November 7, 2024 at 07:30PM The Chinese APT group MirrorFace has expanded its espionage activities into the European Union, utilizing SoftEther VPN. Previously known for interfering in Japanese elections, MirrorFace now targets diplomatic entities. Other China-backed groups are also adopting SoftEther VPN to avoid detection, indicating a rise in cyber espionage tactics in Europe. ### … Read more
October 30, 2024 at 12:01PM The North Korean hacking group Andariel is linked to the Play ransomware operation, potentially as an affiliate or initial access broker. Researchers found they compromised a network to deploy Play ransomware. This collaboration may help evade sanctions, similar to tactics used by other sanctioned groups like Evil Corp and Iranian … Read more
October 16, 2024 at 10:42AM The Indian APT group SideWinder has expanded its cyberattacks across Asia, the Middle East, Africa, and Europe, targeting various sectors, including government and military. They employ an advanced malware toolkit, StealerBot, for espionage. Kaspersky warns that these attackers should not be underestimated due to their evolving tactics. ### Meeting Notes … Read more
October 2, 2024 at 09:08PM CeranaKeeper, a China-aligned threat actor, has conducted large-scale data exfiltration in Southeast Asia. ESET researchers found that the group has been active since early 2022, using tools associated with Mustang Panda and exploiting file-sharing services. They breached Thai government systems and conducted extensive data harvesting, demonstrating rapid evolution and persistence. … Read more
October 2, 2024 at 11:24AM Mustang Panda, a Chinese APT group, is conducting a cyber-espionage campaign via malicious emails and the use of Visual Studio Code (VS Code) to distribute Python-based malware. Its tactics include establishing remote access to infected machines, exfiltrating data, and employing legitimate entities like GitHub for unauthorized access. Organizations are advised … Read more
July 16, 2024 at 09:41AM A Trend Micro blog post reveals new details about the exploit of a Microsoft zero-day flaw by an APT group known as Void Banshee, spreading the Atlantida Stealer in a spear-phishing campaign targeting victims in North America, Europe, and Southeast Asia. The attackers use unpatched vulnerabilities in the now-retired Internet … Read more
July 15, 2024 at 10:55AM CVE-2024-38112, exploited by APT group Void Banshee, allowed them to use a zero-day to access and execute files via the disabled Internet Explorer using MSHTML. The vulnerability was promptly reported to Microsoft and patched. Void Banshee lured victims using zip archives with malicious files disguised as PDFs, targeting North America, … Read more
March 31, 2024 at 10:42AM Security researchers have observed the Linux version of DinodasRAT, also known as XDealer, targeting Red Hat and Ubuntu systems since at least 2022. The malware, previously detected on Windows, is part of espionage campaigns targeting government entities globally. The Linux variant creates persistence and communicates with a command and control … Read more
February 13, 2024 at 03:16PM Water Hydra exploited the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) targeting financial market traders. The Trend Micro Zero Day Initiative discovered and disclosed this, cooperating with Microsoft to ensure a rapid patch. Water Hydra also used similar tactics in a campaign targeting traders. The group’s attack patterns reflect high levels … Read more
November 28, 2023 at 04:36AM Amid the ongoing conflict between Israel and Hamas, attackers associated with Hamas are using an updated version of the SysJoker backdoor to target Israeli entities. This new variant, written in the Rust programming language, retains similar functionalities but has undergone significant evolution. The attackers are also utilizing OneDrive instead of … Read more