APT – Page 5 – Search.AI.Wiki

New PowerExchange Backdoor linked to an Iranian APT group

An alleged Iran-linked APT group targeted an organization linked to the United Arab Emirates (U.A.E.) with the new PowerExchange backdoor.

Researchers from the Fortinet FortiGuard Labs observed an attack targeting a government entity in the United Arab Emirates with a …

China-linked APT Volt Typhoon targets critical infrastructure organizations

A China-linked APT group, tracked as Volt Typhoon, breached critical infrastructure organizations in the U.S. and Guam without being detected.

China-linked APT cyber espionage group Volt Typhoon infiltrated critical infrastructure organizations in the U.S. and Guam without being detected. The …

North Korea-linked Lazarus APT targets Microsoft IIS servers to deploy malware

North Korea-linked APT group Lazarus actor has been targeting vulnerable Microsoft IIS servers to deploy malware.

AhnLab Security Emergency response Center (ASEC) researchers reported that the Lazarus APT Group is targeting vulnerable versions of Microsoft IIS servers in a recent …

Iran-linked Tortoiseshell APT behind watering hole attacks on shipping and logistics Israeli websites

Iran-linked threat actor Tortoiseshell targeted shipping, logistics, and financial services companies in Israel with watering hole attacks.

ClearSky Cyber Security uncovered a watering hole attack on at least eight Israeli websites belonging to shipping, logistics, and financial services companies and …

Ukraine’s CERT-UA warns of espionage activity conducted by UAC-0063

The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a cyberespionage campaign targeting state bodies in the country.

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting state bodies in the country as part …

The previously undocumented GoldenJackal APT targets Middle East, South Asia entities

A previously undocumented APT group tracked as GoldenJackal has been targeting government and diplomatic entities in the Middle East and South Asia since 2019.

Kaspersky researchers shared details about the activity of a previously undocumented APT group, tracked as GoldenJackal, …

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Experts warn of a threat actor, tracked as CloudWizard APT, that is targeting organizations involved in the region of the Russo-Ukrainian conflict.

On March 2023, researchers from Kaspersky spotted a previously unknown APT group, tracked as Bad Magic (aka Red …

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023.

Since January 2023, Check Point Research monitored a series of targeted attacks aimed at European foreign affairs entities that have been …

Lancefly APT uses powerful Merdoor backdoor in attacks on Asian orgs

The Lancefly APT group is using a custom powerful backdoor called Merdoor in attacks against organizations in South and Southeast Asia.

Symantec researchers reported that the Lancefly APT group is using a custom-written backdoor in attacks targeting organizations in South …

North Korea-linked APT breached the Seoul National University Hospital

The Korean National Police Agency (KNPA) warns that a North Korea-linked APT group had breached the Seoul National University Hospital (SNUH).

The Korean National Police Agency (KNPA) revealed that a North Korea-linked APT group has breached one of the largest …

How one of Vladimir Putin’s most prized hacking units got pwned by the FBI

Enlarge (credit: Getty Images)

FBI officials on Tuesday dropped a major bombshell: After spending years monitoring exceptionally stealthy malware that one of the Kremlin’s most advanced hacker units had installed on hundreds of computers around the world, agents unloaded a

…

US disrupts Russia-linked Snake implant’s network

The US government announced to have disrupted the peer-to-peer (P2P) network of computers compromised by the Snake malware.

The Snake implant is one of the most sophisticated implants used by Russia-linked threat actors for cyberespionage purposes. The malware has been …

Iran-linked APT groups started exploiting Papercut flaw

Microsoft warns of Iran-linked APT groups that are targeting vulnerable PaperCut MF/NG print management servers.

Microsoft warns that Iran-linked APT groups have been observed exploiting the CVE-2023-27350 flaw in attacks against PaperCut MF/NG print management servers.

The CVE-2023-27350 flaw is …

Dragon Breath APT uses double-dip DLL sideloading strategy

An APT group tracked as Dragon Breath has been observed employing a new DLL sideloading technique.

Sophos researchers observed an APT group, tracked as Dragon Breath (aka APT-Q-27 and Golden Eye), that is using a new DLL sideloading technique that …

North Korea-linked Kimsuky APT uses new recon tool ReconShark

North Korea-linked APT group Kimsuky has been observed using a new reconnaissance tool dubbed ReconShark in a recent campaign.

SentinelOne researchers observed an ongoing campaign from North Korea-linked Kimsuky Group that is using a new malware called ReconShark.

The reconnaissance …

Russia-linked Sandworm APT uses WinRAR in destructive attacks on Ukraine’s public sector

CERT-UA is warning of destructive cyberattacks conducted by the Russia-linked Sandworm APT group against the Ukraine public sector.

Russia-linked APT group Sandworm is behind destructive cyberattacks against Ukrainian state networks, the Ukrainian Government Computer Emergency Response Team (CERT-UA) warns.

The …

North Korea-linked ScarCruft APT uses large LNK files in infection chains

North Korea-linked ScarCruft APT group started using oversized LNK files to deliver the RokRAT malware starting in early July 2022.

Check Point researchers reported that the infection chains observed in the attacks attributed to North Korea-linked ScarCruft APT group (aka …

Russian APT Nomadic Octopus hacked Tajikistani carrier

Russian APT group Nomadic Octopus hacked a Tajikistani carrier to spy on government officials and public service infrastructures.

Russian cyber espionage group Nomadic Octopus (aka DustSquad) has hacked a Tajikistani telecoms provider to spy on 18 entities, including high-ranking government …

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides.

Russia-linked APT28 group is targeting Ukrainian government bodies with fake ‘Windows Update’ guides, Computer Emergency Response Team of Ukraine (CERT-UA) warns. …

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., Europe, the Middle East and India.

Iran-linked Charming Kitten group, (aka APT35, Phosphorus, Newscaster, and Ajax Security Team) made the headlines in …