APT

Pierluigi Paganini October 19, 2023
Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. The researchers reported that several cybercrime groups began exploiting the flaw in early 2023, when the […]

Pierluigi Paganini October 17, 2023
Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between May and September 2023. The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency Response Team (CERT-UA). According to public sources, the threat actors targeted ICS of at […]

Pierluigi Paganini October 13, 2023
Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia. Cybersecurity company Check Point uncovered a malicious activity, tracked as Stayin’ Alive, that is targeting high-profile government and telecom entities in Asian countries, including Vietnam, Uzbekistan, Pakistan, and Kazakhstan. The campaign has been active since at least 2021, threat actors employed downloaders […]

Pierluigi Paganini October 08, 2023
North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime

North Korea-linked APT group Lazarus has laundered $900 million worth of cryptocurrency, Elliptic researchers reported. Researchers from blockchain analytics firm Elliptic reported that threat actors has already laundered a record $7 billion through cross-chain crime.  The term “Cross-chain crime” is used to refer to the swapping of cryptoassets between different tokens or blockchains to launder […]

Pierluigi Paganini October 02, 2023
North Korea-linked Lazarus targeted a Spanish aerospace company

North Korea-linked APT group Lazarus impersonated Meta’s recruiters in an attack against a Spanish company in the Aerospace industry. ESET researchers linked the North Korea-linked Lazarus APT Group to a cyber attack targeting an unnamed Spanish aerospace firm. The cyberspies impersonated Meta’s recruiters to lure employees with trojanized coding challenges. The state-sponsored hackers deployed several tools, including […]

Pierluigi Paganini September 29, 2023
Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach

China-linked threat actors stole around 60,000 emails from U.S. State Department after breaching Microsoft’s Exchange email platform in May. China-linked hackers who breached Microsoft’s email platform in May have stolen tens of thousands of emails from U.S. State Department accounts, a Senate staffer told Reuters this week. During a briefing by U.S. State Department IT officials, […]

Pierluigi Paganini September 27, 2023
China-linked APT BlackTech was spotted hiding in Cisco router firmware

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries. US and Japanese intelligence, law enforcement and cybersecurity agencies warn of a China-linked APT, tracked as BlackTech (aka Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda), that planted backdoor in Cisco router firmware […]

Pierluigi Paganini September 25, 2023
Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023. Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government. The experts tracked the cluster as CL-STA-0046, the malicious activity spanned over six months between 2022-2023. The activity was characterized by the […]

Pierluigi Paganini September 22, 2023
Sandman APT targets telcos with LuaDream backdoor

A previously undocumented APT dubbed Sandman targets telecommunication service providers in the Middle East, Western Europe, and South Asia. A joint research conducted by SentinelLabs and QGroup GmbH revealed that a previously undetected APT group, dubbed Sandman, is targeting telecommunication service providers in the Middle East, Western Europe, and South Asia. The APT group is […]

Pierluigi Paganini September 19, 2023
ShroudedSnooper threat actors target telecom companies in the Middle East

ShroudedSnooper threat actors are targeting telecommunication service providers in the Middle East with a backdoor called HTTPSnoop. Cisco Talos researchers recently discovered a new stealthy implant dubbed HTTPSnoop that was employed in attacks against telecommunications providers in the Middle East. The HTTPSnoop backdoor supports novel techniques to interface with Windows HTTP kernel drivers and devices […]