Browsing tag
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting state bodies in the country as part of an espionage campaign. The intrusion set, attributed to a threat actor tracked by the authority as UAC-0063 since 2021, leverages phishing lures to deploy a variety of malicious tools on infected systems. The […]
The U.S. government on Tuesday announced the court-authorized disruption of a global network compromised by an advanced malware strain known as Snake wielded by Russia’s Federal Security Service (FSB). Snake, dubbed the “most sophisticated cyber espionage tool,” is the handiwork of a Russian state-sponsored group called Turla (aka Iron Hunter, Secret Blizzard, SUMMIT, Uroburos, Venomous […]
Three different threat actors leveraged hundreds of elaborate fictitious personas on Facebook and Instagram to target individuals located in South Asia as part of disparate attacks. “Each of these APTs relied heavily on social engineering to trick people into clicking on malicious links, downloading malware or sharing personal information across the internet,” Guy Rosen, chief […]
A Chinese state-sponsored hacking outfit has resurfaced with a new campaign targeting government, healthcare, technology, and manufacturing entities based in Taiwan, Thailand, the Philippines, and Fiji after more than six months of no activity. Trend Micro attributed the intrusion set to a cyber espionage group it tracks under the name Earth Longzhi, which is a […]
A little-known Russian-speaking cyber-espionage group has been linked to a new politically-motivated surveillance campaign targeting high-ranking government officials, telecom services, and public service infrastructures in Tajikistan. The intrusion set, dubbed Paperbug by Swiss cybersecurity company PRODAFT, has been attributed to a threat actor known as Nomadic Octopus (aka DustSquad). “The types of compromised machines range […]
The advanced persistent threat (APT) group referred to as Evasive Panda has been observed targeting an international non-governmental organization (NGO) in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ. The attack chains are designed to distribute a Windows installer for MgBot malware, ESET security researcher Facundo Muñoz said in […]
The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. “The group is known for using a variety of sophisticated attack techniques, including custom malware, social engineering tactics, and spear-phishing attacks,” ThreatMon said in […]
U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against select targets. The intrusions, per the authorities, took place in 2021 and targeted a small number of entities in Europe, U.S. government institutions, and about 250 Ukrainian […]
The advanced persistent threat (APT) actor known as Winter Vivern is now targeting officials in Europe and the U.S. as part of an ongoing cyber espionage campaign. “TA473 since at least February 2023 has continuously leveraged an unpatched Zimbra vulnerability in publicly facing webmail portals that allows them to gain access to the email mailboxes […]
A new North Korean nation-state cyber operator has been attributed to a series of campaigns orchestrated to gather strategic intelligence that aligns with Pyongyang’s geopolitical interests since 2018. Google-owned Mandiant, which is tracking the activity cluster under the moniker APT43, said the group’s motives are both espionage- and financially-motivated, leveraging techniques like credential harvesting and […]
The advanced persistent threat known as Winter Vivern has been linked to campaigns targeting government officials in India, Lithuania, Slovakia, and the Vatican since 2021. The activity targeted Polish government agencies, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign Affairs, and individuals within the Indian government, SentinelOne said in a report shared […]
The cyber espionage threat actor tracked as Earth Kitsune has been observed deploying a new backdoor called WhiskerSpy as part of a social engineering campaign. Earth Kitsune, active since at least 2019, is known to primarily target individuals interested in North Korea with self-developed malware such as dneSpy and agfSpy. Previously documented intrusions have entailed […]
Telecommunication service providers in the Middle East are being targeted by a previously undocumented threat actor as part of a suspected intelligence gathering mission. Cybersecurity firms SentinelOne and QGroup are tracking the activity cluster under the former’s work-in-progress moniker WIP26. “WIP26 relies heavily on public cloud infrastructure in an attempt to evade detection by making […]
State-backed hackers from North Korea are conducting ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities, U.S. and South Korean cybersecurity and intelligence agencies warned in a joint advisory. The attacks, which demand cryptocurrency ransoms in exchange for recovering access to encrypted files, are designed to support North Korea’s national-level priorities and […]
A Russia-linked threat actor has been observed deploying a new information-stealing malware in cyber attacks targeting Ukraine. Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group known as Nodaria, which is tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0056. “The malware is written in Go and […]
The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data. “The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers,” Trend Micro […]
The State Cyber Protection Centre (SCPC) of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country. The advanced persistent threat, also known as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and UAC-0010, has a track […]
The cyber espionage group known as Bahamut has been attributed as behind a highly targeted campaign that infects users of Android devices with malicious apps designed to extract sensitive information. The activity, which has been active since January 2022, entails distributing rogue VPN apps through a fake SecureVPN website set up for this purpose, Slovak […]
A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor’s infection chain. Czech cybersecurity firm Avast said the purpose of the PNG files is to conceal a payload that’s used to facilitate information theft. “What is noteworthy is data […]
A threat actor tracked under the moniker Webworm has been linked to bespoke Windows-based remote access trojans, some of which are said to be in pre-deployment or testing phases. “The group has developed customized versions of three older remote access trojans (RATs), including Trochilus RAT, Gh0st RAT, and 9002 RAT,” the Symantec Threat Hunter team, […]
A months-long cyber espionage campaign undertaken by a Chinese nation-state group targeted several entities with reconnaissance malware so as to glean information about its victims and meet its strategic goals. “The targets of this recent campaign spanned Australia, Malaysia, and Europe, as well as entities that operate in the South China Sea,” enterprise security firm […]