Intelligence

Pierluigi Paganini July 15, 2023
Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise

Ukraine’s Computer Emergency Response Team (CERT-UA) states that Russia-linked APT Gamaredon starts stealing data 30 minutes after the initial compromise. Ukraine’s Computer Emergency Response Team (CERT-UA) is warning that the Russia-linked APT group Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) use to steal data from victims’ networks in less than an hour after the initial compromise. Gamaredon has […]

Pierluigi Paganini July 13, 2023
Chinese hackers compromised emails of U.S. Government agencies

Chinese hackers have compromised the emails of an unnamed US Federal Civilian Executive Branch (FCEB) agency. In Mid-June a malicious email activity was reported by an unnamed US Federal Civilian Executive Branch (FCEB) agency. Microsoft experts who investigated the suspicious activity discovered that China-linked threat actors have targeted the agency as part of a cyberespionage […]

Pierluigi Paganini July 12, 2023
Microsoft mitigated an attack by Chinese threat actor Storm-0558

Microsoft announced it has mitigated a cyber attack by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. Microsoft announced it has mitigated an attack conducted by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. Storm-0558 threat actors focus on government agencies in Western Europe and were observed conducting cyberespionage, […]

Pierluigi Paganini July 10, 2023
RomCom RAT attackers target groups supporting NATO membership of Ukraine

Threat actors are targeting NATO and groups supporting Ukraine in a spear-phishing campaign distributing the RomCom RAT. On July 4, the BlackBerry Threat Research and Intelligence team uncovered a spear phishing campaign aimed at an organization supporting Ukraine abroad. The researchers discovered two lure documents submitted from an IP address in Hungary, both targeting upcoming NATO Summit guests who […]

Pierluigi Paganini July 08, 2023
Iran-linked APT TA453 targets Windows and macOS systems

Iran-linked APT group tracked TA453 has been linked to a new malware campaign targeting both Windows and macOS systems. The Iran-linked threat actor TA453 has been linked to a malware campaign that targets both Windows and macOS. TA453 is a nation-state actor that overlaps with activity tracked as Charming Kitten, PHOSPHORUS, and APT42. TA453 in May 2023 started […]

Pierluigi Paganini July 03, 2023
SmugX: Chinese APT uses HTML smuggling to target European Ministries and embassies

China-linked APT group was spotted using HTML smuggling in attacks aimed at Foreign Affairs ministries and embassies in Europe. A China-linked APT group was observed using HTML smuggling in attacks against Foreign Affairs ministries and embassies in Europe, reports the cybersecurity firm Check Point. The researchers tracked the campaign as SmugX and reported that it […]

Pierluigi Paganini June 30, 2023
Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor

Iran-linked Charming Kitten group used an updated version of the PowerShell backdoor called POWERSTAR in a spear-phishing campaign. Security firm Volexity observed the Iran-linked Charming Kitten (aka APT35, Phosphorus, Newscaster, and Ajax Security Team) group using an updated version of the PowerShell backdoor POWERSTAR in a spear-phishing campaign. Iran-linked Charming Kitten group, (aka APT35, Phosphorus, Newscaster, and Ajax Security Team) made the headlines in 2014 when experts at iSight issued […]

Pierluigi Paganini June 30, 2023
North Korea-linked Andariel APT used a new malware named EarlyRat last year

North Korea-linked cyberespionage group Andariel used a previously undocumented malware called EarlyRat. Kaspersky researchers reported that the North Korea-linked APT group Andariel used a previously undocumented malware dubbed EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year. The Andariel APT (aka Stonefly) has been active since at least 2015, it was involved in several attacks attributed to the North Korean government. The […]

Pierluigi Paganini June 26, 2023
China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

China-linked APT group VANGUARD PANDA, aka Volt Typhoon, was spotted observing a novel tradecraft to gain initial access to target networks. CrowdStrike researchers observed the China-linked APT group VANGUARD PANDA, aka Volt Typhoon, using a novel tradecraft to gain initial access to target networks. The Volt Typhoon group has been active since at least mid-2021 […]

Pierluigi Paganini June 24, 2023
Someone is sending mysterious smartwatches to the US Military personnel

U.S. Army’s Criminal Investigation Division warns that US military personnel have reported receiving unsolicited smartwatches in the mail. The U.S. Army’s Criminal Investigation Division reported that service members across the military received smartwatches unsolicited in the mail. Upon using these smartwatches, the devices automatically connected to Wi-Fi and began connecting to cell phones unprompted, gaining access to a huge quantity of […]