August 9, 2024 at 12:14AM Earth Baku (associated with APT41) has expanded its reach from the Indo-Pacific to Europe, the Middle East, and Africa since late 2022. This advanced threat actor targets countries such as Italy, Germany, UAE, and Qatar, using public-facing applications like IIS servers for initial access and deploying advanced malware toolsets such … Read more
June 17, 2024 at 04:57PM An advanced persistent threat (APT) from Pakistan is conducting cyber espionage against Indian government organizations using the “Dirty Pipe” Linux bug and the Discord-based malware, Disgomoji. The malware utilizes emojis for commands, making it user-friendly but not significantly impacting security software detections. UTA0137 has also been observed exploiting the old … Read more
May 31, 2024 at 04:19PM Researchers have tied LilacSquid, a new advanced persistent threat actor, to data exfiltration attacks across US, Europe. The group employs methods including exploiting known vulnerabilities, stealing remote desktop protocol credentials, and using open source tools like MeshAgent and InkLoader to establish control and deploy custom malware such as PurpleInk. LilacSquid … Read more
May 30, 2024 at 01:10AM Summary: Water Sigbin, also known as the 8220 Gang, exploited Oracle WebLogic vulnerabilities to deploy a cryptocurrency miner via a PowerShell script. The group used obfuscation techniques to conceal its activities, including hexadecimal URL encoding and fileless execution. Organizations are advised to prioritize patch management, network segmentation, security audits, employee … Read more