March 8, 2024 at 08:03AM Cybersecurity firm ESET reports that a Chinese APT group known as Evasive Panda has been targeting Tibetans through watering hole and supply chain attacks. The group has a history of cyberespionage operations primarily targeting government entities in China, India, and other Asian countries. Evasive Panda has been leveraging compromised websites … Read more
March 7, 2024 at 09:21AM Evasive Panda, a China-based threat actor, conducted cyber attacks targeting Tibetan users through watering hole and supply chain techniques, using malicious downloaders to deploy a backdoor and a new Windows implant. The attacks aimed to infiltrate specific countries and territories, taking advantage of events like the Kagyu Monlam Festival. The … Read more
March 7, 2024 at 05:37AM A targeted cyber-attack linked to the Evasive Panda hacking team infected visitors to a Buddhism festival website and users of a Tibetan language translation app. The group’s campaign affected systems in India, Taiwan, Australia, the United States, and Hong Kong. Evasive Panda is known for supply chain attacks and has … Read more
March 5, 2024 at 01:15PM The U.S. Treasury’s Office of Foreign Assets Control has imposed sanctions on two individuals and five entities associated with the Intellexa Consortium for developing and distributing the Predator spyware, used to target Americans, including government officials and journalists. Sanctions freeze U.S.-based assets and transactions with them, signaling the U.S. government’s … Read more
March 1, 2024 at 09:57AM The US Justice Department announced charges against Iranian national Alireza Shafie Nasab, accused of involvement in hacking operations targeting government and private sector organizations. His firm, Mahak Rayan Afraz, linked to cyberespionage, had ties to the IRGC. Nasab, now at large, faces charges carrying up to 20-year prison sentences, with … Read more
March 1, 2024 at 09:47AM The U.S. Department of Justice indicted Alireza Shafie Nasab, an Iranian national, for cyber-espionage targeting U.S. government and defense entities. Operating from 2016 to April 2021, Nasab and co-conspirators employed phishing and hacking techniques to compromise over 200,000 devices, resulting in charges carrying 5 to 20 years in prison. The … Read more
February 29, 2024 at 03:33AM SPIKEDWINE, a new threat actor, targeted European officials with Indian ties using the WINELOADER backdoor. They used a PDF email attachment posing as an invitation from the Indian Ambassador for a wine-tasting event, enabling malware installation. The attack is sophisticated and evasive, utilizing compromised websites for command and control. The … Read more
February 28, 2024 at 10:45AM Iran-nexus threat actor UNC1549 attributed to cyber attacks in Middle East, including Israel and U.A.E. Also targeting Turkey, India, and Albania. Suspected activity ongoing since June 2022, using Microsoft Azure infrastructure, spear-phishing emails, and custom backdoors MINIBIKE and MINIBUS for intelligence collection and network access. Evasion methods make detection challenging. … Read more
February 28, 2024 at 07:45AM The US government has urged organizations and consumers to clean up their Ubiquiti routers following the dismantling of a botnet utilized by a Russian cyberespionage group known as APT28. The group, also called Fancy Bear, had been using compromised routers for covert operations since 2022, targeting various organizations worldwide. The … Read more
February 26, 2024 at 03:08PM UAC-0184 utilizes steganography to distribute the Remcos RAT via the IDAT Loader. The campaign initially targeted Ukrainian entities but shifted focus after encountering defenses. The goal was cyber espionage, with the RAT granting unauthorized system access, data theft, and remote control. This represents a trend of advanced defense evasion techniques … Read more