April 17, 2024 at 04:06PM Kapeka is a new backdoor possibly linked to Russia’s Sandworm and a potential successor to GreyEnergy. Little public information exists on Kapeka, but WithSecure and Microsoft believe it is a tool of a nation-state group. Kapeka has potential for long-term cyberespionage or to deliver malware payloads, possibly originating from Sandworm. … Read more
April 17, 2024 at 10:04AM WithSecure’s report reveals the discovery of the new Kapeka backdoor, linked to Russian APT group Sandworm, targeting Eastern Europe since 2022. Microsoft identifies it as KnuckleTouch, describing its involvement in ransomware campaigns and multifunctional capabilities. The backdoor’s advanced features indicate APT-level activity, showing conceptual overlaps with GreyEnergy and Prestige. Based … Read more
April 11, 2024 at 06:12AM Earth Hundun, a cyberespionage group, has been refining the Waterbear and Deuterbear malware to infiltrate technology and government sectors in the Asia-Pacific region. The malware, particularly Deuterbear, employs advanced evasion tactics and HTTPS encryption for network traffic protection, posing significant challenges to organizational defenses. Trend Micro continues to enhance monitoring … Read more
April 11, 2024 at 02:57AM Apple updates its spyware threat notification system to alert users of possible individual targeting. The move responds to global and ongoing mercenary spyware attacks, particularly on journalists and activists. The company also sent threat notifications to iPhone users in 92 countries. International efforts are underway to counter the misuse of … Read more
April 9, 2024 at 10:45AM Human rights activists in Morocco and the Western Sahara are being targeted by a new threat actor called Starry Addax. They are using phishing attacks to trick victims into installing fake Android apps and harvesting credentials from Windows users. The actor has been active since January 2024 and is using … Read more
April 2, 2024 at 06:01PM The Chinese ‘Winnti’ hacking group used a new malware, UNAPIMON, to run malicious processes undetected. This group, active since 2012, targets various organizations and was linked to a cyberespionage attack named ‘Earth Freybug.’ UNAPIMON uses DLL side-loading and unhooking API functions to evade detection, showcasing innovative and sophisticated tactics by … Read more
April 2, 2024 at 01:54AM Summary: Earth Freybug actors are using dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to avoid being monitored by a new malware called UNAPIMON. The malware prevents child processes from being monitored, enabling malicious activity to go undetected. Security measures such as restricting admin privileges and frequent password … Read more
April 1, 2024 at 09:08PM Singapore’s Monetary Authority launched “COSMIC” application with major banks to combat money laundering & terrorism financing, being mindful of customer privacy. China-linked cyber espionage targets ASEAN entities. Japan plans to introduce its first domestic passenger jet by 2035, rebounding from the failed SpaceJet project. Google Cloud’s ANZ boss, Alister Dias, … Read more
March 28, 2024 at 01:51PM A Linux version of the multi-platform backdoor DinodasRAT has been detected by Kaspersky, targeting regions including China, Taiwan, Turkey, and Uzbekistan. It is a C++-based malware capable of harvesting sensitive data and is attributed to various China-nexus threat actors. The backdoor is designed to gain and maintain access via Linux … Read more
March 28, 2024 at 01:03PM Finnish Police has accused Chinese group APT31 of cyber-attacking the Parliament in 2020, with ongoing investigations confirming the group’s involvement and identifying a suspect. APT31 is also the focus of recent actions by the U.S. and the UK for engaging in widespread cyber espionage targeting businesses and officials. China denies … Read more