Search.AI.Wiki

Category: APT

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

France National Agency for the Security of Information Systems warns that the Russia-linked APT28 group has breached several critical networks.

The French National Agency for the Security of Information Systems ANSSI (Agence Nationale de la sécurité des systèmes d’information) warns …

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Russia-linked threat actor Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software.

Russian APT group Winter Vivern (aka TA473) has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023.

ESET researchers …

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

North Korea-linked threat actors are actively exploiting a critical vulnerability CVE-2023-42793 in JetBrains TeamCity.

Microsoft warns that North Korea-linked threat actors are actively exploiting a critical security vulnerability, tracked as CVE-2023-42793 (CVSS score: 9.8), in JetBrains TeamCity.

CVE-2023-42793 is an …

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR.

Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. The …

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR.

Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. The …

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Russia-linked APT group Sandworm has hacked eleven telecommunication service providers in Ukraine between since May 2023.

The Russia-linked APT group Sandworm (UAC-0165) has compromised eleven telecommunication service providers in Ukraine between May and September 2023, reported the Ukraine’s Computer Emergency …

Stayin’ Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

A cyberespionage campaign, tracked as Stayin’ Alive, targeted high-profile government and telecom entities in Asia.

Cybersecurity company Check Point uncovered a malicious activity, tracked as Stayin’ Alive, that is targeting high-profile government and telecom entities in Asian countries, including …

North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime

North Korea-linked APT group Lazarus has laundered $900 million worth of cryptocurrency, Elliptic researchers reported.

Researchers from blockchain analytics firm Elliptic reported that threat actors has already laundered a record $7 billion through cross-chain crime. 

The term “Cross-chain crime” is …

Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach

China-linked threat actors stole around 60,000 emails from U.S. State Department after breaching Microsoft’s Exchange email platform in May.

China-linked hackers who breached Microsoft’s email platform in May have stolen tens of thousands of emails from U.S. State Department accounts, …

China-linked APT BlackTech was spotted hiding in Cisco router firmware

US and Japanese authorities warn that a China-linked APT BlackTech planted backdoor in Cisco router firmware to hack the businesses in both countries.

US and Japanese intelligence, law enforcement and cybersecurity agencies warn of a China-linked APT, tracked as BlackTech …

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023.

Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government.

The experts tracked the cluster as CL-STA-0046, …

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

A stealthy APT group tracked as Gelsemium was observed targeting a Southeast Asian government between 2022 and 2023.

Palo Alto Unit42 researchers an APT group tracked as Gelsemium targeting a Southeast Asian government.

The experts tracked the cluster as CL-STA-0046, …

Sandman APT targets telcos with LuaDream backdoor

A previously undocumented APT dubbed Sandman targets telecommunication service providers in the Middle East, Western Europe, and South Asia.

A joint research conducted by SentinelLabs and QGroup GmbH revealed that a previously undetected APT group, dubbed Sandman, is targeting telecommunication …

ShroudedSnooper threat actors target telecom companies in the Middle East

ShroudedSnooper threat actors are targeting telecommunication service providers in the Middle East with a backdoor called HTTPSnoop.

Cisco Talos researchers recently discovered a new stealthy implant dubbed HTTPSnoop that was employed in attacks against telecommunications providers in the Middle East.…

Earth Lusca expands its arsenal with SprySOCKS Linux malware

China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign.

Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca, discovered an encrypted file hosted on a …

North Korea’s Lazarus APT stole almost $240 million in crypto assets since June

The North Korea-linked APT group Lazarus has stolen more than $240 million worth of cryptocurrency since June 2023, researchers warn.

According to a report published by blockchain cyber security firm Elliptic, in the past 104 days, the North Korea-linked APT …

Iranian Peach Sandstorm group behind recent password spray attacks

Iran-linked Peach Sandstorm APT is behind password spray attacks against thousands of organizations globally between February and July 2023.

Microsoft researchers observed a series of password spray attacks conducted by Iran nation-state actors as part of a campaign named Peach …

Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor

Iran-linked APT group Charming Kitten used a previously undocumented backdoor named Sponsor in attacks against entities in Brazil, Israel, and the U.A.E.

ESET researchers observed a series of attacks, conducted by the Iran-linked APT group Charming Kitten (aka Ballistic Bobcat …

Meta disrupted two influence campaigns from China and Russia

Meta disrupted two influence campaigns orchestrated by China and Russia, the company blocked thousands of accounts and pages.

Meta announced it has taken down two of the largest known covert influence operations originating from China and Russia.

The social network …
文 » A