Kaspersky Connects SolarWinds Attack Code to Known Russian APT Group
Turla cyberspies were linked to the SolarWinds breach due to similarities in the malware used in the attack and Kazuar, a backdoor used. The hackers are believed to be based in Russia and targeted the SolarWinds company in a sophisticated attempt to breach the system of hundreds of high-profile organizations.
New Backdoors Used by Hamas-Linked Hackers Abuse Facebook, Dropbox
The threat actor group referred to as Extreme Jackal, Gaza Hackers Team, Gaza Cybergang, and Moonlight has been active since 2012 and mainly focused on conducting cyberattacks against targets in the Middle East. The group has allegedly been using two malware families, Spark and Pierogi alongside two new backdoors named
APT Groups Get Innovative and More Dangerous in Q3
Kaspersky researchers have detected a trend in APT groups diversifying their toolsets in the third quarter, representing a larger increase in sophistication of attacks between Q2 and Q3 of 2020 than other years. APTs typically tend to resort to traditional tactics and procedures that have been working for years, however,
North Korea-Backed Spy Group Poses as Reporters in Spearphishing Attacks, Feds Warn
The North Korean APT group known as Kimsuky or Hidden Cobra has allegedly been actively attacking businesses posing as reporters located in South Korea. The US Cybersecurity and Infrastructure Security Agency (CISA) posted advisory warning businesses of the new ploy to gain access to US information. The group has been
Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors
Microsoft has released a warning concerning the Mercury APT group and their active exploitation of the Zerologon vulnerability in campaigns occurring over the past two weeks. Mercury APT is an Iranian nation-state threat actor leveraging the critical flaw to attack organizations, who have also been referred to as MuddyWater, Static
China-Linked Hackers Used UEFI Malware in North Korea-Themed Attacks
Kaspersky researchers released new information regarding a Chinese threat actor and their use of UEFI malware in attacks targeting organizations with a relationship to North Korea. On Monday, Kaspersky announced that they had analyzed the malware and malicious activity after discovering suspicious UEFI firmware images. The investigation revealed components based
New APT Group XDSpy Targets Belarus and Russian-Speakers
A new APT group targeting Belarus and other Eastern European governments and businesses has been uncovered and dubbed “XDSpy.” The advanced persistent threat group has reportedly been conducting malicious activity against Eastern European entities for over nine years. The group does not share any similarities of regional targets, network infrastructure,
Chinese Hackers Target Europe, Tibetans With ‘Sepulcher’ Malware
On Wednesday, Proofpoint security researchers released a report detailing links between COVID-19 themed phishing attacks and APT TA413. TA413 has been active for almost a decade, well known for its use of the LuckyCat and ExileRAT malware. APT TA413 is a Chinese threat actor group that largely targets European diplomatic
Evilnum APT Group Employs New Python RAT
An APT group called Evilnum has reportedly adopted a new Python remote access Trojan (RAT). The new RAT was designed to target financial tech organizations through the creation of highly specific and sophisticating spear phishing attacks. Over the past few weeks, researchers have detected noticeable shifts in Evilnum’s tools, techniques,
China-based APT Debuts Sepulcher Malware in Spear-Phishing Attacks
A Chinese APT referred to as TA413 has allegedly been distributing a new RAT that has been dubbed Sepulcher. TA413 has been using the RAT in various campaigns over the past six months in attacks against European organizations and government entities, as well as Tibetan dissidents. TA413 has been previously