October 25, 2023 at 04:51PM The YoroTrooper espionage group, which has been active since June 2022, appears to consist of individuals from Kazakhstan. The group has been targeting government entities in Azerbaijan, Kyrgyzstan, Tajikistan, and other CIS countries. They use Kazakh currency and languages, and have only targeted one institution in Kazakhstan. They rely on … Read more
October 18, 2023 at 12:15PM North Korea’s Kimsuky cyber threat group has been found to be using Remote Desktop Protocol (RDP) and other tools to remotely take over targeted systems. The group has also been leveraging open source software such as TightVNC and Chrome Remote Desktop. Kimsuky continues to use spear phishing as its initial … Read more
October 18, 2023 at 05:33AM The Asia-Pacific region is experiencing a cyber espionage campaign called TetrisPhantom, in which government entities are the primary targets. The attackers exploit secure USB drives with hardware encryption to gather sensitive data. The campaign is sophisticated and likely the work of a nation-state group. In addition, a new APT actor … Read more
October 13, 2023 at 08:30AM The APT actor ToddyCat has been linked to new malicious tools used for data exfiltration, providing insight into their tactics. Kaspersky discovered the group last year, connecting it to attacks on high-profile entities in Europe and Asia. The tools include loaders, a Trojan, a file collection tool, a Dropbox uploader, … Read more
October 13, 2023 at 03:59AM Void Rabisu, a threat actor associated with financially motivated ransomware attacks, has shifted its focus to targeted campaigns on Ukraine and countries supporting Ukraine. They have developed a new variant called ROMCOM, which they used in campaigns targeting EU military personnel and political leaders working on gender equality initiatives. The … Read more
October 11, 2023 at 03:40PM China-sponsored APT Storm-0062 is responsible for exploiting a critical bug in Atlassian Confluence Server, according to Microsoft. Proof-of-concept exploits are now available, indicating potential mass exploitation. The vulnerability (CVE-2023-22515) allows remote code execution without authentication. Microsoft identified four IP addresses associated with the exploit and warned of the creation of … Read more
October 10, 2023 at 09:54AM A new advanced persistent threat (APT) group called Grayling has been targeting Taiwanese organizations, as well as a government entity in the Asia-Pacific region and organizations in the US and Vietnam. The group likely operates from a region with a strategic interest in Taiwan, implying a possible link to China. … Read more
October 10, 2023 at 07:00AM A previously unknown threat actor named Grayling has been identified as the culprit behind a series of cyberattacks on organizations in Taiwan, including manufacturing, IT, and biomedical sectors. Symantec’s Threat Hunter Team discovered the attacks, which began in February and utilized a distinct DLL side-loading technique to deploy payloads. The … Read more