August 14, 2024 at 02:52PM Russia’s FSB cyberspies and a new group conducted a phishing campaign targeting US and European entities, including opposition figures, media outlets, and defense-industrial targets. Named “River of Phish,” the campaign aimed to steal user credentials and influence Western elections. The attackers impersonated colleagues and used encrypted PDFs to trick victims … Read more
August 13, 2024 at 01:33PM A China-backed threat group known as APT41 is expanding its cyber espionage reach from Asia to Europe, the Middle East, and Africa. Their spinoff group, Earth Baku, has been targeting organizations in Italy, Germany, UAE, and Qatar, using new malware and living-off-the-land techniques. APT41’s evolving and sophisticated threat profile poses … Read more
August 12, 2024 at 04:27PM South Korea’s ruling party PPP warns of North Korean hackers stealing crucial data on K2 tanks and spy planes, fearing it will aid military surveillance evasion. The theft includes design blueprints, technical data, and maintenance information. PPP urges immediate cybersecurity measures to counter North Korea’s escalating cyberattacks and calls for … Read more
August 9, 2024 at 12:14AM Earth Baku (associated with APT41) has expanded its reach from the Indo-Pacific to Europe, the Middle East, and Africa since late 2022. This advanced threat actor targets countries such as Italy, Germany, UAE, and Qatar, using public-facing applications like IIS servers for initial access and deploying advanced malware toolsets such … Read more
August 7, 2024 at 06:57AM An unnamed media organization in South Asia was targeted using a previously undocumented Go-based backdoor called GoGra, which utilizes the Microsoft Graph API for C&C purposes. Other new malware families have employed similar techniques, suggesting that threat actors are increasingly utilizing legitimate cloud services for low-key operations. Based on the … Read more
August 5, 2024 at 04:32PM An unknown state-sponsored threat actor has been using the new mobile spyware tool LianSpy to spy on Android smartphone users for at least three years, with a focus on Russia. The attackers exploit vulnerabilities to root devices or gain physical access. LianSpy silently monitors user activity, exfiltrating data via public … Read more
August 5, 2024 at 07:47AM Fighting Ursa, a prolific Russian cyber threat group, is targeting diplomats with a used car sale phishing scheme, distributing HeadLace backdoor malware. The attack, which involves disguising executables as image files, aims to establish persistent access for data theft and surveillance. The group has a history of high-profile cyber offensives … Read more
August 5, 2024 at 01:24AM Evasive Panda, a sophisticated China-linked cyber espionage group, compromised an ISP to push malware updates to target companies, displaying high levels of skill. The threat actor has been active since 2012, using various malware, including a macOS strain called MACMA. The group has targeted organizations through supply chain attacks, DNS … Read more
August 3, 2024 at 03:41PM The Chinese hacking group StormBamboo, also known as Evasive Panda, Daggerfly, and StormCloud, has compromised an internet service provider to inject malware into automatic software updates, targeting organizations across various countries. They exploited insecure HTTP software update mechanisms, deploying malware onto victims’ devices without user interaction. They also targeted software … Read more
August 2, 2024 at 03:46PM China-linked APT41 compromised a Taiwanese research institute in July 2023, deploying various malware tools including the ShadowPad RAT and Cobalt Strike tool. The group, known for cyber espionage and financially motivated attacks, targeted a valuable source of proprietary technology. The attack involved stealing documents and deploying sophisticated techniques to evade … Read more