August 26, 2024 at 06:04PM An ongoing campaign in southeast Asia is using two innovative stealth techniques to infect high-level organizations. “GrimResource” executes arbitrary code in the Microsoft Management Console, while “AppDomainManager Injection” uses malicious DLLs to load a custom configuration file. These techniques were recently used to drop Cobalt Strike onto IT systems belonging … Read more
August 14, 2024 at 02:03AM Earth Baku, a China-backed threat actor, has expanded its targeting to Europe, the Middle East, and Africa, including countries like Italy, Germany, U.A.E., and Qatar. The group has updated its tactics, using public-facing applications for entry points and deploying sophisticated malware. Their attacks involve various post-exploitation tools and data exfiltration … Read more
August 13, 2024 at 01:33PM A China-backed threat group known as APT41 is expanding its cyber espionage reach from Asia to Europe, the Middle East, and Africa. Their spinoff group, Earth Baku, has been targeting organizations in Italy, Germany, UAE, and Qatar, using new malware and living-off-the-land techniques. APT41’s evolving and sophisticated threat profile poses … Read more
August 4, 2024 at 10:07PM Scammers used Google’s ad system to push a fake version of Google Authenticator, tricking users into downloading malware. AI-written emails now make up 40% of business email compromise cases. CISA appointed its first chief artificial intelligence officer, Lisa Einstein. Vulnerabilities in ServiceNow and Acronis Cyber Infrastructure were flagged by CISA. … Read more
August 2, 2024 at 03:46PM China-linked APT41 compromised a Taiwanese research institute in July 2023, deploying various malware tools including the ShadowPad RAT and Cobalt Strike tool. The group, known for cyber espionage and financially motivated attacks, targeted a valuable source of proprietary technology. The attack involved stealing documents and deploying sophisticated techniques to evade … Read more
August 2, 2024 at 12:42PM A Taiwanese research institute specializing in computing was breached by China-affiliated threat actors, delivering backdoors and malware like ShadowPad and Cobalt Strike. Cisco Talos discovered the activity in August 2023 and attributed it to APT41. The attackers used various techniques to evade detection and exfiltrated documents from the network. This … Read more
July 21, 2024 at 11:56PM The FBI utilized Cellebrite’s digital forensics tools to access the Samsung smartphone of the deceased Trump shooter. Despite manufacturers’ opposition, Cellebrite’s unreleased software cracked the device within 40 minutes. Meanwhile, critical vulnerabilities in Oracle’s July security advisory demand immediate patching. The US government has sanctioned cyber criminals associated with Russia’s … Read more
July 19, 2024 at 10:05AM APT41, a Chinese threat group, has launched a cyber espionage campaign targeting organizations in shipping, logistics, media, entertainment, technology, and automotive industries across multiple countries. The group, known for supply chain attacks, has successfully infiltrated and maintained access to victim networks. APT41 is using custom cyber espionage tools and has … Read more
July 19, 2024 at 04:33AM Summary: Global shipping, logistics, media, technology, and automotive organizations in various countries are targeted by China-based APT41 hacking group, using web shells, custom droppers, and publicly available tools for unauthorized access and data exfiltration. Meanwhile, another threat group, GhostEmperor, is using a variant of the Demodex rootkit in a cyber … Read more
July 11, 2024 at 09:38PM APT41, a Chinese government-backed cyber espionage group, has added DodgeBox loader and MoonWalk backdoor to their malware toolbox. Zscaler’s ThreatLabz team attributes these new tools to APT41, indicating financially motivated crimes. DodgeBox exhibits advanced capabilities and evasive techniques, with MoonWalk using Google Drive for command-and-control communication. More details on MoonWalk … Read more