Latest APT news

State hackers' new malware helped them stay undetected for 250 days

A state-backed Chinese APT actor tracked as 'Antlion' has been using a new custom backdoor called 'xPack' against financial organizations and manufacturing companies.
- Bill Toulas
- February 03, 2022
- 10:38 AM
- 1
German govt warns of APT27 hackers backdooring business networks

The BfV German domestic intelligence services (short for Bundesamt für Verfassungsschutz) warn of ongoing attacks coordinated by the APT27 Chinese-backed hacking group.
- Sergiu Gatlan
- January 26, 2022
- 08:00 AM
- 0
OceanLotus hackers turn to web archive files to deploy backdoors

The OceanLotus group of state-sponsored hackers are now using the web archive file format (.MHT and .MHTML) to deploy backdoors to compromised systems.
- Bill Toulas
- January 12, 2022
- 10:20 AM
- 0
US govt warns of Russian hackers targeting critical infrastructure

The FBI, CISA, and the NSA have warned critical infrastructure network defenders to be ready to detect and block incoming attacks targeting organizations from US critical infrastructure sectors orchestrated by Russian-backed hacking groups.
- Sergiu Gatlan
- January 11, 2022
- 11:03 AM
- 0
New Flagpro malware linked to Chinese state-backed hackers

The cyber-espionage APT (advanced persistent threat) group tracked as 'BlackTech' was spotted using a novel malware called 'Flagpro' in attacks against Japanese firms.
- Bill Toulas
- December 28, 2021
- 02:23 PM
- 0
FBI: State hackers exploiting new Zoho zero-day since October

The Federal Bureau of Investigation (FBI) says a zero-day vulnerability in Zoho's ManageEngine Desktop Central has been under active exploitation by state-backed hacking groups (also known as APTs or advanced persistent threats) since at least October.
- Sergiu Gatlan
- December 20, 2021
- 01:06 PM
- 0
Microsoft seizes sites used by APT15 Chinese state hackers

Microsoft seized today dozens of malicious sites used by the Nickel China-based hacking group to target organizations in the US and 28 other countries worldwide.
- Sergiu Gatlan
- December 06, 2021
- 04:53 PM
- 1
France warns of Nobelium cyberspies attacking French orgs

The French national cyber-security agency ANSSI said today that the Russian-backed Nobelium hacking group behind last year's SolarWinds hack has been targeting French organizations since February 2021.
- Sergiu Gatlan
- December 06, 2021
- 01:46 PM
- 0
Hackers use in-house Zoho ServiceDesk exploit to drop webshells

An advanced persistent threat (APT) group that had been exploiting a flaw in the Zoho ManageEngine ADSelfService Plus software has pivoted to leveraging a different vulnerability in another Zoho product.
- Bill Toulas
- December 02, 2021
- 12:37 PM
- 0
APT37 targets journalists with Chinotto multi-platform malware

North Korean state hacking group APT37 targets South Korean journalists, defectors, and human rights activists in watering hole, spear-phishing emails, and smishing attacks delivering malware dubbed Chinotto capable of infecting Windows and Android devices.
- Sergiu Gatlan
- November 29, 2021
- 08:43 AM
- 0
Hackers target biomanufacturing with stealthy Tardigrade malware

An advanced hacking group is actively targeting biomanufacturing facilities with a new custom malware called 'Tardigrade.'
- Bill Toulas
- November 23, 2021
- 10:38 AM
- 0
Microsoft: Iranian state hackers increasingly target IT sector

Microsoft says Iranian-backed hacking groups have increasingly attempted to compromise IT services companies this year to steal credentials they could use to breach the systems of downstream clients.
- Sergiu Gatlan
- November 18, 2021
- 11:57 AM
- 0
FBI warns of APT group exploiting FatPipe VPN zero-day since May

The Federal Bureau of Investigation (FBI) warned of an advanced persistent threat (APT) compromising FatPipe router clustering and load balancer products to breach targets' networks.
- Sergiu Gatlan
- November 18, 2021
- 08:46 AM
- 0
Iranian state hackers use upgraded malware in attacks on ISPs, telcos

The Iranian state-supported APT known as 'Lyceum' (Hexane, Spilrin) targeted ISPs and telecommunication service providers in the Middle East and Africa between July and October 2021.
- Bill Toulas
- November 09, 2021
- 12:33 PM
- 0
North Korean state hackers start targeting the IT supply chain

North Korean-sponsored Lazarus hacking group has switched focus on new targets and was observed by Kaspersky security researchers expanding its supply chain attack capabilities.
- Sergiu Gatlan
- October 26, 2021
- 01:23 PM
- 0
Microsoft: Russian SVR hacked at least 14 IT supply chain firms since May

Microsoft says the Russian-backed Nobelium threat group behind last year's SolarWinds hack is still targeting the global IT supply chain, with 140 resellers and technology service providers attacked and at least 14 breached since May 2021.
- Sergiu Gatlan
- October 25, 2021
- 04:37 AM
- 0
LightBasin hacking group breaches 13 global telecoms in two years

A group of hackers that security researchers call LightBasin has been compromising mobile telecommunication systems across the world for the past five years.
- Ionut Ilascu
- October 19, 2021
- 10:18 AM
- 0
Google sent 50,000 warnings of state-sponsored attacks in 2021

Google said today that it sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021, a considerable increase compared to the previous year.
- Sergiu Gatlan
- October 14, 2021
- 11:20 AM
- 2
Microsoft: Russian state hackers behind 53% of attacks on US govt agencies

Microsoft says that Russian-sponsored hacking groups are increasingly targeting US government agencies, with roughly 58% of all nation-state attacks observed by Microsoft between July 2020 and June 2021 coming from Russia.
- Sergiu Gatlan
- October 08, 2021
- 07:04 AM
- 4
Hackers use stealthy ShellClient malware on aerospace, telco firms

Threat researchers investigating malware used to target companies in the aerospace and telecommunications sectors discovered a new threat actor that has been running cyber espionage campaigns since at least 2018.
- Ionut Ilascu
- October 06, 2021
- 03:42 PM
- 0