Latest APT news

ScreenConnect flaws exploited to drop new ToddlerShark malware

The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark.
- Bill Toulas
- March 04, 2024
- 05:14 PM
- 0
OpenAI blocks state-sponsored hackers from using ChatGPT

OpenAI has removed accounts used by state-sponsored threat groups from Iran, North Korea, China, and Russia, that were abusing its artificial intelligence chatbot, ChatGPT.
- Bill Toulas
- February 15, 2024
- 10:56 AM
- 1
Turla hackers backdoor NGOs with new TinyTurla-NG malware

Security researchers have identified and analyzed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target's network and to steal sensitive data.
- Ionut Ilascu
- February 15, 2024
- 09:49 AM
- 0
New TetrisPhantom hackers steal data from secure USB drives on govt systems

A new sophisticated threat tracked as 'TetrisPhantom' has been using compromised secure USB drives to target government systems in the Asia-Pacific region.
- Bill Toulas
- October 22, 2023
- 11:18 AM
- 0
Discord still a hotbed of malware activity — Now APTs join the fun

Discord continues to be a breeding ground for malicious activity by hackers and now APT groups, with it commonly used to distribute malware, exfiltrate data, and targeted by threat actors to steal authentication tokens.
- Bill Toulas
- October 16, 2023
- 05:29 PM
- 4
China-linked cyberspies backdoor semiconductor firms with Cobalt Strike

Hackers engaging in cyber espionage have targeted Chinese-speaking semiconductor companies with TSMC-themed lures that infect them with Cobalt Strike beacons.
- Bill Toulas
- October 05, 2023
- 02:57 PM
- 0
New AtlasCross hackers use American Red Cross as phishing lure

A new APT hacking group named 'AtlasCross' targets organizations with phishing lures impersonating the American Red Cross to deliver backdoor malware.
- Bill Toulas
- September 26, 2023
- 11:35 AM
- 0
Evasive Gelsemium hackers spotted in attack against Asian govt

A stealthy advanced persistent threat (APT) tracked as Gelsemium was observed in attacks targeting a Southeast Asian government that spanned six months between 2022 and 2023.
- Bill Toulas
- September 23, 2023
- 11:09 AM
- 0
Carderbee hacking group hits Hong Kong orgs in supply chain attack

A previously unidentified APT hacking group named 'Carderbee' was observed attacking organizations in Hong Kong and other regions in Asia, using legitimate software to infect targets' computers with the PlugX malware.
- Bill Toulas
- August 22, 2023
- 06:00 AM
- 0
JumpCloud breach traced back to North Korean state hackers

US-based enterprise software company JumpCloud was breached by North Korean Lazarus Group hackers, according to security researchers at SentinelOne, CrowdStrike, and Mandiant.
- Sergiu Gatlan
- July 20, 2023
- 08:25 AM
- 0
JumpCloud discloses breach by state-backed APT hacking group

US-based enterprise software firm JumpCloud says a state-backed hacking group breached its systems almost one month ago as part of a highly targeted attack focused on a limited set of customers.
- Sergiu Gatlan
- July 17, 2023
- 09:20 AM
- 0
Rockwell warns of new APT RCE exploit targeting critical infrastructure

Rockwell Automation says a new remote code execution (RCE) exploit linked to an unnamed Advanced Persistent Threat (APT) group could be used to target unpatched ControlLogix communications modules commonly used in manufacturing, electric, oil and gas, and liquified natural gas industries.
- Sergiu Gatlan
- July 14, 2023
- 02:52 PM
- 0
Dark Pink hackers continue to target govt and military organizations

The Dark Pink APT hacking group continues to be very active in 2023, observed targeting government, military, and education organizations in Indonesia, Brunei, and Vietnam.
- Bill Toulas
- May 31, 2023
- 04:00 AM
- 0
GoldenJackal state hackers silently attacking govts since 2019

A relatively unknown advanced persistent threat (APT) group named 'GoldenJackal' has been targeting government and diplomatic entities in Asia since 2019 for espionage.
- Bill Toulas
- May 23, 2023
- 06:53 PM
- 0
Hackers infect TP-Link router firmware to attack EU entities

A Chinese state-sponsored hacking group named "Camaro Dragon" infects residential TP-Link routers with a custom "Horse Shell" malware used to attack European foreign affairs organizations.
- Bill Toulas
- May 16, 2023
- 12:25 PM
- 5
Stealthy MerDoor malware uncovered after five years of attacks

A new APT hacking group dubbed Lancefly uses a custom 'Merdoor' backdoor malware to target government, aviation, and telecommunication organizations in South and Southeast Asia.
- Bill Toulas
- May 15, 2023
- 01:28 PM
- 0
Hackers start using double DLL sideloading to evade detection

An APT hacking group known as "Dragon Breath," "Golden Eye Dog," or "APT-Q-27" is demonstrating a new trend of using several complex variations of the classic DLL sideloading technique to evade detection.
- Bill Toulas
- May 03, 2023
- 05:21 PM
- 0
Tencent QQ users hacked in mysterious malware attack, says ESET

The Chinese APT hacking group known as 'Evasive Panda' are behind a mysterious attack that distributed the MsgBot malware as part of an automatic update for the Tencent QQ messaging app.
- Bill Toulas
- April 26, 2023
- 02:16 PM
- 0
Newly exposed APT43 hacking group targeting US orgs since 2018

A new North Korean hacking group has been revealed to be targeting government organizations, academics, and think tanks in the United States, Europe, Japan, and South Korea for the past five years.
- Bill Toulas
- March 28, 2023
- 11:00 AM
- 0
'Bitter' espionage hackers target Chinese nuclear energy orgs

A cyberespionage hacking group tracked as 'Bitter APT' was recently seen targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware downloaders.
- Bill Toulas
- March 24, 2023
- 10:47 AM
- 0