Search.AI.Wiki

Category: APT

JumpCloud revealed it was hit by a sophisticated attack by a nation-state actor

Software firm JumpCloud announced it was the victim of a sophisticated cyber attack carried out by a nation-state actor.

JumpCloud is a cloud-based directory service platform designed to manage user identities, devices, and applications in a seamless and secure manner. …

Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise

Ukraine’s Computer Emergency Response Team (CERT-UA) states that Russia-linked APT Gamaredon starts stealing data 30 minutes after the initial compromise.

Ukraine’s Computer Emergency Response Team (CERT-UA) is warning that the Russia-linked APT group Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, …

Microsoft mitigated an attack by Chinese threat actor Storm-0558

Microsoft announced it has mitigated a cyber attack by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails.

Microsoft announced it has mitigated an attack conducted by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. …

SmugX: Chinese APT uses HTML smuggling to target European Ministries and embassies

China-linked APT group was spotted using HTML smuggling in attacks aimed at Foreign Affairs ministries and embassies in Europe.

A China-linked APT group was observed using HTML smuggling in attacks against Foreign Affairs ministries and embassies in Europe, reports the …

Experts detected a new variant of North Korea-linked RUSTBUCKET macOS malware

Researchers spotted a new version of the RustBucket Apple macOS malware that supports enhanced capabilities.

Researchers from the Elastic Security Labs have spotted a new variant of the RustBucket Apple macOS malware.

In April, the security firm Jamf observed the …

Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor

Iran-linked Charming Kitten group used an updated version of the PowerShell backdoor called POWERSTAR in a spear-phishing campaign.

Security firm Volexity observed the Iran-linked Charming Kitten (aka APT35, Phosphorus, Newscaster, and Ajax Security Team) group using an updated version of …

North Korea-linked Andariel APT used a new malware named EarlyRat last year

North Korea-linked cyberespionage group Andariel used a previously undocumented malware called EarlyRat.

Kaspersky researchers reported that the North Korea-linked APT group Andariel used a previously undocumented malware dubbed EarlyRat in attacks exploiting the Log4j Log4Shell vulnerability last year.

The Andariel APT …

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

China-linked APT group VANGUARD PANDA, aka Volt Typhoon, was spotted observing a novel tradecraft to gain initial access to target networks.

CrowdStrike researchers observed the China-linked APT group VANGUARD PANDA, aka Volt Typhoon, using a novel tradecraft to gain initial …

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

China-linked APT group VANGUARD PANDA, aka Volt Typhoon, was spotted observing a novel tradecraft to gain initial access to target networks.

CrowdStrike researchers observed the China-linked APT group VANGUARD PANDA, aka Volt Typhoon, using a novel tradecraft to gain initial …

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Russia-linked APT28 group hacked into Roundcube email servers belonging to multiple Ukrainian organizations.

A joint investigation conducted by Ukraine’s Computer Emergency Response Team (CERT-UA) and Recorded Future revealed that the Russia-linked APT28 group hacked into Roundcube email servers belonging to …

Barracuda ESG zero-day exploited by China-linked APT

Experts linked the UNC4841 threat actor behind the attacks exploiting the recently patched Barracuda ESG zero-day to China.

Mandiant researchers linked the threat actor UNC4841 behind the attacks that exploited the recently patched Barracuda ESG zero-day vulnerability to China.

“Through

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Russia-linked APT group Gamaredon is using a new toolset in attacks aimed at critical organizations in Ukraine.

The Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) continues to carry out attacks against entities in Ukraine, including security services, military, and government …

Microsoft links Cadet Blizzard APT to Russia’s military intelligence GRU

Microsoft linked a series of wiping attacks to a Russia-linked APT group, tracked as Cadet Blizzard, that is under the control of the GRU.

Microsoft attributes the operations carried out by the Russia-linked APT group tracked as Cadet Blizzard to …

China-linked APT UNC3886 used VMware ESXi Zero-Day

A China-linked APT group tracked as UNC3886 has been spotted exploiting a VMware ESXi zero-day vulnerability.

Mandiant researchers observed a China-linked cyberespionage group, tracked as UNC3886, exploiting a VMware ESXi zero-day vulnerability tracked as CVE-2023-20867.

“VMware Tools contains an Authentication

Stealth Soldier backdoor used is targeted espionage attacks in Libya

Researchers detected a cyberespionage campaign in Libya that employs a new custom, modular backdoor dubbed Stealth Soldier.

Experts at the Check Point Research team uncovered a series of highly-targeted espionage attacks in Libya that employ a new custom modular backdoor …

Experts detail a new Kimsuky social engineering campaign

North Korea-linked APT Kimsuky has been linked to a social engineering campaign aimed at experts in North Korean affairs.

SentinelLabs researchers uncovered a social engineering campaign by the North Korea-linked APT group Kimsuky that is targeting experts in North Korean …

New PowerDrop malware targets U.S. aerospace defense industry

A previously unknown threat actor has been observed targeting the U.S. aerospace defense sector with a new PowerShell malware dubbed PowerDrop.

Researchers from the Adlumin Threat Research discovered a new malicious PowerShell script, dubbed PowerDrop, that was employed in attacks …

Kimsuky APT poses as journalists and broadcast writers in its attacks

North Korea-linked APT group Kimsuky is posing as journalists to gather intelligence, a joint advisory from NSA and FBI warns.

A joint advisory from the FBI, the U.S. Department of State, the National Security Agency (NSA), South Korea’s National Intelligence …

Operation Triangulation: previously undetected malware targets iOS devices

A previously undocumented APT group targets iOS devices with zero-click exploits as part of a long-running campaign dubbed Operation Triangulation.

Researchers from the Russian firm Kaspersky have uncovered a previously unknown APT group that is targeting iOS devices with zero-click …
文 » A