APT

Pierluigi Paganini May 17, 2024
Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Russia-linked Turla APT allegedly used two new backdoors, named Lunar malware and LunarMail, to target European government agencies. ESET researchers discovered two previously unknown backdoors named LunarWeb and LunarMail that were exploited to breach European ministry of foreign affairs. The two backdoors are designed to carry out a long-term compromise in the target network, data […]

Pierluigi Paganini May 17, 2024
North Korea-linked Kimsuky APT attack targets victims via Messenger

North Korea-linked Kimsuky APT group employs rogue Facebook accounts to target victims via Messenger and deliver malware. Researchers at Genius Security Center (GSC) identified a new attack strategy by the North Korea-linked Kimsuky APT group and collaborated with the Korea Internet & Security Agency (KISA) for analysis and response. The nation-state actor attack used a fake account […]

Pierluigi Paganini May 10, 2024
Russia-linked APT28 targets government Polish institutions

CERT Polska warns of a large-scale malware campaign against Polish government institutions conducted by Russia-linked APT28. CERT Polska and CSIRT MON teams issued a warning about a large-scale malware campaign targeting Polish government institutions, allegedly orchestrated by the Russia-linked APT28 group. The attribution of the attacks to the Russian APT is based on similarities with […]

Pierluigi Paganini May 07, 2024
MITRE attributes the recent attack to China-linked UNC5221

MITRE published more details on the recent security breach, including a timeline of the attack and attribution evidence. MITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the attacker’s activities. In April 2024, MITRE disclosed a security breach in one of its research […]

Pierluigi Paganini May 05, 2024
NATO and the EU formally condemned Russia-linked APT28 cyber espionage

NATO and the European Union formally condemned cyber espionage operations carried out by the Russia-linked APT28 against European countries. NATO and the European Union condemned cyber espionage operations carried out by the Russia-linked threat actor APT28 (aka “Forest Blizzard”, “Fancybear” or “Strontium”) against European countries. This week the German Federal Government condemned in the strongest […]

Pierluigi Paganini May 03, 2024
Russia-linked APT28 and crooks are still using the Moobot botnet

The Ubiquiti EdgeRouter botnet is still used by Russia-linked group APT28 and cybercriminals organizations. Trend Micro researchers reported that the EdgeRouter botnet, called Moobot, used by the APT28 group is still active and is also used by cyber criminal organizations. In January, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and […]

Pierluigi Paganini May 01, 2024
Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

The China-linked threat actors Muddling Meerkat are manipulating DNS to probe networks globally since 2019. Infoblox researchers observed China-linked threat actors Muddling Meerkat using sophisticated DNS activities since 2019 to bypass traditional security measures and probe networks worldwide. The experts noticed a spike in activity observed in September 2023. The threat actors appear to have the capability […]

Pierluigi Paganini April 24, 2024
Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November 2023 to breach government networks. Cisco Talos warned that the nation-state actor UAT4356 (aka STORM-1849) has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. […]

Pierluigi Paganini April 23, 2024
North Korea-linked APT groups target South Korean defense contractors

The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities. The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting defense industry entities to steal defense technology information. North Korea-linked APT groups Lazarus, Andariel, and Kimsuky hacked multiple defense companies in South […]

Pierluigi Paganini April 22, 2024
Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler service flaw. Microsoft reported that the Russia-linked APT28 group (aka “Forest Blizzard”, “Fancybear” or “Strontium” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028. Since at least June 2020, and possibly earlier, the cyberespionage […]