributed with medium confidence to a new set of attacks targeting aerospace, aviation, | ||
28.2.24 | Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat | In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take | ||
28.2.24 | Five Eyes Agencies Expose APT29's Evolving Cloud Attack Tactics | Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state- | ||
23.2.24 | North Korean hackers now launder stolen crypto via YoMix tumbler | The North Korean hacker collective Lazarus, infamous for having carried out numerous large-scale cryptocurrency heists over the years, has switched to using YoMix bitcoin mixer to launder stolen proceeds. | ||
21.2.24 | Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGS | The China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbed | ||
21.2.24 | Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks | Cybersecurity researchers have unearthed a new influence operation targeting Ukraine that leverages spam emails to propagate war-related | ||
20.2.24 | New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide | North Korean state-sponsored threat actors have been attributed to a cyber espionage campaign targeting the defense sector across the world. In a joint | ||
19.2.24 | Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws | Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross- | ||
19.2.24 | Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor | The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new | ||
9.2.24 | Chinese hackers hid in US infrastructure network for 5 years | The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies. | ||
8.2.24 | Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea | The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called | ||
3.2.24 | Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks | Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, | ||
31.1.24 | China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz | The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin | ||
26.1.24 | Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs | Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have | ||
20.1.24 | Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack | Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from |