APT Archives - Page 6 of 60 - Security Affairs

Pierluigi Paganini March 25, 2024

Iran-Linked APT TA450 embeds malicious links in PDF attachments

In recent campaigns, Iran-linked APT group MuddyWater used a legitimate Remote Monitoring and Management (RMM) solution called Atera. Proofpoint researchers observed the Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, TA450, and Static Kitten) was behind a new phishing campaign in March 2024 that attempted to drop a legitimate Remote Monitoring and Management (RMM) solution called Atera on the target systems. […]

Pierluigi Paganini February 22, 2024

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

China-linked APT group Mustang Panda targeted various Asian countries with a variant of the PlugX (aka Korplug) backdoor dubbed DOPLUGS. Trend Micro researchers uncovered a cyberespionage campaign, carried out by China-linked APT group Mustang Panda, targeting Asian countries, including Taiwan, Vietnam, and Malaysia. Mustang Panda has been active since at least 2012, it targeted American and European entities such […]

Pierluigi Paganini February 19, 2024

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

An APT group, tracked as TAG-70, linked to Belarus and Russia exploited XSS flaws in Roundcube webmail servers to target over 80 organizations. Researchers from Recorded Future’s Insikt Group identified a cyberespionage campaign carried out by an APT group, tracked as TAG-70, linked to Belarus and Russia. The nation-state actors are known to carry out […]

Pierluigi Paganini February 08, 2024

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

China-linked APT Volt Typhoon infiltrated a critical infrastructure network in the US and remained undetected for at least five years. US CISA, the NSA, the FBI, along with partner Five Eyes agencies, published a joint advisory to warn that China-linked APT Volt Typhoon infiltrated a critical infrastructure network in the US and remained undetected for […]

Pierluigi Paganini February 07, 2024

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

China-linked APT group breached the Dutch Ministry of Defence last year and installed malware on compromised systems. Dutch Military Intelligence and Security Service (MIVD) and the General Intelligence and Security Service (AIVD) published a joint report warning that a China-linked APT group breached the Dutch Ministry of Defence last year. The effects of the attack were limited because […]

Pierluigi Paganini January 26, 2024

Russian Midnight Blizzard APT is targeting orgs worldwide, Microsoft warns

Microsoft revealed that Russia-linked APT Midnight Blizzard has been targeting organizations worldwide in a cyberespionage campaign. Microsoft announced that the Russia-linked APT Midnight Blizzard that hit the company in late November 2023 has been targeting organizations worldwide as part of a large-scale cyberespionage campaign. The IT giant also confirmed that is currently notifying impacted organizations. […]

Pierluigi Paganini January 18, 2024

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Google warns that the Russia-linked threat actor COLDRIVER expands its targeting and is developing a custom malware. The ColdRiver APT (aka “Seaborgium“, “Callisto”, “Star Blizzard”, “TA446”) is a Russian cyberespionage group that has been targeting government officials, military personnel, journalists and think tanks since at least 2015. In the past, the group’s activity involved persistent phishing […]

Pierluigi Paganini January 07, 2024

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Sea Turtle cyber espionage group targeted telco, media, ISPs, IT service providers, and Kurdish websites in the Netherlands. Researchers from Dutch security firm Hunt & Hackett observed Sea Turtle cyber espionage group (aka Teal Kurma, Marbled Dust, SILICON and Cosmic Wolf) targeting telco, media, ISPs, IT service providers, and Kurdish websites in the Netherlands. The […]

Pierluigi Paganini January 05, 2024

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

Ukrainian authorities revealed that Russia-linked APT Sandworm had been inside telecom giant Kyivstar at least since May 2023. Russia-linked APT group Sandworm was inside Ukrainian telecoms giant Kyivstar from at least May 2023, the head of Ukraine’s Security Service of Ukraine’s (SBU) told Reuters. “This attack is a big message, a big warning, not only to […]

Pierluigi Paganini December 25, 2023

Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

Microsoft reports that the Iran-linked APT33 group is targeting defense contractors worldwide with FalseFont backdoor. Microsoft says the APT33 (aka Peach Sandstorm, Holmium, Elfin, and Magic Hound) Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack against organizations in the Defense Industrial Base (DIB) sector. “Microsoft has observed the Iranian nation-state actor Peach Sandstorm attempting to […]

APT

Iran-Linked APT TA450 embeds malicious links in PDF attachments

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Russian Midnight Blizzard APT is targeting orgs worldwide, Microsoft warns

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

CERT-UA warns of UAC-0099 phishing attacks targeting Ukraine’s defense sector

Over 100 Dell models exposed to critical ControlVault3 firmware bugs

How CTEM Boosts Visibility and Shrinks Attack Surfaces in Hybrid and Cloud Environments

WhatsApp cracks down on 6.8M scam accounts in global takedown

Trend Micro fixes two actively exploited Apex One RCE flaws

QUICK LINKS

APT

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!