The article discusses a new campaign by the APT group Awaken Likho, targeting Russian government agencies and industrial enterprises. The group has shifted its tactics, now utilizing the …
Tag: APT
Summary: The APT hacking group FIN7 has created a network of fake AI-powered deepnude generator websites to distribute information-stealing malware to unsuspecting visitors. This sophisticated operation leverages controversial technology to …
Summary: A sophisticated cyber-espionage campaign attributed to the Chinese APT group Mustang Panda utilizes malicious emails and Visual Studio Code to deploy Python-based malware, allowing unauthorized access to infected machines. …
Short Summary:
The article provides an in-depth analysis of the NOOPLDR and NOOPDOOR malware tools, focusing on their capabilities, methods of operation, and persistence mechanisms. It details how these tools …
The BlueShark APT group has been actively targeting individuals in South Korea during the first half of 2024, utilizing various malware types and spear-phishing tactics disguised as …
Summary: A recent CYFIRMA report details the infrastructure and tactics of the Pakistan-based APT group Transparent Tribe (APT36), which focuses on cyber espionage against Indian government entities. The investigation reveals …
Short Summary:
ESET researchers have identified a new China-aligned threat actor named CeranaKeeper, which has been targeting governmental institutions in Thailand since 2023. This group utilizes advanced techniques and tools, …
This article discusses a sophisticated phishing campaign that utilizes HTML smuggling techniques to deliver malicious payloads. The campaign involves multiple stages of obfuscation and deception, including the use …
Short Summary:
The article discusses the NetSupport RAT, a remote access trojan used by advanced persistent threat (APT) groups. It highlights the challenges in detecting and removing such malware, along …
The article discusses the critical role of machine learning (ML) in analyzing cybersecurity logs to enhance threat detection capabilities. It highlights Kaspersky’s experience in utilizing ML algorithms, particularly …
Summary: Cyble Research and Intelligence Lab (CRIL) has identified a sophisticated cyber campaign that utilizes a suspicious .LNK file and Visual Studio Code (VSCode) to gain persistence and remote access …
Cyble Research and Intelligence Labs (CRIL) uncovered a sophisticated attack that utilizes legitimate tools like Visual Studio Code and GitHub. The attack begins with a disguised .LNK file …
Summary: Recent analyses reveal that the Patchwork APT group has initiated a sophisticated cyber campaign utilizing a new backdoor called “Nexe” to target Chinese entities, employing advanced evasion tactics. This …
Short Summary:
This research by Check Point focuses on the increasing number of vulnerable Windows drivers and their exploitation potential. It highlights the characteristics shared by these drivers, the methodologies …
Summary: Recent cyber espionage campaigns linked to China have targeted U.S. internet service providers, with the Salt Typhoon operation focusing on intelligence gathering and potential disruptions. Investigations are ongoing to …
Summary: Multiple critical vulnerabilities have been identified in the Common Unix Printing System (CUPS), allowing remote unauthenticated attackers to execute arbitrary commands on affected systems. Security researcher Simone Margaritelli detailed …
Short Summary:
This report by CYFIRMA investigates the infrastructure of the APT group “Transparent Tribe,” identifying command-and-control (C2) servers linked to the group. The investigation reveals the use of Mythic …
Short Summary:
ESET Research has conducted an in-depth analysis of Gamaredon, a Russia-aligned APT group engaged in cyberespionage activities primarily targeting Ukraine. The study highlights Gamaredon’s tactics, techniques, and tools, …
Summary: A new cryptojacking campaign has been discovered that targets Docker Engine API, enabling lateral movement to Docker Swarm, Kubernetes, and SSH servers. The threat actor utilizes compromised Docker hosts …
The Patchwork APT group has launched a sophisticated campaign targeting Chinese entities and Bhutan, utilizing a malicious LNK file to initiate infections. The campaign employs DLL sideloading techniques …
Unit 42 researchers have identified two new malware samples associated with the North Korean threat group Sparkling Pisces, including a keylogger named KLogEXE and a backdoor variant called …
DLL Hijacking is a technique that exploits legitimate applications to execute malicious code. This write-up provides an overview of DLL Hijacking, its purpose, and the various documented instances …
Short Summary:
A new cryptojacking campaign has been discovered, targeting Docker Engine API and capable of lateral movement to Docker Swarm, Kubernetes, and SSH servers. The threat actor utilizes Docker …
Summary: Cybersecurity researchers at Darktrace have reported on the exploitation of Fortinet’s FortiClient Endpoint Management Server (EMS) through a critical SQL injection vulnerability (CVE-2023-48788), allowing attackers to gain unauthorized access …
Summary: Researchers from Lumen’s Black Lotus Labs have identified a new botnet named Raptor Train, primarily composed of compromised SOHO and IoT devices, believed to be controlled by the China-linked …
Short Summary:
Earth Baxia, a threat actor likely based in China, has targeted government organizations in Taiwan and other APAC countries using spear-phishing and exploiting the GeoServer vulnerability CVE-2024-36401. The …
Short Summary:
Unit 42 researchers have identified an ongoing campaign that delivers Linux and macOS backdoors through poisoned Python packages, named PondRAT. This campaign is linked to the Gleaming Pisces …
The Summer Intelligence Insights report by Securonix Threat Labs highlights significant cyber threats identified over the last three months, including phishing campaigns, cyber-espionage efforts, and ransomware attacks. The …
Summary: A sophisticated cyber campaign targeting individuals associated with the upcoming US-Taiwan Defense Industry Conference has been identified, utilizing social engineering tactics to deliver malware disguised as a legitimate PDF …
Summary: The Windows MSHTML spoofing vulnerability, tracked as CVE-2024-43461, was exploited by the Void Banshee APT group to install information-stealing malware before being patched. This vulnerability allowed attackers to disguise …
Summary: ReversingLabs researchers have uncovered a new malicious software campaign linked to North Korea’s Lazarus Group, targeting developers through fake job interviews and malicious Python packages. The campaign utilizes sophisticated …
Cyble Research and Intelligence Labs (CRIL) uncovered a sophisticated cyber campaign targeting individuals associated with the upcoming US-Taiwan Defense Industry Conference. The attack utilizes a deceptive ZIP file …
Summary: The ToneShell backdoor, associated with the Mustang Panda group, has resurfaced, targeting attendees of the upcoming 2024 IISS Defence Summit in Prague, highlighting ongoing cyber espionage efforts. This advanced …
Check Point Research has identified new malware families, Veaty and Spearal, used in targeted attacks against Iraqi government networks. These malware samples employ various techniques, including a passive …
Short Summary:
Kimsuky, a North Korean hacking group active since 2018, focuses on espionage and financially motivated cybercrime. They target various technologies and countries, employing sophisticated tactics and exploiting vulnerabilities …
Summary: ESET researchers have analyzed the activities of the CosmicBeetle threat actor, focusing on its newly developed ScRansom ransomware and its connections to other ransomware groups, including LockBit and RansomHub. …
Short Summary:
Sekoia.io conducted a proactive hunt for typosquatted domains related to the Paris 2024 Olympics, identifying over 650 suspicious domains. The analysis revealed a significant number of domains aimed …
Summary: APT28, a Russian state-sponsored hacking group, has been implicated in a phishing campaign that involved creating a fake website mimicking the Kiel Institute for the World Economy to distribute …
ESET researchers have documented the activities of the CosmicBeetle threat actor, focusing on its newly developed ScRansom ransomware. This group has replaced its previous ransomware, Scarab, with ScRansom, …
Summary: The report discusses the growing trend of threat actors exploiting legitimate IT tools for malicious operations, termed CAMO (Commercial Applications, Malicious Operations), which allows them to bypass security measures …
Short Summary:
This article provides a comprehensive overview of North Korean threat groups under the Reconnaissance General Bureau (RGB) and their associated malware. It highlights the various operations these groups …
Short Summary:
The ToneShell backdoor, linked to Mustang Panda, targets government organizations in Southeast and East Asia for cyber espionage. Recently, it has been associated with an attack aimed at …
Summary: The Fog Ransomware group has expanded its targeting from education and recreation sectors to the financial services sector, successfully launching an attack that was mitigated by Adlumin’s advanced security …
Unit 42 researchers uncovered that the Chinese APT group, Stately Taurus, exploited Visual Studio Code in espionage operations targeting government entities in Southeast Asia. This novel technique involved …
“`html
1. Short SummaryThe article discusses the increasing threat activity associated with the Kimsuky group, particularly focusing on the Konni campaign. It highlights the use of legitimate cloud and …
Cyble Research and Intelligence Labs (CRIL) has identified an ongoing spear-phishing campaign by the Gamaredon APT group, targeting Ukrainian military personnel. The campaign utilizes malicious XHTML attachments that …
In June 2024, Zscaler ThreatLabz reported on BlindEagle, an APT actor targeting the Colombian insurance sector through phishing emails. The actor utilizes the BlotchyQuasar RAT to gain access …