Intelligence

Pierluigi Paganini September 18, 2023
German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals

The head of Germany’s foreign intelligence service warns of state-sponsored attacks aimed at liquefied natural gas (LNG) terminals in the country. Bruno Kahl, the President of the Bundesnachrichtendienst intelligence service since 2016, warned of state-sponsored attacks aimed at liquefied natural gas (LNG) terminals in the country. After the Russian invasion of Ukraine, the German government […]

Pierluigi Paganini September 08, 2023
North Korea-linked threat actors target cybersecurity experts with a zero-day

North Korea-linked threat actors associated with North Korea exploited a zero-day flaw in attacks against cybersecurity experts. North Korea-linked threat actors were observed exploiting a zero-day vulnerability in an unnamed software to target cybersecurity researchers. The attacks that took place in the past weeks were detected by researchers at Google’s Threat Analysis Group (TAG). “Recently, […]

Pierluigi Paganini September 07, 2023
Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Microsoft revealed that the Chinese group Storm-0558 stole a signing key used to breach government email accounts from a Windows crash dump. In July, Microsoft announced it had mitigated an attack conducted by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. Storm-0558 threat actors focus on government agencies in Western Europe and […]

Pierluigi Paganini August 21, 2023
New HiatusRAT campaign targets Taiwan and U.S. military procurement system

HiatusRAT malware operators resurfaced with a new wave of attacks targeting Taiwan-based organizations and a U.S. military procurement system. In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called “HiatusRAT” that infected over 100 edge networking devices globally. Threat actors leveraged edge routers, or “living on the edge” access, to passively collect […]

Pierluigi Paganini July 13, 2023
Chinese hackers compromised emails of U.S. Government agencies

Chinese hackers have compromised the emails of an unnamed US Federal Civilian Executive Branch (FCEB) agency. In Mid-June a malicious email activity was reported by an unnamed US Federal Civilian Executive Branch (FCEB) agency. Microsoft experts who investigated the suspicious activity discovered that China-linked threat actors have targeted the agency as part of a cyberespionage […]

Pierluigi Paganini July 08, 2023
Iran-linked APT TA453 targets Windows and macOS systems

Iran-linked APT group tracked TA453 has been linked to a new malware campaign targeting both Windows and macOS systems. The Iran-linked threat actor TA453 has been linked to a malware campaign that targets both Windows and macOS. TA453 is a nation-state actor that overlaps with activity tracked as Charming Kitten, PHOSPHORUS, and APT42. TA453 in May 2023 started […]

Pierluigi Paganini June 30, 2023
Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor

Iran-linked Charming Kitten group used an updated version of the PowerShell backdoor called POWERSTAR in a spear-phishing campaign. Security firm Volexity observed the Iran-linked Charming Kitten (aka APT35, Phosphorus, Newscaster, and Ajax Security Team) group using an updated version of the PowerShell backdoor POWERSTAR in a spear-phishing campaign. Iran-linked Charming Kitten group, (aka APT35, Phosphorus, Newscaster, and Ajax Security Team) made the headlines in 2014 when experts at iSight issued […]

Pierluigi Paganini June 09, 2023
Stealth Soldier backdoor used is targeted espionage attacks in Libya

Researchers detected a cyberespionage campaign in Libya that employs a new custom, modular backdoor dubbed Stealth Soldier. Experts at the Check Point Research team uncovered a series of highly-targeted espionage attacks in Libya that employ a new custom modular backdoor dubbed Stealth Soldier. Stealth Soldier is surveillance software that allows operators to spy on the victims […]

Pierluigi Paganini June 08, 2023
Experts detail a new Kimsuky social engineering campaign

North Korea-linked APT Kimsuky has been linked to a social engineering campaign aimed at experts in North Korean affairs. SentinelLabs researchers uncovered a social engineering campaign by the North Korea-linked APT group Kimsuky that is targeting experts in North Korean affairs. The attacks are part of a broader campaign recently detailed in a joint advisory published by […]

Pierluigi Paganini May 16, 2023
Lancefly APT uses powerful Merdoor backdoor in attacks on Asian orgs

The Lancefly APT group is using a custom powerful backdoor called Merdoor in attacks against organizations in South and Southeast Asia. Symantec researchers reported that the Lancefly APT group is using a custom-written backdoor in attacks targeting organizations in South and Southeast Asia, as part of a long-running campaign. The highly-targeted attacks aim at organizations […]