May 7, 2024 at 04:15AM MITRE disclosed details of a recent hack targeting its NERVE network, including the use of Ivanti zero-day vulnerabilities and attribution to a Chinese cyberespionage group. The attack involved manipulating virtual machines, deploying malicious payloads and preparing for data exfiltration. MITRE shared technical details on the malware and indicators of compromise. … Read more
May 6, 2024 at 10:05AM A cyber espionage campaign dubbed ArcaneDoor targeted perimeter network devices from various vendors, possibly linked to China. The attacks involved deploying custom malware and exploiting flaws in Cisco devices. The threat actor’s interest in Microsoft Exchange servers and other vendor devices suggests a Chinese involvement. Additionally, a malware known as … Read more
May 6, 2024 at 09:15AM Iran’s state-sponsored cyberespionage group APT42, also known as Calanque and UNC788, has been using new backdoors to target NGOs, government, and intergovernmental organizations. The group, operating since at least 2015 and believed to be linked to the Islamic Revolutionary Guard Corps, uses social engineering to target academia, activists, media organizations, … Read more
May 4, 2024 at 07:57AM German officials accused Russian military agents of hacking Chancellor Olaf Scholz’s party and other sensitive targets, with NATO and European countries joining in condemning Russia’s cyberespionage actions. The hacking, attributed to Russian military cyber operators, targeted emails and institutions over several months. International efforts shut down the botnet used by … Read more
May 4, 2024 at 05:30AM Czechia and Germany were targeted by a long-term cyber espionage campaign by Russia-linked APT28, utilizing a security flaw in Microsoft Outlook. The attack compromised email accounts and targeted various industry verticals. The European Union, NATO, U.K., and U.S. condemned the cyber campaign. Additionally, there were reports of DDoS attacks and … Read more
May 3, 2024 at 11:49AM NATO, EU, and partners condemn Russian threat group APT28’s cyber espionage campaign targeting European countries, including Germany and Czechia. The attacks compromised email accounts and targeted various government authorities, companies, and critical infrastructure. NATO warns about recent Russian hybrid activities impacting multiple Allied countries. APT28 has been linked to high-profile … Read more
May 3, 2024 at 09:10AM Trend Micro reports that the APT28 cyberespionage group, linked to Russia, used a botnet of Ubiquiti routers for espionage. The FBI dismantled the botnet in January 2024, but Trend Micro found remnants and expanded botnet details. APT28 used infected devices for various illicit activities, including proxying stolen credentials and cryptocurrency … Read more
May 3, 2024 at 09:10AM The cyberespionage campaign ArcaneDoor, targeting government networks with hacked Cisco firewalls, is likely operated by a Chinese state-sponsored threat actor. Exploiting two zero-day vulnerabilities, the attackers used custom malware to execute commands and exfiltrate data. Censys research supports the connection to China, citing IP addresses and the presence of Chinese-developed … Read more
May 2, 2024 at 01:18AM The new malware, Cuttlefish, targets small office and home office (SOHO) routers to secretly monitor network traffic and gather authentication data from web requests. It can also hijack DNS and HTTP connections, exfiltrate data, and act as a proxy or VPN. The cybersecurity firm warns that it poses a serious … Read more
April 29, 2024 at 10:00AM Since October 2019, a new cyber threat, Muddling Meerkat, has used DNS activities to evade security measures and conduct network reconnaissance worldwide. Linked to China, the threat exploits DNS open resolvers and manipulates DNS queries from Chinese IP space. This sophisticated threat involves false MX record responses and may be … Read more