March 23, 2024 at 02:33AM Russian-linked hacking group, APT29, has been identified using the WINELOADER backdoor in cyber attacks on diplomatic entities and German political parties. The malware, distributed through wine-tasting phishing emails, allowed for espionage activities, marking a shift in APT29’s focus. This discovery coincides with the arrest of a German military officer involved … Read more
March 22, 2024 at 06:07PM Chinese spies exploited critical-severity bugs in F5 and ConnectWise equipment to gain access to US defense organizations, UK government agencies, and other entities, according to Mandiant. The exploits were attributed to a group known as UNC5174, who also targeted other vulnerabilities and used custom software and a remote command-and-control framework … Read more
March 22, 2024 at 08:33AM A China-linked threat group utilized security flaws in Connectwise ScreenConnect and F5 BIG-IP to distribute custom malware for creating backdoors on compromised Linux hosts. The group, tracked as UNC5174, has targeted various organizations, including research institutions and government entities in the U.S. and U.K. They have also been observed trying … Read more
March 19, 2024 at 05:10PM Chinese cyberspies, known as Earth Krahang, have targeted at least 70 organizations, predominantly government entities, and over 116 victims globally. They utilize phishing emails, brute-force attacks for credential theft, and custom backdoors to compromise servers and infringe on government infrastructure. The group also has connections to other state-backed gangs and … Read more
March 19, 2024 at 09:57AM A hacking group, Earth Krahang, believed to be linked to the Chinese company I-Soon, has compromised numerous foreign government entities. The group is accused of conducting cyberespionage and targeting over 70 organizations across 23 countries, primarily in Asia and America. They have used various tactics, including spear-phishing emails and deploying … Read more
March 19, 2024 at 06:48AM A new variant of the data wiping malware AcidRain, named AcidPour, has been discovered, targeting Linux x86 devices. This ELF binary variant is designed to erase content from RAID arrays and UBI file systems. The specific targets and scale of the attacks are currently unknown. The discovery highlights the use … Read more
March 18, 2024 at 04:53PM Summary: A sophisticated hacking campaign by the Chinese APT group Earth Krahang has targeted 70 organizations in 45 countries since early 2022, primarily focusing on government entities. The attackers exploit vulnerabilities and use spear-phishing to deploy custom backdoors for cyber espionage, abusing breached government infrastructure to target other governments and … Read more
March 18, 2024 at 04:58AM APT & Targeted Attacks Summary An APT campaign named Earth Krahang targets government entities worldwide, with a focus in Southeast Asia, but also in Europe, America, and Africa. Using public-facing servers and spear phishing emails, the threat actor aims to conduct cyberespionage by abusing compromised government infrastructure. The campaign involves … Read more
March 12, 2024 at 10:11AM Part one of the article explains cybersecurity attribution, distinguishing between attribution and public disclosure, and discussing standards of proof including intelligence, judicial, and technical standards. Attribution is important for understanding the adversary and defending against future attacks. The article promises to delve into the key methods of attributing events to … Read more
March 12, 2024 at 03:45AM A South Korean national, Baek Won-soon, has been detained by Russia on cyber espionage charges and transferred from Vladivostok to Moscow for investigation. It is alleged that he handed over classified information to foreign intelligence agencies. This development follows growing geopolitical ties between Russia and North Korea and the recent … Read more