Russian FSB Hackers Breach Pakistan’s APT Storm-0156

December 4, 2024 at 05:31PM Russian hackers, known as Secret Blizzard, have infiltrated a Pakistani hacker group, Storm-0156, to access sensitive information from Afghan and Indian military targets. By leveraging Storm-0156’s tools and infrastructure, they employed diverse tactics for espionage, showcasing a unique trend of threat actors hacking fellow cybercriminals to gain operational advantages. **Meeting … Read more

Chinese APT Gelsemium Deploys ‘Wolfsbane’ Linux Variant

November 21, 2024 at 03:32PM Recent modifications to Chinese backdoors, particularly Gelsemium’s new tools Wolfsbane and Firewood, target Linux systems, marking a significant shift in malware development. As organizations increasingly adopt Linux, experts highlight a surge in Linux-based cyber threats, with 54% of endpoint attacks affecting Linux in 2023. ### Meeting Takeaways 1. **Emergence of … Read more

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

November 21, 2024 at 11:57AM China-aligned APT actor Gelsemium is using a new Linux backdoor, WolfsBane, targeting East and Southeast Asia for cyber espionage. Recent findings by ESET reveal WolfsBane and another implant, FireWood, aiming to gather sensitive data. This marks a shift towards Linux malware amidst enhanced security measures in the APT ecosystem. ### … Read more

North Korea’s Andariel Pivots to ‘Play’ Ransomware Games

October 31, 2024 at 11:37AM North Korea’s Andariel group has begun using Play ransomware, marking their first collaboration with an underground ransomware network. This shift indicates a potential increase in high-impact attacks. Researchers recommend heightened vigilance against future ransomware incidents, as the group remains a significant threat, particularly in sectors vulnerable to cyber attacks. ### … Read more

European govt air-gapped systems breached using custom malware

October 8, 2024 at 12:05PM GoldenJackal, an APT hacking group, breached air-gapped European government systems using custom toolsets to steal sensitive data, including emails, encryption keys, and documents. They utilized malware like GoldenDealer and GoldenAce, spreading through USB drives. Kaspersky warned of their focus on government entities for espionage. ESET reported new modular toolsets used … Read more

Hackers breach European air-gapped govt systems with custom malware

October 8, 2024 at 11:56AM The APT hacking group GoldenJackal breached air-gapped government systems in Europe using custom toolsets to steal sensitive data, including emails, encryption keys, and documents. The attacks occurred at least twice, targeting government and diplomatic entities for espionage. GoldenJackal also developed a new modular toolset to optimize covert operations. Multiple tools … Read more

Salt Typhoon APT Subverts Law Enforcement Wiretapping: Report

October 7, 2024 at 04:06PM The Chinese state-sponsored APT, Salt Typhoon, reportedly breached major US broadband provider networks, gaining access to lawful intercept infrastructure used by law enforcement for wiretapping. The affected providers include AT&T, Verizon, and Lumen Technologies. Sources suggest the APT had access to internet traffic and targeted entities outside the US. This … Read more

Microsoft, DOJ Dismantle Russian Hacker Group Star Blizzard

October 4, 2024 at 03:49PM The US Department of Justice and Microsoft collaborated to take down over 100 domains linked to the Russian hacker group Star Blizzard, known for targeting journalists, non-governmental organizations, and Russia experts. This action aims to disrupt their cyber activities and protect against potential election interference. However, experts anticipate continued threats … Read more

‘SloppyLemming’ APT Abuses Cloudflare Service in Pakistan Attacks

September 26, 2024 at 12:35AM A threat actor known as “SloppyLemming,” identified as an advanced persistent threat (APT) by Crowdstrike, is conducting espionage against government and law enforcement targets in the Indian subcontinent. They utilize Cloudflare Worker cloud services and various tools in phishing attack chains for credential harvesting and email compromise, targeting sensitive organizations … Read more

Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware

September 23, 2024 at 02:18AM A suspected APT from China targeted a Taiwanese government organization and other APAC countries by exploiting a security flaw. The activity uses various techniques and malware like Cobalt Strike and EAGLEDOOR to infiltrate and gather data from government and energy sectors. The threat actor’s sophistication and adaptability are notable. Key … Read more