Search.AI.Wiki

Category: Intelligence

Microsoft links Cadet Blizzard APT to Russia’s military intelligence GRU

Microsoft linked a series of wiping attacks to a Russia-linked APT group, tracked as Cadet Blizzard, that is under the control of the GRU.

Microsoft attributes the operations carried out by the Russia-linked APT group tracked as Cadet Blizzard to …

China-linked APT UNC3886 used VMware ESXi Zero-Day

A China-linked APT group tracked as UNC3886 has been spotted exploiting a VMware ESXi zero-day vulnerability.

Mandiant researchers observed a China-linked cyberespionage group, tracked as UNC3886, exploiting a VMware ESXi zero-day vulnerability tracked as CVE-2023-20867.

“VMware Tools contains an Authentication

Stealth Soldier backdoor used is targeted espionage attacks in Libya

Researchers detected a cyberespionage campaign in Libya that employs a new custom, modular backdoor dubbed Stealth Soldier.

Experts at the Check Point Research team uncovered a series of highly-targeted espionage attacks in Libya that employ a new custom modular backdoor …

Experts detail a new Kimsuky social engineering campaign

North Korea-linked APT Kimsuky has been linked to a social engineering campaign aimed at experts in North Korean affairs.

SentinelLabs researchers uncovered a social engineering campaign by the North Korea-linked APT group Kimsuky that is targeting experts in North Korean …

Kimsuky APT poses as journalists and broadcast writers in its attacks

North Korea-linked APT group Kimsuky is posing as journalists to gather intelligence, a joint advisory from NSA and FBI warns.

A joint advisory from the FBI, the U.S. Department of State, the National Security Agency (NSA), South Korea’s National Intelligence …

Russia’s FSB blames the US intelligence for Operation Triangulation

Russia’s intelligence Federal Security Service (FSB) said that the recent attacks against iPhones with a zero-click iOS exploit as part of Operation Triangulation were carried out by US intelligence.

Researchers from the Russian firm Kaspersky have uncovered a previously unknown …

The US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea

The US Department of the Treasury sanctioned four entities and one individual for their role in cyber operations conducted by North Korea.

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against four entities and …

Ukraine’s CERT-UA warns of espionage activity conducted by UAC-0063

The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a cyberespionage campaign targeting state bodies in the country.

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting state bodies in the country as part …

The previously undocumented GoldenJackal APT targets Middle East, South Asia entities

A previously undocumented APT group tracked as GoldenJackal has been targeting government and diplomatic entities in the Middle East and South Asia since 2019.

Kaspersky researchers shared details about the activity of a previously undocumented APT group, tracked as GoldenJackal, …

A deeper insight into the CloudWizard APT’s activity revealed a long-running activity

Experts warn of a threat actor, tracked as CloudWizard APT, that is targeting organizations involved in the region of the Russo-Ukrainian conflict.

On March 2023, researchers from Kaspersky spotted a previously unknown APT group, tracked as Bad Magic (aka Red …

China-linked APT Mustang Panda targets TP-Link routers with a custom firmware implant

China-linked APT group Mustang Panda employed a custom firmware implant targeting TP-Link routers in targeted attacks since January 2023.

Since January 2023, Check Point Research monitored a series of targeted attacks aimed at European foreign affairs entities that have been …

Lancefly APT uses powerful Merdoor backdoor in attacks on Asian orgs

The Lancefly APT group is using a custom powerful backdoor called Merdoor in attacks against organizations in South and Southeast Asia.

Symantec researchers reported that the Lancefly APT group is using a custom-written backdoor in attacks targeting organizations in South …

North Korea-linked APT breached the Seoul National University Hospital

The Korean National Police Agency (KNPA) warns that a North Korea-linked APT group had breached the Seoul National University Hospital (SNUH).

The Korean National Police Agency (KNPA) revealed that a North Korea-linked APT group has breached one of the largest …

DownEx cyberespionage operation targets Central Asia

A new sophisticated malware strain, dubbed DownEx, was involved in attacks aimed at Government organizations in Central Asia.

In late 2022, Bitdefender Labs researchers first observed a highly targeted cyberattack targeting foreign government institutions in Kazakhstan that involved a new sophisticated strain …

US disrupts Russia-linked Snake implant’s network

The US government announced to have disrupted the peer-to-peer (P2P) network of computers compromised by the Snake malware.

The Snake implant is one of the most sophisticated implants used by Russia-linked threat actors for cyberespionage purposes. The malware has been …

North Korea-linked Kimsuky APT uses new recon tool ReconShark

North Korea-linked APT group Kimsuky has been observed using a new reconnaissance tool dubbed ReconShark in a recent campaign.

SentinelOne researchers observed an ongoing campaign from North Korea-linked Kimsuky Group that is using a new malware called ReconShark.

The reconnaissance …

North Korea-linked ScarCruft APT uses large LNK files in infection chains

North Korea-linked ScarCruft APT group started using oversized LNK files to deliver the RokRAT malware starting in early July 2022.

Check Point researchers reported that the infection chains observed in the attacks attributed to North Korea-linked ScarCruft APT group (aka …

Russian APT Nomadic Octopus hacked Tajikistani carrier

Russian APT group Nomadic Octopus hacked a Tajikistani carrier to spy on government officials and public service infrastructures.

Russian cyber espionage group Nomadic Octopus (aka DustSquad) has hacked a Tajikistani telecoms provider to spy on 18 entities, including high-ranking government …

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

China-linked threat actor tracked as Alloy Taurus is using a Linux variant of the PingPull backdoor and a new tool dubbed Sword2033.

Researchers from Palo Alto Networks Unit 42 recently observed the China-linked Alloy Taurus group  (aka GALLIUM, Softcell) targeting …

A component in Huawei network appliances could be used to take down Germany’s telecoms networks

German government warns that technology to regulate power consumption in Huawei network appliances could be used for sabotage purposes. 

In March, the interior ministry announced it was conducting an audit on the network appliance from Chinese telecoms giants Huawei and …
文 » A