The China-based espionage group Winnti was discovered by researchers at Symantec deploying the Spyder Loader malware as part of an ongoing campaign to gather intelligence. The group allegedly sought to steal information from government organizations in Hong Kong. The recently-observed malicious activity consists of Winnti attackers remaining active on some
European cybersecurity firm ESET has discovered previously unknown custom backdoors and tools it believes are being leveraged by an APT group called Polonium. The group is relatively new and was discovered in June 2022 by Microsoft. The group is highly sophisticated and currently active. It appears to be exclusively targeting
North Korean advanced persistent threat actor Lazarus is leveraging the current popularity of the blockchain and cryptocurrency industry to target organizations and individuals running Apple and Intel-based systems. The cyber espionage campaign recently identified consists of Lazarus deploying fake job postings for Coinbase. The job posting contains a malicious Mac
Security researchers at Proofpoint have released a recent advisory that details how state-aligned threat groups have increased the volume of attacks targeting journalists. According to the research, the goal of the attacks is to steal data and credentials, as well as to track the journalists. The targeted phishing attacks can
A new espionage actor is breaching corporate networks to steal emails from employees involved in big financial transactions like mergers and acquisitions. Mandiant, which first discovered the advanced persistent threat (APT) group in December 2019 and now tracks it as “UNC3524”, says that while the group’s corporate targets hint at
Last month, publishing giant News Corp suffered from a cyberattack in which attackers infiltrated the company’s network using BEC. Microsoft claims to have moved to stop such attacks by blocking VBA macros in 5 different Windows apps, however, the attack was still effective. In the latest update, cybersecurity professionals determined
Microsoft officials have warned that Russia’s intelligence apparatus has been engaged in another campaign to gain unauthorized access into thousands of U.S. government, corporate, and think tank networks. The ongoing cyber-espionage campaign appears to be focused on acquiring data that is stored in the cloud.
The activity further underscores Russia’s intent to target and compromise any entity that it feels vital to supporting its intelligence interests. The target list may be expansive, as a recent Microsoft report claimed more than half of nation-state attacks detected by the company have come from Russia.
A new APT group named Harvester by security researchers is reportedly attacking telcos, IT companies, and government sector targets in a campaign that has been consistent since June. The group is likely a nation-state backed entity and is using custom malware and stealthy tactics, according to researchers. The group has
According to Microsoft data, Russia accounted for the majority of state-sponsored attacks over the past year, with the SolarWinds attackers dominating threat activity. The Digital Defense Report 2021 is the first of its kind released by Microsoft and covers a year-long period between June 2020 and June 2021. The report
It is increasingly evident that China believes the timing is right for it to aggressively push its national interests. One area that often gets overlooked when looking at China’s expansionism is its interests in the Arctic. China’s interest in the area is not a secret, as it has promoted itself as a legitimate “Arctic State” as early as its 2011 Twelfth Five-Year Plan, and in its 2018 Arctic Policy.