Pierluigi Paganini
December 13, 2024
The Russia-linked APT Gamaredon used two new Android spyware tools called BoneSpy and PlainGnome against former Soviet states. Lookout researchers linked the BoneSpy and PlainGnome Android surveillance families to the Russian APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, and ACTINIUM). These are the first known mobile malware families linked to the Russian APT. The cyberespionage group is behind a […]
Pierluigi Paganini
December 12, 2024
Russia-linked APT group Secret Blizzard is using Amadey Malware-as-a-Service to infect systems in Ukraine with the Kazuar backdoor. The Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) was spotted using the Amadey malware to deploy the KazuarV2 backdoor on devices in Ukraine. The experts observed threat actors using the Amadey bot malware between March and April 2024. Microsoft highlights […]
Pierluigi Paganini
December 11, 2024
An alleged China-linked APT group targeted large business-to-business IT service providers in Southern Europe as part of Operation Digital Eye campaign. Between late June and mid-July 2024, a China-linked threat actor targeted major IT service providers in Southern Europe in a campaign codenamed ‘Operation Digital Eye.’ Cyberspies aimed to establish footholds and compromise downstream entities […]
Pierluigi Paganini
December 05, 2024
Russia-linked APT group Secret Blizzard has used the tools and infrastructure of at least 6 other threat actors during the past 7 years. Researchers from Microsoft Threat Intelligence collected evidence that the Russia-linked ATP group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has used the tools and infrastructure of at least 6 other threat actors during the […]
Pierluigi Paganini
December 05, 2024
China-linked APT group Salt Typhoon has breached telecommunications companies in dozens of countries, US govt warns. President Biden’s deputy national security adviser Anne Neuberger said that China-linked APT group Salt Typhoon has breached telecommunications companies in dozens of countries. The Wall Street Journal reported that the senior White House official revealed that at least eight […]
Pierluigi Paganini
November 27, 2024
The Russian RomCom group exploited Firefox and Tor Browser zero-day vulnerabilities in attacks on users in Europe and North America. Russian-based cybercrime group RomCom (aka UAT-5647, Storm-0978, Tropical Scorpius, UAC-0180, UNC2596) exploited two Firefox and Tor Browser zero-day vulnerabilities in recent attacks on users across Europe and North America. The first zero-day exploited by the Russian group, is a use-after-free […]
Pierluigi Paganini
November 25, 2024
Russia-linked threat actors TAG-110 employed custom malware HATVIBE and CHERRYSPY to target organizations in Asia and Europe. Insikt Group researchers uncovered an ongoing cyber-espionage campaign by Russia-linked threat actor TAG-110 that employed custom malware tools HATVIBE and CHERRYSPY. The campaign primarily targeted government entities, human rights groups, and educational institutions in Central Asia, East Asia, […]
Pierluigi Paganini
November 25, 2024
A senior UK minister will warn that Russia is preparing cyberattacks against the UK and its allies to undermine support for Ukraine. Russia may launch cyberattacks against the UK and its allies in retaliation for their support of Ukraine, Chancellor of the Duchy of Lancaster Pat McFadden is expected to state during a NATO meeting. […]
Pierluigi Paganini
November 23, 2024
China-linked APT Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane in attacks targeting East and Southeast Asia. China-linked APT Gelsemium has deployed a previously unknown Linux backdoor, WolfsBane, in attacks targeting East and Southeast Asia, according to ESET. Victims include entities in Taiwan, the Philippines, and Singapore, as seen in VirusTotal samples from […]
Pierluigi Paganini
November 19, 2024
Chinese threat actors use custom post-exploitation toolkit ‘DeepData’ to exploit FortiClient VPN zero-day and steal credentials. Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. BrazenBamboo is known to be the author of other malware families, including LIGHTSPY, DEEPDATA, and DEEPPOST. DEEPDATA is a […]
Cyber Crime / November 19, 2025
Data Breach / November 19, 2025
