APT Archives - Page 4 of 60 - Security Affairs

Pierluigi Paganini September 26, 2024

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

China-linked threat actors compromised some U.S. internet service providers (ISPs) as part of a cyber espionage campaign code-named Salt Typhoon. China-linked threat actors have breached several U.S. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. The state-sponsored hackers aimed at gathering intelligence from the targets or carrying […]

Pierluigi Paganini September 23, 2024

North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages

North Korea-linked APT group Gleaming Pisces is distributing a new malware called PondRAT through tainted Python packages. Unit 42 researchers uncovered an ongoing campaign distributing Linux and macOS malwar PondRAT through poisoned Python packages. The campaign is attributed to North Korea-linked threat actor Gleaming Pisces (also known as Citrine Sleet), who previously distributed the macOS […]

Pierluigi Paganini September 23, 2024

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

Suspected China-linked APT Earth Baxia targeted a government organization in Taiwan by exploiting a recently patched OSGeo GeoServer GeoTools flaw. Trend Micro researchers reported that China-linked APT group Earth Baxia has targeted a government organization in Taiwan and potentially other countries in the Asia-Pacific (APAC) region. The threat actor used spear-phishing emails and exploited the […]

Pierluigi Paganini September 20, 2024

UNC1860 provides Iran-linked APTs with access to Middle Eastern networks

Iran-linked APT group UNC1860 is operating as an initial access facilitator that provides remote access to Middle Eastern Networks. Mandiant researchers warn that an Iran-linked APT group, tracked as UNC1860, is operating as an initial access facilitator that provides remote access to target networks in the Middle East. UNC1860 is linked to Iran’s Ministry of […]

Pierluigi Paganini September 18, 2024

Experts warn of China-linked APT’s Raptor Train IoT Botnet

Researchers warn of a new IoT botnet called Raptor Train that already compromised over 200,000 devices worldwide. Cybersecurity researchers from Lumen’s Black Lotus Labs discovered a new botnet, named Raptor Train, composed of small office/home office (SOHO) and IoT devices. The experts believe the botnet is controlled by a Chine-linked APT group Flax Typhoon (also […]

Pierluigi Paganini August 29, 2024

Iran-linked group APT33 adds new Tickler malware to its arsenal

Iran-linked group APT33 used new Tickler malware in attacks against organizations in the government, defense, satellite, oil and gas sectors. Microsoft researchers reported that the Iran-linked cyberespionage group APT33 (aka Peach Sandstorm, Holmium, Elfin, Refined Kitten, and Magic Hound) used new custom multi-stage backdoor called Tickler to compromise organizations in sectors such as government, defense, satellite, oil, and gas […]

Pierluigi Paganini August 21, 2024

North Korea-linked APT used a new RAT called MoonPeak

North Korea-linked APT Kimsuky is likely behind a new remote access trojan called MoonPeak used in a recent campaign spotted by Cisco Talos. Cisco Talos researchers uncovered the infrastructure used by the North Korea-linked APT group tracked as UAT-5394, which experts suspect is linked to the Kimsuky APT group. The infrastructure includes staging, C2 servers, […]

Pierluigi Paganini August 19, 2024

Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT

Microsoft addressed a zero-day vulnerability actively exploited by the North-Korea-linked Lazarus APT group. Microsoft has addressed a zero-day vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), which has been exploited by the North Korea-linked Lazarus APT group. The vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), is a privilege escalation issue that resides in the Windows Ancillary Function Driver (AFD.sys) for […]

Pierluigi Paganini July 29, 2024

Belarus-linked APT Ghostwriter targeted Ukraine with PicassoLoader malware

Belarus-linked APT group GhostWriter targeted Ukrainian organizations with a malware family known as PicassoLoader, used to deliver various malicious payloads. The Ukrainian Government’s Computer Emergency Response Team (CERT-UA) reported a surge in activity associated with the APT group UAC-0057 (aka GhostWriter) group between July 12 and 18, 2024. Threat actors distributed documents containing macros designed […]

Pierluigi Paganini July 17, 2024

Void Banshee exploits CVE-2024-38112 zero-day to spread malware

Void Banshee APT group exploited the Windows zero-day CVE-2024-38112 to execute code via the disabled Internet Explorer. An APT group tracked as Void Banshee was spotted exploiting the Windows zero-day CVE-2024-38112 (CVSS score of 7.5) to execute code through the disabled Internet Explorer. The vulnerability is a Windows MSHTML Platform Spoofing Vulnerability. Successful exploitation of […]

APT

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages

Chinese APT Earth Baxia target APAC by exploiting GeoServer flaw

UNC1860 provides Iran-linked APTs with access to Middle Eastern networks

Experts warn of China-linked APT’s Raptor Train IoT Botnet

Iran-linked group APT33 adds new Tickler malware to its arsenal

North Korea-linked APT used a new RAT called MoonPeak

Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT

Belarus-linked APT Ghostwriter targeted Ukraine with PicassoLoader malware

Void Banshee exploits CVE-2024-38112 zero-day to spread malware

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Interlock ransomware group deploys new PHP-based RAT via FileFix

Global Louis Vuitton data breach impacts UK, South Korea, and Turkey

Experts uncover critical flaws in Kigen eSIM technology affecting billions

Spain awarded €12.3 million in contracts to Huawei

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

QUICK LINKS

APT

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!