#APTThreats – Xynik

Russia-Linked Turla Exploits Pakistani Hackers’ Servers to Target Afghan and Indian Entities

December 4, 2024 by Xynik

December 4, 2024 at 12:54PM The Russia-linked APT group Turla has infiltrated the command-and-control servers of the Pakistan-based Storm-0156 hacking group since December 2022. Turla utilizes this access to deploy custom malware against Afghan government networks, demonstrating a tactic of leveraging others’ infrastructure for intelligence gathering, complicating attribution and enhancing their operational reach. ### Meeting … Read more

Salt Typhoon Builds Out Malware Arsenal With GhostSpider

November 26, 2024 by Xynik

November 26, 2024 at 03:23PM Salt Typhoon, a Chinese advanced persistent threat (APT), has been spying on high-value government and telecommunications organizations globally since 2023, deploying new malware like GhostSpider. Known for its sophisticated strategies, the group uses various attack methods, including exploiting vulnerabilities in Internet-facing devices, to infiltrate networks and access sensitive information. ### … Read more

Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

November 26, 2024 by Xynik

November 26, 2024 at 06:18AM The Chinese threat actor Earth Estries has been targeting Southeast Asian telecommunications and government networks using a new backdoor, GHOSTSPIDER, along with MASOL RAT. Compromising over 20 entities globally, they exploit various vulnerabilities for cyber espionage, showcasing advanced tactics and a sophisticated operational structure. Recent attacks indicate a significant evolution … Read more

Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions

November 25, 2024 by Xynik

November 25, 2024 at 03:34AM Earth Estries, a Chinese APT group, has been targeting critical sectors globally since 2023, utilizing advanced malware like GHOSTSPIDER and SNAPPYBEE. Their tactics involve exploiting public server vulnerabilities for espionage, impacting over 20 organizations across various industries. They employ a complex command-and-control infrastructure, indicating shared tools with other APTs. **Meeting … Read more

China’s ‘Liminal Panda’ APT Attacks Telcos, Steals Phone Data

November 20, 2024 by Xynik

November 20, 2024 at 03:38PM A new threat actor, Liminal Panda, has been spying on mobile phones in Asia and Africa for over four years, targeting telecommunications networks to gather sensitive data for potential use by the Chinese state. The group’s tactics involve network-based attacks and exploiting telecommunications infrastructure for economic and political espionage. ### … Read more

China Says Seabed Sentinels Are Spying, After Trump Taps

October 31, 2024 by Xynik

October 31, 2024 at 09:24AM China accused foreign entities of spying using maritime equipment shortly after state-sponsored hackers targeted Trump and Harris’ campaigns. The Ministry of State Security raised concerns over espionage in maritime activities. Recent reports also revealed attempts to infiltrate U.S. telecommunications by Chinese hackers, emphasizing the urgent need for improved cybersecurity measures. … Read more

China’s ‘Evasive Panda’ APT Debuts High-End Cloud Hijacking

October 29, 2024 by Xynik

October 29, 2024 at 05:11PM The China-sponsored hacking group Evasive Panda has launched CloudScout, a sophisticated toolset to exploit stolen Web session cookies and access data from cloud services like Google Drive and Gmail. This post-compromise tool evades authentication checks and illustrates the group’s advanced cyberespionage skills targeting civil society and political entities. ### Meeting … Read more

North Korean Hackers Exploited Chrome Zero-Day for Cryptocurrency Theft

October 24, 2024 by Xynik

October 24, 2024 at 09:05AM Lazarus APT developed a fraudulent website leveraging a Chrome zero-day vulnerability to install malware and steal cryptocurrency, as reported by SecurityWeek. **Meeting Notes Takeaways:** 1. **Event Overview**: The Lazarus APT (Advanced Persistent Threat) group has developed a deceptive website. 2. **Exploitation Method**: The group exploited a zero-day vulnerability in Chrome … Read more

SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack

October 17, 2024 by Xynik

October 17, 2024 at 06:42AM An APT group known as SideWinder, linked to India, has launched numerous attacks on key entities in the Middle East and Africa, utilizing multi-stage infection methods with a new toolkit called StealerBot. Targeted sectors include government, military, finance, and telecommunications across various countries, highlighting their evolving cyber capabilities. ### Meeting … Read more

Iranian Cyberspies Exploiting Recent Windows Kernel Vulnerability

October 14, 2024 by Xynik

October 14, 2024 at 09:15AM Iran-linked APT OilRig has escalated its cyber activities targeting the United Arab Emirates and the Gulf region, exploiting recent vulnerabilities in the Windows kernel, according to a report by SecurityWeek. **Meeting Takeaways:** 1. **APT OilRig Activity**: The threat actor group OilRig, linked to Iran, has increased its cyber operations targeting … Read more