#APTgroups – Xynik

Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

December 11, 2024 by Xynik

December 11, 2024 at 07:30AM A China-based threat actor has been linked to cyber attacks in Southeast Asia targeting key sectors, including government and telecoms, since October 2023. Characterized by sophisticated tools and techniques, attacks involved prolonged network access and data exfiltration. Recent activities indicate persistent cyber espionage amidst ongoing regional geopolitical tensions. ### Meeting … Read more

Chinese hackers target Linux with new WolfsBane malware

November 21, 2024 by Xynik

November 21, 2024 at 03:09PM ESET researchers have identified two new Linux malware families: ‘WolfsBane,’ a backdoor linked to the Chinese Gelsemium group, and ‘FireWood,’ potentially used by various APT groups. Both target Linux systems, highlighting a trend as attackers seek new vulnerabilities amid enhanced Windows security measures. WolfsBane employs sophisticated evasion techniques. ### Meeting … Read more

FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions

November 5, 2024 by Xynik

November 5, 2024 at 12:36PM The FBI is investigating cyber intrusions involving malware targeting sensitive data from companies and government networks by Chinese state-sponsored groups. Reports by Sophos reveal attacks leveraging multiple vulnerabilities, shifting from widespread to targeted attacks since 2021, compromising critical infrastructure mainly in South and Southeast Asia. ### Meeting Takeaways: 1. **FBI … Read more

Novel attack on Windows spotted in phishing campaign run from and targeting China

September 1, 2024 by Xynik

September 1, 2024 at 11:13PM Unknown attackers have utilized Tencent’s cloud for a phishing campaign targeting Chinese entities, as uncovered by Securonix. The campaign involves delivering Cobalt Strike payloads through phishing emails, establishing persistence and remaining undetected within systems. The attack methodically targets specific Chinese business or government sectors, using advanced exploitation frameworks such as … Read more

New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads

August 30, 2024 by Xynik

August 30, 2024 at 02:42AM Chinese-speaking users are being targeted in a sophisticated cyber espionage campaign called SLOW#TEMPEST, using phishing emails to infect Windows systems with Cobalt Strike payloads. The attackers established persistence within systems, conducted reconnaissance, and set up remote access, allowing them to move laterally across networks undetected. The campaign appears to be … Read more

China’s ‘Evasive Panda’ APT Spies on Taiwan Targets Across Platforms

July 23, 2024 by Xynik

July 23, 2024 at 03:59PM Evasive Panda, also known as Daggerfly, is a Chinese advanced persistent threat (APT) group that targets telecommunications companies, government agencies, NGOs, universities, and private individuals. It has developed malware for various platforms, including Windows, macOS, Android, Linux, and Solaris, showcasing its ambition and diverse capabilities. The group’s continuous development and … Read more

Iranian Cyber Threat Group Drops New Backdoor, ‘BugSleep’

July 18, 2024 by Xynik

July 18, 2024 at 02:06AM MuddyWater, an Iranian cyber-espionage group, has shifted from using legitimate remote management software to deploying a custom backdoor implant known as BugSleep. This shift was prompted by the ineffectiveness of their previous approach. The group’s tactics involve phishing, deploying malicious PDFs, and targeting various government and critical industries in the … Read more

Houthi rebels are operating their own GuardZoo spyware

July 9, 2024 by Xynik

July 9, 2024 at 07:07AM Surveillance malware like NSO Group’s Pegasus often gets the attention, but less sophisticated tools like GuardZoo, used by Houthi rebels in Yemen, are still prevalent. Distributed through social engineering, it targets military members in Yemen and other countries. Despite being less advanced than Pegasus, its widespread use presents a significant … Read more

Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks

May 17, 2024 by Xynik

May 17, 2024 at 05:33AM The Kimsuky APT group, associated with North Korea’s Reconnaissance General Bureau, has been observed deploying the Gomir backdoor on Linux to target South Korean organizations. The malware shares extensive code with GoBear and is distributed through trojanized security programs. The campaign highlights the preference for software installation packages as infiltration … Read more

Iranian APTs Dress Up As Hacktivists for Disruption, Influence Ops

February 21, 2024 by Xynik

February 21, 2024 at 03:06AM Summary: Iranian state-backed APT groups are posing as hacktivists, carrying out cyberattacks against Israeli critical infrastructure. Referred to as “faketivists,” they aim to create plausible deniability for the state and offer support to the Israeli-Gaza war. Meanwhile, Hamas-related cyber activity has significantly reduced, possibly due to internet disruptions. Based on … Read more