#APTattacks – Xynik

Earth Baxia Uses Spear-Phishing and GeoServer Exploit to Target APAC

September 19, 2024 by Xynik

September 19, 2024 at 04:38AM Threat actor Earth Baxia targeted a government organization in Taiwan and possibly other APAC countries using spear-phishing emails and exploiting CVE-2024-36401, a GeoServer vulnerability. Earth Baxia deployed customized Cobalt Strike components and a new backdoor called EAGLEDOOR, which supports multiple communication protocols for information gathering and payload delivery, with evidence … Read more

Danish Energy Attacks Portend Targeting More Critical Infrastructure

November 14, 2023 by Xynik

November 14, 2023 at 05:49PM In May, Danish energy sector organizations were targeted in a series of attacks, possibly linked to the Russian Sandworm APT. Attackers exploited vulnerabilities in Zyxel firewall devices, including two zero-days, to gain access to industrial machinery and isolate some targets from the national grid. Cybercriminal groups are also increasingly targeting … Read more

Stealth Techniques Used in ‘Operation Triangulation’ iOS Attack Dissected

October 24, 2023 by Xynik

October 24, 2023 at 03:03PM Kaspersky has released a report detailing the iOS zero-click attacks it suffered. Dubbed ‘Operation Triangulation’, the attacks used malicious iMessage attachments to exploit a zero-day vulnerability and deploy spyware named TriangleDB. The attackers implemented stealth techniques to avoid detection, including using two validators to collect device information and ensure the … Read more