Latest APT news

Winter Vivern APT hackers use fake antivirus scans to install malware

An advanced hacking group named 'Winter Vivern' targets European government organizations and telecommunication service providers to conduct espionage.
- Bill Toulas
- March 16, 2023
- 06:00 AM
- 0
New malware variant has “radio silence” mode to evade detection

The Sharp Panda cyber-espionage hacking group was observed targeting high-profile government entities in Vietnam, Thailand, and Indonesia, using a new version of the 'Soul' malware framework.
- Bill Toulas
- March 07, 2023
- 05:49 PM
- 2
Chinese hackers use new custom backdoor to evade detection

The Chinese cyber espionage hacking group Mustang Panda was seen deploying a new custom backdoor named 'MQsTTang' in attacks starting this year.
- Bill Toulas
- March 02, 2023
- 03:09 PM
- 0
Iron Tiger hackers create Linux version of their custom malware

The APT27 hacking group, aka "Iron Tiger," has prepared a new Linux version of its SysUpdate custom remote access malware, allowing the Chinese cyberespionage group to target more services used in the enterprise.
- Bill Toulas
- March 01, 2023
- 01:44 PM
- 0
North Korean hackers stole research data in two-month-long breach

A new cyber espionage campaign dubbed 'No Pineapple!' has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim without causing any destruction.
- Bill Toulas
- February 02, 2023
- 12:56 PM
- 0
Scattered Spider hackers use old Intel driver to bypass security

A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a BYOVD (Bring Your Own Vulnerable Driver) attack to evade detection from EDR (Endpoint Detection and Response) security products.
- Bill Toulas
- January 11, 2023
- 04:55 PM
- 6
New Dark Pink APT group targets govt and military with custom malware

Attacks targeting government agencies and military bodies in multiple countries in the APAC region have been attributed to what appears to be a new advanced threat actor that leverages custom malware to steal confidential information.
- Bill Toulas
- January 11, 2023
- 02:00 AM
- 0
VirusTotal cheat sheet makes it easy to search for specific results

VirusTotal has published a cheat sheet to help researchers create queries leading to more specific results from the malware intelligence platform.
- Ionut Ilascu
- December 20, 2022
- 04:11 PM
- 0
US govt: Iranian hackers breached federal agency using Log4Shell exploit

The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware.
- Sergiu Gatlan
- November 16, 2022
- 11:34 AM
- 1
Chinese hackers target government agencies and defense orgs

The Chinese espionage APT (advanced persistent threat), tracked as 'Billbug' (aka Thrip, or Lotus Blossom), is currently running a 2022 campaign targeting government agencies and defense organizations in multiple Asian countries.
- Bill Toulas
- November 15, 2022
- 06:00 AM
- 0
Hackers target Asian casinos in lengthy cyberespionage campaign

A hacking group named 'DiceyF' has been observed deploying a malicious attack framework against online casinos based in Southeast Asia since at least November 2021.
- Bill Toulas
- October 18, 2022
- 12:36 PM
- 0
Hacking group POLONIUM uses ‘Creepy’ malware against Israel

Security researchers reveal previously unknown malware used by the cyber espionage hacking group 'POLONIUM,' threat actors who appear to target Israeli organizations exclusively.
- Bill Toulas
- October 11, 2022
- 05:30 AM
- 0
Microsoft: Iranian hackers encrypt Windows systems using BitLocker

Microsoft says an Iranian state-sponsored threat group it tracks as DEV-0270 (aka Nemesis Kitten) has been abusing the BitLocker Windows feature in attacks to encrypt victims' systems.
- Sergiu Gatlan
- September 08, 2022
- 11:30 AM
- 2
New Iranian hacking group APT42 deploys custom Android spyware

A new Iranian state-sponsored hacking group known as APT42 has been discovered using a custom Android malware to spy on targets of interest.
- Bill Toulas
- September 07, 2022
- 10:18 AM
- 0
Maui ransomware operation linked to North Korean 'Andariel' hackers

The Maui ransomware operation has been linked to the North Korean state-sponsored hacking group 'Andariel,' known for using malicious cyber activities to generate revenue and causing discord in South Korea.
- Bill Toulas
- August 09, 2022
- 11:00 AM
- 0
Chinese hackers use new Windows malware to backdoor govt, defense orgs

An extensive series of attacks detected in January used new Windows malware to backdoor government entities and organizations in the defense industry from several countries in Eastern Europe.
- Sergiu Gatlan
- August 08, 2022
- 09:36 AM
- 0
Facebook finds new Android malware used by APT hackers

Meta (Facebook) has released its Q2 2022 adversarial threat report, and among the highlights is the discovery of two cyber-espionage clusters connected to hacker groups known as 'Bitter APT' and APT36 (aka 'Transparent Tribe') using new Android malware.
- Bill Toulas
- August 05, 2022
- 10:40 AM
- 0
Russian hackers use fake DDoS app to infect pro-Ukrainian activists

Google's Threat Analysis Group (TAG), whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations.
- Sergiu Gatlan
- July 19, 2022
- 01:06 PM
- 0
Belgium says Chinese hackers attacked its Ministry of Defense

The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups targeted the country's defense and interior ministries.
- Sergiu Gatlan
- July 19, 2022
- 10:44 AM
- 0
Hackers pose as journalists to breach news media org’s networks

Researchers following the activities of advanced persistent (APT) threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors.
- Bill Toulas
- July 16, 2022
- 11:07 AM
- 0