August 2, 2024 at 12:42PM A Taiwanese research institute specializing in computing was breached by China-affiliated threat actors, delivering backdoors and malware like ShadowPad and Cobalt Strike. Cisco Talos discovered the activity in August 2023 and attributed it to APT41. The attackers used various techniques to evade detection and exfiltrated documents from the network. This … Read more
July 31, 2024 at 06:09AM A new phishing campaign by the cyber espionage group XDSpy targeted companies in Russia and Moldova with the DSDownloader malware. XDSpy has previously targeted Eastern European and Balkan government agencies since 2011. The Russo-Ukrainian war has led to increased cyber attacks, with various threat actors targeting organizations in both countries. … Read more
July 30, 2024 at 10:00AM BlackBerry reports that a threat actor, known as SideWinder, has been targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. The actor has been active since 2012, primarily targeting government, military, and businesses in various countries for cyberespionage. The attacks rely on spear-phishing emails and malicious documents … Read more
July 30, 2024 at 04:36AM SideWinder, a nation-state threat actor associated with India, is conducting a cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. Using spear-phishing, document exploitation, and DLL side-loading techniques, their latest attacks leverage emotional lures and exploit security vulnerabilities to deliver malicious payloads for potential … Read more
July 29, 2024 at 02:18AM The Gh0st RAT is being delivered to Chinese-speaking Windows users by the Gh0stGambit evasive dropper through a drive-by download scheme. The infection originates from a fake website masquerading as Google’s Chrome browser. The malware is capable of various malicious activities, and the distribution via drive-by downloads highlights the need for … Read more
July 26, 2024 at 07:03AM The US Department of State is offering a $10 million reward for information on Rim Jong Hyok, a North Korean national charged with hacking hospitals, military bases, and NASA. Operating on behalf of a North Korean military intelligence agency, Rim and his group, APT45, have targetted foreign businesses, government entities, … Read more
July 25, 2024 at 05:32PM A cyber-espionage group, Andariel, sponsored by North Korea, is targeting organizations across the world, especially in the US. The group is stealing technical and intellectual property for its nuclear and military programs. They fund their activities through ransomware attacks on US healthcare entities. The US government has issued a warning … Read more
July 25, 2024 at 03:51PM Rim Jong Hyok, linked to a North Korean military intelligence agency, faces indictment for allegedly leading cyber attacks on American health care providers, NASA, and military bases. He used money laundering to finance the attacks, disrupting patient treatment and stealing unclassified data from NASA. A reward of up to $10 … Read more
July 25, 2024 at 11:03AM North Korea-linked threat actor APT45 is expanding into financially-motivated attacks using ransomware, marking a shift from traditional cyber espionage. It is associated with deploying ransomware families SHATTEREDGLASS and Maui, targeting entities in South Korea, Japan, and the U.S. The group is also linked to malware such as Dtrack and has … Read more
July 24, 2024 at 06:36AM Patchwork, a threat actor linked to cyber attacks targeting entities connected to Bhutan, has utilized the Brute Ratel C4 framework and an updated backdoor, PGoShell. Known as APT-C-09, the state-sponsored actor has a history of conducting spear-phishing and watering hole attacks against China and Pakistan. Additionally, Patchwork has employed romance-themed … Read more