September 20, 2024 at 06:45AM Mandiant is tracking Iranian APT threat actor UNC1860, linked to MOIS, which facilitates remote network access. UNC1860, known for sophisticated tools and prior destructive attacks, is associated with APT34 and implicated in cyber operations targeting U.S. elections. Iran’s increasing cyber activities coincide with heightened regional involvement. CISA warned of Iranian … Read more
September 19, 2024 at 06:15AM The US government disrupted a Chinese state-sponsored botnet named Raptor Train, created by Flax Typhoon. The botnet compromised over 260,000 devices, powering DDoS attacks and routing malware. Law enforcement operations successfully neutralized the botnet, despite attempted interference by the hackers. Five Eyes agencies issued a joint advisory and efforts continue … Read more
September 16, 2024 at 03:56PM CISA orders U.S. federal agencies to secure systems against a Windows MSHTML spoofing bug exploited by the Void Banshee APT group. The vulnerability (CVE-2024-43461) was exploited before being fixed, allowing attackers to execute code on unpatched Windows systems. The vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog, and … Read more
September 10, 2024 at 11:36AM China’s state-sponsored threat actor, Mustang Panda, is utilizing self-propagating malware spread through USB drives and spear-phishing to target various government entities in the Asia-Pacific region. The group’s tactics have evolved to include new vectors for initial entry, with a focus on specific countries and sectors. Trend Micro researchers advise continuous … Read more
August 27, 2024 at 10:33AM Volt Typhoon, a China-based cyber espionage group, has been linked with exploiting a high-severity security flaw in Versa Director. The attacks targeted U.S. and non-U.S. victims in ISP, MSP, and IT sectors. The flaw allows malicious file uploads, potentially leading to large-scale supply chain attacks. Recommendations include security mitigations and … Read more
July 30, 2024 at 10:00AM BlackBerry reports that a threat actor, known as SideWinder, has been targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. The actor has been active since 2012, primarily targeting government, military, and businesses in various countries for cyberespionage. The attacks rely on spear-phishing emails and malicious documents … Read more
July 30, 2024 at 04:36AM SideWinder, a nation-state threat actor associated with India, is conducting a cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. Using spear-phishing, document exploitation, and DLL side-loading techniques, their latest attacks leverage emotional lures and exploit security vulnerabilities to deliver malicious payloads for potential … Read more
July 16, 2024 at 12:09PM Void Banshee, an APT actor, used the CVE-2024-38112 Windows zero-day to exploit the disabled Internet Explorer and deliver the Atlantida stealer malware. By crafting URLs in internet shortcut files, the APT leveraged the MHTML protocol handler and x-usc directive to execute code via the disabled IE, posing a significant threat … Read more
July 16, 2024 at 10:34AM An APT group named Void Banshee exploited an unpatched Microsoft zero-day (CVE-2024-38112) in a spear-phishing campaign to spread Atlantida Stealer across North America, Europe, and Southeast Asia. The group used malicious PDFs to target victims and extract sensitive data and system information from their machines, taking advantage of unsupported services … Read more
July 16, 2024 at 05:15AM The Void Banshee APT group was discovered exploiting a zero-day vulnerability in the Microsoft MHTML browser engine to distribute the Atlantida information stealer. It was used in a multi-stage attack chain via specially crafted internet shortcut files. The group targets organizations globally and has a history of information theft and … Read more