July 23, 2024 at 04:42PM Russian cyber units have shifted focus from strategic civilian targets to targeting Ukrainian military objectives ahead of a summer kinetic offensive to reclaim territory. This change follows a reevaluation of priorities and aims to provide more direct advantages to conventional forces. Tactics include targeting military computers and mobiles, social engineering … Read more
July 23, 2024 at 03:59PM Evasive Panda, also known as Daggerfly, is a Chinese advanced persistent threat (APT) group that targets telecommunications companies, government agencies, NGOs, universities, and private individuals. It has developed malware for various platforms, including Windows, macOS, Android, Linux, and Solaris, showcasing its ambition and diverse capabilities. The group’s continuous development and … Read more
July 23, 2024 at 09:31AM Taipei and U.S. NGOs targeted by state-affiliated Chinese hacking group Daggerfly, using upgraded malware tools. Symantec reports the group engages in internal espionage, exploits Apache HTTP server vulnerability, and quickly adapts to continue espionage activities. New malware linked to Daggerfly includes MACMA and Nightdoor, targeting major operating systems. CVERC accuses … Read more
July 23, 2024 at 06:28AM CERT-UA warned of a cyber espionage campaign targeting a Ukrainian research institution with HATVIBE and CHERRYSPY malware. The attack leverages a compromised email account to distribute macro-laced Microsoft Word attachments, leading to the execution of the malware. A Russia-linked group, APT28, and UAC-0063 are attributed to the attack, with similar … Read more
July 19, 2024 at 10:05AM APT41, a Chinese threat group, has launched a cyber espionage campaign targeting organizations in shipping, logistics, media, entertainment, technology, and automotive industries across multiple countries. The group, known for supply chain attacks, has successfully infiltrated and maintained access to victim networks. APT41 is using custom cyber espionage tools and has … Read more
July 19, 2024 at 04:33AM Summary: Global shipping, logistics, media, technology, and automotive organizations in various countries are targeted by China-based APT41 hacking group, using web shells, custom droppers, and publicly available tools for unauthorized access and data exfiltration. Meanwhile, another threat group, GhostEmperor, is using a variant of the Demodex rootkit in a cyber … Read more
July 18, 2024 at 02:06AM MuddyWater, an Iranian cyber-espionage group, has shifted from using legitimate remote management software to deploying a custom backdoor implant known as BugSleep. This shift was prompted by the ineffectiveness of their previous approach. The group’s tactics involve phishing, deploying malicious PDFs, and targeting various government and critical industries in the … Read more
July 17, 2024 at 05:06AM APT17, a China-linked threat actor, targeted Italian companies and government entities using a variant of known malware, 9002 RAT. Two attacks occurred on June 24 and July 2, 2024, leveraging spear-phishing lures to prompt victims to download an MSI installer for Skype for Business, which triggered the execution of 9002 … Read more
July 16, 2024 at 08:09PM MuddyWater, an Iranian government-linked cyber espionage group, has enhanced its malware with a custom backdoor, targeting Israeli organizations. Utilizing phishing lures, the group sends emails with malicious links, infecting victim devices with BugSleep malware. The evolving tactics and wider targeting pose challenges for detection and increase the group’s potential impact. … Read more
July 15, 2024 at 02:32PM The MuddyWatter hacking group has developed a new custom-tailored malware implant called BugSleep. It is distributed through phishing emails disguised as invitations to webinars or online courses. The malware is injected into various apps and is actively being developed, indicating a trial-and-error approach. MuddyWatter has shifted to using BugSleep instead … Read more