Pierluigi Paganini
April 25, 2025
The North Korea-linked Lazarus Group targeted at least six firms in South Korea in a cyber espionage campaign called Operation SyncHole. Kaspersky researchers reported that the North Korea-linked APT group Lazarus targeted at least six firms in South Korea in a cyber espionage campaign tracked as Operation SyncHole. The campaign has been active since at […]
Pierluigi Paganini
April 21, 2025
Researchers spotted a new North Korea-linked group Kimsuky ‘s campaign, exploiting a patched Microsoft Remote Desktop Services flaw to gain initial access. While investigating a security breach, the AhnLab SEcurity intelligence Center (ASEC) researchers discovered a North Korea-linked group Kimsuky ‘s campaign, tracked as Larva-24005. Attackers exploited an RDP vulnerability to gain initial access to […]
Pierluigi Paganini
April 21, 2025
Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER. Check Point Research team reported that Russia-linked cyberespionage group APT29 (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) is behind a sophisticated phishing campaign targeting European diplomatic entities, using a new WINELOADER variant and a previously unknown malware called GRAPELOADER. “While the […]
Pierluigi Paganini
April 17, 2025
China-linked APT group Mustang Panda deployed a new custom backdoor, MQsTTang, in recent attacks targeting Europe, Asia, and Australia. China-linked APT group Mustang Panda (aka Camaro Dragon, RedDelta or Bronze President). deployed a new custom backdoor, tracked as MQsTTang, in recent attacks targeting entities in Europe, Asia, and Australia. Mustang Panda has been active since […]
Pierluigi Paganini
April 13, 2025
China admitted in a secret meeting with U.S. officials that it conducted Volt Typhoon cyberattacks on U.S. infrastructure, WSJ reports. China reportedly admitted in a secret meeting with U.S. officials that it carried out cyberattacks on U.S. infrastructure, linked to the Volt Typhoon campaign. According to the Wall Street Journal, at a December Geneva summit, […]
Pierluigi Paganini
April 11, 2025
Gamaredon targeted a foreign military mission in Ukraine with updated GammaSteel malware on Feb 26, 2025, per Symantec. Symantec Threat Hunter researchers reported that the Russia-linked APT group Gamaredon (a.k.a. Shuckworm, Armageddon, Primitive Bear, ACTINIUM, Callisto) targeted a foreign military mission based in Ukraine with an updated version of the GamaSteel infostealer. Shuckworm is known for targeting government, […]
Pierluigi Paganini
April 10, 2025
At least one APT group has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security measures. Kaspersky researchers reported that an APT group, tracked as ToddyCat, has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security. The vulnerability, tracked as CVE-2024-11859, is a DLL Search Order Hijacking issue that potentially allow […]
Pierluigi Paganini
April 03, 2025
Ivanti addressed a critical remote code execution flaw in Connect Secure, which has been exploited since at least mid-March 2025. Ivanti released security updates to address a critical Connect Secure remote code execution vulnerability tracked as CVE-2025-22457. The vulnerability has been exploited by a China-linked threat actor since at least mid-March 2025. Ivanti did not disclose […]
Pierluigi Paganini
March 24, 2025
China-linked APT Weaver Ant infiltrated the network of a telecommunications services provider for over four years. The China-linked threat actor Weaver Ant infiltrated the network of a telecom provider in Asia for over four years. During a forensic investigation, Sygnia researchers observed multiple alerts that revealed a re-enabled threat actor account by a service account […]
Pierluigi Paganini
March 23, 2025
Cisco Talos found UAT-5918, active since 2023, using web shells and open-source tools for persistence, info theft, and credential harvesting. Cisco Talos uncovered UAT-5918, an info-stealing threat actor active since 2023, using web shells and open-source tools for persistence and credential theft. The APT UAT-5918 targets Taiwan, exploiting N-day vulnerabilities in unpatched servers for long-term […]
