12 Jan 2021

Kaspersky Connects SolarWinds Attack Code to Known Russian APT Group

Turla cyberspies were linked to the SolarWinds breach due to similarities in the malware used in the attack and Kazuar, a backdoor used. The hackers are believed to be based in Russia and targeted the SolarWinds company in a sophisticated attempt to breach the system of hundreds of high-profile organizations.

Read More
11 Dec 2020

New Backdoors Used by Hamas-Linked Hackers Abuse Facebook, Dropbox

The threat actor group referred to as Extreme Jackal, Gaza Hackers Team, Gaza Cybergang, and Moonlight has been active since 2012 and mainly focused on conducting cyberattacks against targets in the Middle East. The group has allegedly been using two malware families, Spark and Pierogi alongside two new backdoors named

Read More
04 Nov 2020

APT Groups Get Innovative and More Dangerous in Q3

Kaspersky researchers have detected a trend in APT groups diversifying their toolsets in the third quarter, representing a larger increase in sophistication of attacks between Q2 and Q3 of 2020 than other years. APTs typically tend to resort to traditional tactics and procedures that have been working for years, however,

Read More
28 Oct 2020

North Korea-Backed Spy Group Poses as Reporters in Spearphishing Attacks, Feds Warn

The North Korean APT group known as Kimsuky or Hidden Cobra has allegedly been actively attacking businesses posing as reporters located in South Korea. The US Cybersecurity and Infrastructure Security Agency (CISA) posted advisory warning businesses of the new ploy to gain access to US information. The group has been

Read More
07 Oct 2020

Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors

Microsoft has released a warning concerning the Mercury APT group and their active exploitation of the Zerologon vulnerability in campaigns occurring over the past two weeks. Mercury APT is an Iranian nation-state threat actor leveraging the critical flaw to attack organizations, who have also been referred to as MuddyWater, Static

Read More
06 Oct 2020

China-Linked Hackers Used UEFI Malware in North Korea-Themed Attacks

Kaspersky researchers released new information regarding a Chinese threat actor and their use of UEFI malware in attacks targeting organizations with a relationship to North Korea. On Monday, Kaspersky announced that they had analyzed the malware and malicious activity after discovering suspicious UEFI firmware images. The investigation revealed components based

Read More
02 Oct 2020

New APT Group XDSpy Targets Belarus and Russian-Speakers

A new APT group targeting Belarus and other Eastern European governments and businesses has been uncovered and dubbed “XDSpy.” The advanced persistent threat group has reportedly been conducting malicious activity against Eastern European entities for over nine years. The group does not share any similarities of regional targets, network infrastructure,

Read More
07 Sep 2020

Chinese Hackers Target Europe, Tibetans With ‘Sepulcher’ Malware

On Wednesday, Proofpoint security researchers released a report detailing links between COVID-19 themed phishing attacks and APT TA413. TA413 has been active for almost a decade, well known for its use of the LuckyCat and ExileRAT malware. APT TA413 is a Chinese threat actor group that largely targets European diplomatic

Read More
04 Sep 2020

Evilnum APT Group Employs New Python RAT

An APT group called Evilnum has reportedly adopted a new Python remote access Trojan (RAT). The new RAT was designed to target financial tech organizations through the creation of highly specific and sophisticating spear phishing attacks. Over the past few weeks, researchers have detected noticeable shifts in Evilnum’s tools, techniques,

Read More
02 Sep 2020

China-based APT Debuts Sepulcher Malware in Spear-Phishing Attacks

A Chinese APT referred to as TA413 has allegedly been distributing a new RAT that has been dubbed Sepulcher. TA413 has been using the RAT in various campaigns over the past six months in attacks against European organizations and government entities, as well as Tibetan dissidents. TA413 has been previously

Read More