#APTgroups – Xynik

FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions

November 5, 2024 by Xynik

November 5, 2024 at 12:36PM The FBI is investigating cyber intrusions involving malware targeting sensitive data from companies and government networks by Chinese state-sponsored groups. Reports by Sophos reveal attacks leveraging multiple vulnerabilities, shifting from widespread to targeted attacks since 2021, compromising critical infrastructure mainly in South and Southeast Asia. ### Meeting Takeaways: 1. **FBI … Read more

Novel attack on Windows spotted in phishing campaign run from and targeting China

September 1, 2024 by Xynik

September 1, 2024 at 11:13PM Unknown attackers have utilized Tencent’s cloud for a phishing campaign targeting Chinese entities, as uncovered by Securonix. The campaign involves delivering Cobalt Strike payloads through phishing emails, establishing persistence and remaining undetected within systems. The attack methodically targets specific Chinese business or government sectors, using advanced exploitation frameworks such as … Read more

New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads

August 30, 2024 by Xynik

August 30, 2024 at 02:42AM Chinese-speaking users are being targeted in a sophisticated cyber espionage campaign called SLOW#TEMPEST, using phishing emails to infect Windows systems with Cobalt Strike payloads. The attackers established persistence within systems, conducted reconnaissance, and set up remote access, allowing them to move laterally across networks undetected. The campaign appears to be … Read more

China’s ‘Evasive Panda’ APT Spies on Taiwan Targets Across Platforms

July 23, 2024 by Xynik

July 23, 2024 at 03:59PM Evasive Panda, also known as Daggerfly, is a Chinese advanced persistent threat (APT) group that targets telecommunications companies, government agencies, NGOs, universities, and private individuals. It has developed malware for various platforms, including Windows, macOS, Android, Linux, and Solaris, showcasing its ambition and diverse capabilities. The group’s continuous development and … Read more

Iranian Cyber Threat Group Drops New Backdoor, ‘BugSleep’

July 18, 2024 by Xynik

July 18, 2024 at 02:06AM MuddyWater, an Iranian cyber-espionage group, has shifted from using legitimate remote management software to deploying a custom backdoor implant known as BugSleep. This shift was prompted by the ineffectiveness of their previous approach. The group’s tactics involve phishing, deploying malicious PDFs, and targeting various government and critical industries in the … Read more

Houthi rebels are operating their own GuardZoo spyware

July 9, 2024 by Xynik

July 9, 2024 at 07:07AM Surveillance malware like NSO Group’s Pegasus often gets the attention, but less sophisticated tools like GuardZoo, used by Houthi rebels in Yemen, are still prevalent. Distributed through social engineering, it targets military members in Yemen and other countries. Despite being less advanced than Pegasus, its widespread use presents a significant … Read more

Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks

May 17, 2024 by Xynik

May 17, 2024 at 05:33AM The Kimsuky APT group, associated with North Korea’s Reconnaissance General Bureau, has been observed deploying the Gomir backdoor on Linux to target South Korean organizations. The malware shares extensive code with GoBear and is distributed through trojanized security programs. The campaign highlights the preference for software installation packages as infiltration … Read more

Iranian APTs Dress Up As Hacktivists for Disruption, Influence Ops

February 21, 2024 by Xynik

February 21, 2024 at 03:06AM Summary: Iranian state-backed APT groups are posing as hacktivists, carrying out cyberattacks against Israeli critical infrastructure. Referred to as “faketivists,” they aim to create plausible deniability for the state and offer support to the Israeli-Gaza war. Meanwhile, Hamas-related cyber activity has significantly reduced, possibly due to internet disruptions. Based on … Read more

CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day

February 14, 2024 by Xynik

February 14, 2024 at 07:29AM The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in campaigns targeting financial market traders. The vulnerability has been patched by Microsoft, and it was discovered and disclosed by the Trend Micro Zero Day Initiative. Water Hydra has used sophisticated methods to bypass SmartScreen and … Read more

21 New Mac Malware Families Emerged in 2023

January 3, 2024 by Xynik

January 3, 2024 at 07:42AM In 2023, 21 new malware families targeting macOS systems were discovered by security researcher Patrick Wardle, representing a 50% increase from 2022. Wardle’s blog post provides detailed analysis of each family’s characteristics and their potential impact on Apple devices. Notable threats include ransomware, infostealers, APT-developed malware, and variations of existing … Read more