APT Archives - Page 90 of 114

Pierluigi Paganini November 16, 2018

Cybaze ZLab- Yoroi team spotted a new variant of the APT28 Lojax rootkit

Malware researchers at the Cybaze ZLab- Yoroi team spotted a new variant of the dangerous APT28 Lojax rootkit. A new variant of the infamous APT28 Lojax (aka Double-Agent) has been discovered by the Cybaze ZLab – Yoroi team. It is the latest version of the well-known rootkit Double-Agent, previously analyzed by ESET researchers. The behavior of […]

Pierluigi Paganini November 15, 2018

Chinese TEMP.Periscope cyberespionage group was using TTPs associated with Russian APTs

Chinese TEMP.Periscope cyberespionage group targeted a UK-based engineering company using TTPs associated with Russia-linked APT groups. Attribution of cyber attacks is always a hard task, in many cases attackers use false flags to masquerade their identities. Chinese hackers have targeted a UK-based engineering company using techniques and artifacts attributed to the Russia-linked APT groups Dragonfly and […]

Pierluigi Paganini November 14, 2018

Cyber espionage group used CVE-2018-8589 Windows Zero-Day in Middle East Attacks

Kaspersky revealed that the CVE-2018-8589 Windows 0-day fixed by Microsoft Nov. 2018 Patch Tuesday has been exploited by at least one APT group in attacks in the Middle East. Kaspersky Lab experts revealed that the CVE-2018-8589 Windows zero-day vulnerability addressed by Microsoft November 2018 Patch Tuesday has been exploited by an APT group in targeted attacks against entities in the Middle East. Kaspersky […]

Pierluigi Paganini November 13, 2018

Operation Shaheen – Pakistan Air Force members targeted by nation-state attackers

Security firm Cylance has uncovered a sophisticated state-sponsored campaign, tracked as Operation Shaheen, against the Pakistan Air Force. According to the experts the campaign was carried out by a nation-state actor tracked as the White Company with access to zero-day exploits and exploit developers. “The preliminary findings detail one of the group’s recent campaigns, a year-long espionage effort […]

Pierluigi Paganini November 11, 2018

CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in the wild

Experts at Volexity discovered that a recently patched remote code execution flaw (CVE-2018-15961) affecting the Adobe ColdFusion has been exploited in the wild. Security experts from Volexity reported that attackers in the wild are exploiting a recently patched remote code execution vulnerability affecting the Adobe ColdFusion. The flaw, tracked as CVE-2018-15961, is an unrestricted file upload vulnerability, successful exploitation could lead to […]

Pierluigi Paganini November 10, 2018

Symantec shared details of North Korean Lazarus’s FastCash Trojan used to hack banks

North Korea-linked Lazarus Group has been using FastCash Trojan to compromise AIX servers to empty tens of millions of dollars from ATMs. Security experts from Symantec have discovered a malware, tracked as FastCash Trojan, that was used by the Lazarus APT Group, in a string of attacks against ATMs. The ATP group has been using this malware […]

Pierluigi Paganini October 19, 2018

Attackers behind Operation Oceansalt reuse code from Chinese Comment Crew

Security researchers from McAfee have recently uncovered a cyber espionage campaign, tracked as Operation Oceansalt, targeting South Korea, the United States, and Canada. The threat actors behind Operation Oceansalt are reusing malware previously associated with China-linked cyberespionage group APT1. “McAfee Advanced Threat Research and Anti-Malware Operations teams have discovered another unknown data reconnaissance implant targeting Korean-speaking users.” reads the report. “We […]

Pierluigi Paganini October 18, 2018

GreyEnergy cyberespionage group targets Poland and Ukraine

Security researchers from ESET published a detailed analysis of a recently discovered cyber espionage group tracked as GreyEnergy. Security experts from ESET published a detailed analysis of a recently discovered threat actor tracked as GreyEnergy, its activity emerged in concurrence with BlackEnergy operations. ESET researchers have spotted a new strain of malware tracked as Exaramel […]

Pierluigi Paganini October 16, 2018

Russia-linked APT group DustSquad targets diplomatic entities in Central Asia

Kaspersky experts published a detailed analysis of the attacks conducted by the Russian-linked cyber espionage group DustSquad. Earlier October, security experts from ESET shared details about the operations of a cyber espionage group tracked as Nomadic Octopus, a threat actor focused on diplomatic entities in Central Asia. The group has been active since at least 2015, ESET researchers presented […]

Pierluigi Paganini October 15, 2018

Russia-linked BlackEnergy backed new cyber attacks on Ukraine’s state bodies

The Security Service of Ukraine (SBU) uncovered a new targeted attack launched by BlackEnergy APT on the IT systems of Ukrainian government entities. The Security Service of Ukraine (SBU) uncovered a new targeted attack on the information and telecommunication systems of Ukrainian government entities. The SBU attributed the attack to the BlackEnergy Russia-linked APT group. “The […]

APT

Cybaze ZLab- Yoroi team spotted a new variant of the APT28 Lojax rootkit

Chinese TEMP.Periscope cyberespionage group was using TTPs associated with Russian APTs

Cyber espionage group used CVE-2018-8589 Windows Zero-Day in Middle East Attacks

Operation Shaheen – Pakistan Air Force members targeted by nation-state attackers

CVE-2018-15961: Adobe ColdFusion Flaw exploited in attacks in the wild

Symantec shared details of North Korean Lazarus’s FastCash Trojan used to hack banks

Attackers behind Operation Oceansalt reuse code from Chinese Comment Crew

GreyEnergy cyberespionage group targets Poland and Ukraine

Russia-linked APT group DustSquad targets diplomatic entities in Central Asia

Russia-linked BlackEnergy backed new cyber attacks on Ukraine’s state bodies

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Global Louis Vuitton data breach impacts UK, South Korea, and Turkey

Experts uncover critical flaws in Kigen eSIM technology affecting billions

Spain awarded €12.3 million in contracts to Huawei

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

Wing FTP Server flaw actively exploited shortly after technical details were made public

QUICK LINKS

APT

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!