Latest APT news

Evilnum hackers return in new operation targeting migration orgs

The Evilnum hacking group is showing renewed signs of malicious activity, targeting European organizations that are involved in international migration.
- Bill Toulas
- June 28, 2022
- 05:49 PM
- 0
Microsoft Exchange bug abused to hack building automation systems

A Chinese-speaking threat actor has hacked into the building automation systems (used to control HVAC, fire, and security functions) of several Asian organizations to backdoor their networks and gain access to more secured areas in their networks.
- Sergiu Gatlan
- June 27, 2022
- 11:39 AM
- 0
Microsoft Exchange servers hacked by new ToddyCat APT gang

An advanced persistent threat (APT) group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020.
- Sergiu Gatlan
- June 21, 2022
- 07:46 AM
- 0
Chinese hacking group Aoqin Dragon quietly spied orgs for a decade

A previously unknown Chinese-speaking threat actor has been uncovered by threat analysts SentinelLabs who were able to link it to malicious activity going as far back as 2013.
- Bill Toulas
- June 09, 2022
- 07:00 AM
- 0
Microsoft blocks Polonium hackers from using OneDrive in attacks

Microsoft said it blocked a Lebanon-based hacking group it tracks as Polonium from using the OneDrive cloud storage platform for data exfiltration and command and control while targeting and compromising Israelian organizations.
- Sergiu Gatlan
- June 02, 2022
- 01:36 PM
- 0
Chinese LuoYu hackers deploy cyber-espionage malware via app updates

A Chinese-speaking hacking group known as LuoYu is infecting victims WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks.
- Sergiu Gatlan
- June 02, 2022
- 12:36 PM
- 0
SideWinder hackers plant fake Android VPN app in Google Play Store

Phishing campaigns attributed to an advanced threat actor called SideWinder involved a fake VPN app for Android devices published on Google Play Store along with a custom tool that filters victims for better targeting.
- Ionut Ilascu
- June 01, 2022
- 09:10 AM
- 0
Hackers target Russian govt with fake Windows updates pushing RATs

Hackers are targeting Russian government agencies with phishing emails that pretend to be Windows security updates and other lures to install remote access malware.
- Bill Toulas
- May 24, 2022
- 03:27 PM
- 0
Chinese ‘Space Pirates’ are hacking Russian aerospace firms

A previously unknown Chinese hacking group known as 'Space Pirates' targets enterprises in the Russian aerospace industry with phishing emails to install novel malware on their systems.
- Bill Toulas
- May 18, 2022
- 12:51 PM
- 0
Bitter cyberspies target South Asian govts with new malware

New activity has been observed from Bitter, an APT group focused on cyberespionage, targeting the government of Bangladesh with new malware with remote file execution capabilities.
- Bill Toulas
- May 11, 2022
- 08:00 AM
- 0
Hackers are now hiding malware in Windows Event Logs

Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild.
- Ionut Ilascu
- May 09, 2022
- 08:00 AM
- 1
Google: Chinese state hackers keep targeting Russian govt agencies

Google said today that a Chinese-sponsored hacking group linked to China's People's Liberation Army Strategic Support Force (PLA SSF) is targeting Russian government agencies.
- Sergiu Gatlan
- May 03, 2022
- 01:29 PM
- 0
Cyberspies use IP cameras to deploy backdoors, steal Exchange emails

A newly discovered and uncommonly stealthy Advanced Persistent Threat (APT) group is breaching corporate networks to steal Exchange (on-premise and online) emails from employees involved in corporate transactions such as mergers and acquisitions.
- Sergiu Gatlan
- May 02, 2022
- 01:28 PM
- 0
US and allies warn of Russian hacking threat to critical infrastructure

Today, Five Eyes cybersecurity authorities warned critical infrastructure network defenders of an increased risk that Russia-backed hacking groups could target organizations within and outside Ukraine's borders.
- Sergiu Gatlan
- April 20, 2022
- 01:59 PM
- 0
US warns of govt hackers targeting industrial control systems

A joint cybersecurity advisory issued by CISA, NSA, FBI, and the Department of Energy (DOE) warns of government-backed hacking groups being able to hijack multiple industrial devices using a new ICS-focused malware toolkit.
- Sergiu Gatlan
- April 13, 2022
- 01:53 PM
- 0
Fake antivirus updates used to deploy Cobalt Strike in Ukraine

Ukraine's Computer Emergency Response Team is warning that threat actors are distributing fake Windows antivirus updates that install Cobalt Strike and other malware.
- Bill Toulas
- March 14, 2022
- 05:52 PM
- 0
Hackers fork open-source reverse tunneling tool for persistence

Security experts have spotted an interesting case of a suspected ransomware attack that employed custom-made tools typically used by APT (advanced persistent threat) groups.
- Bill Toulas
- March 09, 2022
- 01:24 PM
- 0
Red Cross: State hackers breached our network using Zoho bug

The International Committee of the Red Cross (ICRC) said today that the hack disclosed last month against its servers was a targeted attack likely coordinated by a state-backed hacking group.
- Sergiu Gatlan
- February 16, 2022
- 11:32 AM
- 2
Hacking group 'ModifiedElephant' evaded discovery for a decade

Threat analysts have linked a decade of activity to an APT (advanced persistent threat) actor called 'ModifiedElephant', who has managed to remain elusive to all threat intelligence firms since 2012.
- Bill Toulas
- February 10, 2022
- 03:02 PM
- 0
News Corp discloses hack from "persistent" nation state cyber attacks

American media and publishing giant News Corp has disclosed today that it was the target of a "persistent" cyberattack. The attack discovered sometime this January, reportedly allowed threat actors to access emails and documents of some News Corp employees, including journalists.
- Ax Sharma
- February 04, 2022
- 09:03 AM
- 0