Cyberespionage Archives - Page 4 of 20

Pierluigi Paganini March 31, 2023

Russian APT group Winter Vivern targets email portals of NATO and diplomats

Russian hacking group Winter Vivern has been actively exploiting Zimbra flaws to steal the emails of NATO and diplomats. A Russian hacking group, tracked as Winter Vivern (aka TA473), has been actively exploiting vulnerabilities (CVE-2022-27926) in unpatched Zimbra instances to gain access to the emails of NATO officials, governments, military personnel, and diplomats. The CVE-2022-27926 […]

Pierluigi Paganini March 26, 2023

Microsoft shares guidance for investigating attacks exploiting CVE-2023-23397

Microsoft is warning of cyber attacks exploiting a recently patched Outlook vulnerability tracked as CVE-2023-23397 (CVSS score: 9.8). Microsoft published guidance for investigating attacks exploiting recently patched Outlook vulnerability tracked as CVE-2023-23397. The flaw is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass. A remote, unauthenticated attacker can exploit the flaw to […]

Pierluigi Paganini March 15, 2023

Russia-linked APT29 abuses EU information exchange systems in recent attacks

Russia-linked APT29 group abused the legitimate information exchange systems used by European countries to target government entities. Russia-linked APT29 (aka SVR group, Cozy Bear, Nobelium, and The Dukes) was spotted abusing the legitimate information exchange systems used by European countries in attacks aimed at governments. In early March, BlackBerry researchers uncovered a new cyber espionage campaign aimed at EU […]

Pierluigi Paganini March 15, 2023

YoroTrooper APT group targets CIS countries and embassies

A new APT group, dubbed YoroTrooper, has been targeting government and energy organizations across Europe, experts warn. Cisco Talos researchers uncovered a new cyber espionage group targeting CIS countries, embassies and EU health care agency since at least June 2022. The APT group focuses on government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other Commonwealth […]

Pierluigi Paganini December 11, 2022

MuddyWater APT group is back with updated TTPs

The Iran-linked MuddyWater APT is targeting countries in the Middle East as well as Central and West Asia in a new campaign. Deep Instinct’s Threat Research team uncovered a new campaign conducted by the MuddyWater APT (aka SeedWorm, TEMP.Zagros, and Static Kitten) that was targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and United Arab Emirates. The […]

Pierluigi Paganini November 02, 2022

SandStrike, a previously undocumented Android malware targets a Persian-speaking religion minority

Threat actors are using previously undocumented Android spyware, dubbed SandStrike, to spy on a Persian-speaking religion minority. In Q3 2022, Kaspersky researchers uncovered a previously undocumented Android spyware, dubbed SandStrike, employed in an espionage campaign targeting the Persian-speaking religion minority, Baháʼí. The threat actors were distributing a VPN app embedding a highly sophisticated spyware. The […]

Pierluigi Paganini October 14, 2022

WIP19, a new Chinese APT targets IT Service Providers and Telcos

Chinese-speaking threat actor, tracked as WIP19, is targeting telecommunications and IT service providers in the Middle East and Asia. SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications and IT service providers in the Middle East and Asia. The experts believe the group operated for cyber espionage purposes and is […]

Pierluigi Paganini September 10, 2022

China-Linked BRONZE PRESIDENT APT targets Government officials worldwide

China-linked BRONZE PRESIDENT group is targeting government officials in Europe, the Middle East, and South America with PlugX malware. Secureworks researchers reported that China-linked APT group BRONZE PRESIDENT conducted a new campaign aimed at government officials in Europe, the Middle East, and South America with the PlugX malware. Attacks part of this campaign were spotted […]

Pierluigi Paganini September 08, 2022

North Korea-linked Lazarus APT targets energy providers around the world

North Korea-linked Lazarus APT group is targeting energy providers around the world, including organizations in the US, Canada, and Japan. Talos researchers tracked a campaign, orchestrated by North Korea-linked Lazarus APT group, aimed at energy providers around the world, including organizations in the US, Canada, and Japan. The campaign was observed between February and July 2022. The attacks […]

Pierluigi Paganini September 06, 2022

China accuses the US of cyberattacks

China accuses the United States of conducting tens of thousands of cyberattacks on its country, including cyberespionage campaigns. The Government of Beijing accused the United States of launching tens of thousands of cyberattacks on China. The attacks aimed at stealing sensitive data from government entities and universities. In the past, the US Government has accused […]

Cyberespionage

Russian APT group Winter Vivern targets email portals of NATO and diplomats

Microsoft shares guidance for investigating attacks exploiting CVE-2023-23397

Russia-linked APT29 abuses EU information exchange systems in recent attacks

YoroTrooper APT group targets CIS countries and embassies

MuddyWater APT group is back with updated TTPs

SandStrike, a previously undocumented Android malware targets a Persian-speaking religion minority

WIP19, a new Chinese APT targets IT Service Providers and Telcos

China-Linked BRONZE PRESIDENT APT targets Government officials worldwide

North Korea-linked Lazarus APT targets energy providers around the world

China accuses the US of cyberattacks

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Belk hit by May cyberattack: DragonForce stole 150GB of data

North Korea-linked actors spread XORIndex malware via 67 malicious npm packages

FBI seized multiple piracy sites distributing pirated video games

An attacker using a $500 radio setup could potentially trigger train brake failures or derailments from a distance

Interlock ransomware group deploys new PHP-based RAT via FileFix

QUICK LINKS

Cyberespionage

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!