APT

Pierluigi Paganini April 15, 2020
Russia-linked Energetic Bear APT behind San Francisco airport attacks

Security researchers from ESET revealed that the infamous Russian hacker group known as Energetic Bear is behind the hack of two San Francisco International Airport (SFO) websites. Researchers from ESET believe that the attacks against two San Francisco International Airport (SFO) websites were carried out by the Russian cyber-espionage group known as Energetic Bear (aka […]

Pierluigi Paganini April 06, 2020
DarkHotel APT uses VPN zero-day in attacks on Chinese government agencies

DarkHotel nation-state actor is exploiting a VPN zero-day to breach Chinese government agencies in Beijing and Shanghai Chinese security-firm Qihoo 360 has uncovered a hacking campaign conducted by a DarkHotel APT group (APT-C-06) aimed at Chinese government agencies in Beijing and Shanghai. State-sponsored hackers used a zero-day vulnerability in Sangfor SSL VPN servers to gain access […]

Pierluigi Paganini March 31, 2020
FBI warns of nation-state actors using the Kwampirs malware

For the third time in a few weeks, the FBI has issued an alert about supply chain attacks carried out by nation-state actors using the Kwampirs malware. The FBI has issued an alert about supply chain attacks using the Kwampirs malware as part of a hacking campaign carried out on a global scale by state-sponsored […]

Pierluigi Paganini March 29, 2020
FIN7 hackers target enterprises with weaponized USB drives via USPS

The FIN7 APT group has been targeting businesses with malicious USB drives and Teddy Bears sent to the victims, the FBI warns. The FBI is warning of a new wave of attacks carried out by the FIN7 APT group that is sending to the victims devices acting as a keyboard (HID Emulator USB) when plugged […]

Pierluigi Paganini March 27, 2020
New financially motivated attacks in Western Europe traced to Russian-speaking threat actors

Researchers at Group-IB observed new financially motivated attacks in Western Europe traced to Russian-speaking threat actors. Group-IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has detected successful attacks in Western Europe carried out in late January 2020 traced to Russian-speaking threat actors. At least two companies operating in pharmaceutical and manufacturing sectors have […]

Pierluigi Paganini March 25, 2020
China-linked APT41 group exploits Citrix, Cisco, Zoho flaws

The China-linked group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and ManageEngine in a campaign on a global scale. The China-linked cyberespionage group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and Zoho ManageEngine in a campaign on a global scale. The campaign was uncovered by FireEye, threat actor targeted many organizations worldwide the […]

Pierluigi Paganini March 24, 2020
WildPressure, a new APT group targets the Middle East’s industrial sector

Security experts from Kaspersky Lab have uncovered the activity of a new threat actor, tracked as WildPressure, targeting the industrial sector in the Middle East. The WildPressure was spotted for the first time in August 2019 when researchers detected a never-before-seen malware that has no similarities with other samples analyzed by the experts. “In August […]

Pierluigi Paganini March 20, 2020
Russia-linked APT28 has been scanning vulnerable email servers in the last year

Experts warn of scanning activity conducted by Russia-linked APT28 cyberespionage group, hackers are searching for vulnerable mail servers. According to security researchers from Trend Micro, the Russia-linked APT28 cyberespionage group has been scanning vulnerable email servers for more than a year. The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) has been active since at least 2007 and it has […]

Pierluigi Paganini March 19, 2020
Is APT27 Abusing COVID-19 To Attack People ?!

Security researcher Marco Ramilli analyzed a new Coronavirus (COVID-19)-themed attack gathering evidence of the alleged involvement of an APT group. Scenario We are living hard time, many countries all around the world are hit by COVID-19 which happened to be a very dangerous disease. Unfortunately many deaths, thousands of infected people, few breathing equipment, stock […]

Pierluigi Paganini March 13, 2020
State-sponsored hackers are launching Coronavirus-themed attacks

In the last weeks, security experts reported many Coronavirus-themed attacks carried out by cybercrime gangs, now experts warn of similar attacks from nation–state actors. Recently security experts reported many Coronavirus-themed attacks carried out by cybercrime gangs, but now experts are warning of similar attacks launched by nation-state actors. State-sponsored hackers from Russia, China, and North […]