Skip to Content

BlueNoroff APT

Updated on 2022-12-28 Kaspersky has an analysis of recent MOTW bypass techniques used by the BlueNoroff North Korean APT in attacks since this September. This includes hiding malware inside ISO or VHD files and the use of Batch scripts and various LOLbins. Overview The financially motivated BlueNoroff group was found using a new malware strain …

Read More about BlueNoroff APT

SideWinder APT spear-phishing operations

Updated on 2022-12-16 QiAnXin reported on recent SideWinder APT spear-phishing operations Updated on July 2022: Sidewinder compromises Pakistani Air Force On a similar note, Check Point said it had “evidence suggesting that Pakistan Air Force’s Headquarters was a victim of a successful attack conducted by Sidewinder, a suspected India-based APT group.” The compromise allegedly took …

Read More about SideWinder APT spear-phishing operations

MirrorFace MirrorStealer Operation LiberalFace

Updated on 2022-12-15: Operation LiberalFace ESET has a report on a campaign launched by MirrorFace, a suspected Chinese APT, that targeted Japanese political entities a few weeks before the House of Councillors elections. Read more: Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities Overview The MirrorFace hacking group was found targeting Japanese politicians for weeks …

Read More about MirrorFace MirrorStealer Operation LiberalFace

MuddyWater Iranian APT

Updated on 2022-12-12: MuddyWater APT Deep Instinct researchers have a report out on a recent spear-phishing campaign carried out by the MuddyWater Iranian APT. This particular campaign was of note because of two things. First, the group used compromised corporate accounts to send out emails to their targets. Second, the final payload was Syncro, a …

Read More about MuddyWater Iranian APT

Fantasy Wiper Used in Attacks Against Diamond Industry and Others

Updated on 2022-12-07: Fantasy Wiper Used in Attacks Against Diamond Industry and Others While researchers at ESET were analyzing a supply chain attack affecting Israeli software developer, they detected a wiper being used by the Agrius APT group. The wiper, Fantasy, and its execution tool, known as Sandals, were used after Agrius gained access to …

Read More about Fantasy Wiper Used in Attacks Against Diamond Industry and Others

Blue Callisto TAG-53 APT

Updated on 2022-12-07: Callisto APT PwC’s threat intelligence team published a report last week on the spear-phishing operations carried out by Blue Callisto, a Russian cyber-espionage group, throughout 2022. PwC said the campaign focused on obtaining credentials from US and European government officials and organizations linked to national security matters. In addition, since Russia’s invasion …

Read More about Blue Callisto TAG-53 APT

BackdoorDiplomacy APT

Updated on 2022-12-07 Bitdefender says they’ve seen the BackdoorDiplomacy Chinese APT group targeting entities in the Middle East. The attacks, which started in August 2021, exploited the ProxyShell vulnerability to compromise Exchange servers with the IRAFAU and Quarian backdoors and various open-source proxy and remote access tools. Read more: BackdoorDiplomacy Wields New Tools in Fresh …

Read More about BackdoorDiplomacy APT

Iranian SiameseKitten Lyceum APT group

Updated on 2022-11-29 Chinese security firm QiAnXin has published a report on the Lyceum APT, reviewing recent spear-phishing and malware delivery TTPs, most of which have used military-themed lures for distribution. Read more: 瞄准能源企业:Lyceum组织以军事热点事件为诱饵针对中东地区的定向攻击 Overview ClearSky said it discovered new malware associated with the Iranian SiameseKitten (Lyceum) group. The malware is dropped by a PDF …

Read More about Iranian SiameseKitten Lyceum APT group

Log4j library still vulnerable to the Log4Shell exploit

Updated on 2022-12-29 The Log4Shell vulnerability remains a big threat to organizations even after a year since it received security patches. It is found that around 40% of software continues to use vulnerable versions of Apache Log4j. Read more: Lessons Learned: The Log4J Vulnerability 12 Months On Updated on 2022-12-12: Log4Shell one-year anniversary Happy birthday …

Read More about Log4j library still vulnerable to the Log4Shell exploit

Billbug targeting an unnamed authority

Updated on 2022-11-21: China-backed hackers targeted certificate authority Chinese government-backed hackers have been caught targeting an unnamed authority, per Symantec. The threat group it calls Billbug also targeted government defense agencies, a satellite communications operator, and three different telecom companies. Read more: Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries State-sponsored …

Read More about Billbug targeting an unnamed authority

Iridium/Sandworm APT – New Sandworm ransomware strain named RansomBoggs

Updated on 2022-12-06 Microsoft warned against Russian cyberattacks targeting NATO allies and Ukrainian infrastructure throughout the winter, especially by the Sandworm APT gang. Read more: Microsoft warns of Russian cyberattacks throughout the winter Russia has intensified its hybrid war against Ukraine – targeting civilians. Here’s what we anticipate Russia’s cyber and influence operations might look …

Read More about Iridium/Sandworm APT – New Sandworm ransomware strain named RansomBoggs

Worok APT

Updated on 2022-11-11 Avast researchers have published their own analysis on the tools used by Worok, a relatively new APT first documented in an ESET report this September, linked to attacks that targeted energy companies in Central Asia and public sector entities in Southeast Asia. Read more: PNG Steganography Hides Backdoor Worok: The big picture …

Read More about Worok APT
Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.