November 27, 2024 at 06:54PM The China-linked Salt Typhoon gang, known for targeting U.S. telecommunications, has expanded globally since 2023, affecting over 20 organizations across various sectors. Their toolkit includes new malware called GhostSpider and the Demodex rootkit. Their tactics involve exploiting server vulnerabilities and using legitimate tools for stealthy infiltration and espionage. ### Meeting … Read more
July 23, 2024 at 03:59PM Evasive Panda, also known as Daggerfly, is a Chinese advanced persistent threat (APT) group that targets telecommunications companies, government agencies, NGOs, universities, and private individuals. It has developed malware for various platforms, including Windows, macOS, Android, Linux, and Solaris, showcasing its ambition and diverse capabilities. The group’s continuous development and … Read more
May 9, 2024 at 05:52PM The “Careto” APT group, inactive for over a decade, has reemerged in cyber-espionage targeting entities in Latin America and Central Africa. Kaspersky researchers have identified previous victims and new targets, emphasizing the need to remain vigilant against long-dormant APTs. The group’s sophisticated attacks involve custom techniques and versatile implants, showcasing … Read more
December 1, 2023 at 02:15PM Agent Raccoon, a novel .NET malware used for espionage, targets organizations globally and is linked to nation-state actors by Unit 42. It masquerades as an updater, using DNS for covert communication and includes tools for credential theft and data exfiltration, with active development indicating evolving capabilities. Meeting Takeaways: 1. A … Read more
October 24, 2023 at 05:45AM The TriangleDB implant used in Operation Triangulation targets Apple iOS devices. It includes modules to record audio, steal data from apps, and determine the victim’s location. The attack utilizes zero-click exploits through iMessage attachments and employs various validators to avoid being detected. The identity of the threat actor remains unknown, … Read more