Intelligence

Pierluigi Paganini November 15, 2022
China-linked APT Billbug breached a certificate authority in Asia

A suspected China-linked APT group breached a digital certificate authority in Asia as part of a campaign aimed at government agencies since March 2022. State-sponsored actors compromised a digital certificate authority in a country in Asia as part of a cyber espionage campaign aimed at multiple government agencies in the region, Symantec warns. Symantec attributes […]

Pierluigi Paganini November 15, 2022
Previously undetected Earth Longzhi APT group is a subgroup of APT41

Trend Micro reported that the Earth Longzhi group, a previously undocumented subgroup of APT41, targets Ukraine and Asian Countries. Early this year, Trend Micro investigated a security breach suffered by a company in Taiwan. Threat actors employed a custom Cobalt Strike loader in the attack. Further analysis, revealed that the same threat actor targeted multiple regions […]

Pierluigi Paganini November 15, 2022
Avast details Worok espionage group’s compromise chain

Cyber espionage group Worok abuses Dropbox API to exfiltrate data via using a backdoor hidden in apparently innocuous image files. Researchers from cybersecurity firm Avast observed the recently discovered espionage group Worok abusing Dropbox API to exfiltrate data via using a backdoor hidden in apparently innocuous image files. The experts started their investigation from the analysis published […]

Pierluigi Paganini November 11, 2022
Long-running surveillance campaigns target Uyghurs with BadBazaar and MOONSHINE spyware

Lookout researchers discovered two long-running surveillance campaigns targeting the ethnic minority Uyghurs. Researchers from mobile security firm Lookout uncovered two long-running surveillance campaigns targeting the Uyghurs minority. The threat actors behind the campaigns used two Android spyware to spy on the victims and steal sensitive information. The campaigns involved a new piece of malware called […]

Pierluigi Paganini November 10, 2022
APT29 abused the Windows Credential Roaming in an attack against a diplomatic entity

Russia-linked APT29 cyberespionage group exploited a Windows feature called Credential Roaming to target a European diplomatic entity. Mandiant researchers in early 2022 responded to an incident where the Russia-linked APT29 group (aka SVR group, Cozy Bear, Nobelium, and The Dukes) successfully phished a European diplomatic entity. The attack stands out for the use of the Windows Credential […]

Pierluigi Paganini November 02, 2022
SandStrike, a previously undocumented Android malware targets a Persian-speaking religion minority

Threat actors are using previously undocumented Android spyware, dubbed SandStrike, to spy on a Persian-speaking religion minority. In Q3 2022, Kaspersky researchers uncovered a previously undocumented Android spyware, dubbed SandStrike, employed in an espionage campaign targeting the Persian-speaking religion minority, BahĂĄÊŒĂ­. The threat actors were distributing a VPN app embedding a highly sophisticated spyware. The […]

Pierluigi Paganini October 30, 2022
Former British Prime Minister Liz Truss ‘s phone was allegedly hacked by Russian spies

According to the Daily Mail, Former British Prime Minister Liz Truss ‘s personal phone was hacked by Russian spies. The personal mobile phone of British Prime Minister Liz Truss was hacked by cyber spies suspected of working for the Kremlin, the Daily Mail reported. According to the British tabloid, the cyber-spies are believed to have […]

Pierluigi Paganini October 18, 2022
China-linked APT41 group targets Hong Kong with Spyder Loader

China-linked threat actors APT41 (a.k.a. Winnti) targeted organizations in Hong Kong, in some cases remaining undetected for a year. Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that is a likely continuation of the Operation CuckooBees activity detailed by Cybereason in May. Winnti (aka APT41, Axiom, Barium, Blackfly) is a cyberespionage […]

Pierluigi Paganini October 14, 2022
WIP19, a new Chinese APT targets IT Service Providers and Telcos

Chinese-speaking threat actor, tracked as WIP19, is targeting telecommunications and IT service providers in the Middle East and Asia. SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications and IT service providers in the Middle East and Asia. The experts believe the group operated for cyber espionage purposes and is […]

Pierluigi Paganini October 10, 2022
The head of the Federal Cyber Security Authority (BSI) faces dismissal

The German Interior Minister wants to dismiss the head of the Federal Cyber Security Authority (BSI), Arne Schoenbohm, due to possible contacts with Russian security services. German Interior Minister Nancy Faeser wants to dismiss the head of the Federal Cyber Security Authority (BSI), Arne Schoenbohm, due to possible contact with people involved with Russian security […]