UK and South Korea: Hackers use zero-day in supply-chain attack

November 24, 2023 at 01:28PM The National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) have issued a joint advisory warning about a hacking group called Lazarus, based in North Korea. The group has been using a zero-day vulnerability in the MagicLine4NX software, developed by South Korean company Dream Security, to conduct supply-chain … Read more

Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks

November 23, 2023 at 10:06AM A new phishing attack carried out by a cyber espionage group called Konni has been observed. The attackers are using a Russian-language Microsoft Word document to deliver malware that can collect sensitive information from compromised Windows hosts. The group is known for targeting Russia and uses spear-phishing emails and malicious … Read more

Industry piles in on North Korea for sustained rampage on software supply chains

November 23, 2023 at 08:44AM The UK and South Korea’s national cybersecurity organizations have issued a joint advisory warning about an increase in the volume and sophistication of North Korean software supply chain attacks. The advisory highlights the use of zero-day and N-day vulnerabilities and multiple exploits to achieve North Korea’s priorities, which include generating … Read more

Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions

November 21, 2023 at 02:06AM The China-linked cyber espionage group Mustang Panda targeted a Philippines government entity using legitimate software to sideload malicious files. Mustang Panda, also known as Bronze President and other aliases, is a Chinese advanced persistent threat (APT) that has been active since at least 2012. The group has targeted NGOs and … Read more

Gamaredon’s LittleDrifter USB malware spreads beyond Ukraine

November 20, 2023 at 05:34PM LittleDrifter is a recently discovered worm that spreads through USB drives and has infected systems in multiple countries. It is believed to be part of a campaign by the Gamaredon state-sponsored espionage group. The malware establishes communication with the group’s command and control server and spreads through USB drives using … Read more

Amid Military Buildup, China Deploys Mustang Panda in the Philippines

November 20, 2023 at 04:12PM Chinese APT group Mustang Panda, also known as Stately Taurus, has been conducting cyber espionage operations against high-profile government and government-adjacent organizations in the South Pacific, including the exploitation of a Philippine government entity. The group used a simple sideloading technique involving malicious ZIP files to compromise their targets. Unit … Read more

Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks

November 17, 2023 at 02:23PM An investigation by a security vendor has confirmed previous reports linking an Indian hack-for-hire group, called Appin, to cyber espionage and surveillance activities. The group, which no longer exists under its original name, targeted businesses, executives, politicians, and government officials around the world. The investigation found evidence of data theft, … Read more

Molerats Group Wields Custom Cybertool to Steal Secrets in the Middle East

November 14, 2023 at 09:57AM The pro-Palestinian cyber espionage group, TA402, has developed a new tool called IronWind to target government agencies in the Middle East and North Africa. Despite the conflict in the region, TA402 continues to operate and has shown sophistication in its tactics. The group uses geofencing to limit attacks and has … Read more

New Campaign Targets Middle East Governments with IronWind Malware

November 14, 2023 at 05:21AM Middle Eastern government entities are under attack from phishing campaigns deploying a new initial access downloader called IronWind. The campaigns, attributed to the threat actor TA402, have been active between July and October 2023. TA402, also known as Molerats, Gaza Cyber Gang, and APT-C-23, is a Middle Eastern APT group … Read more

Iranian Cyber Espionage Group Targets Financial and Government Sectors in Middle East

November 1, 2023 at 07:48AM A cyber espionage campaign has been targeting financial, government, military, and telecommunications sectors in the Middle East for at least a year. The threat actor, known as Scarred Manticore, is affiliated with Iran’s Ministry of Intelligence and Security. The campaign shows overlaps with other Iranian groups and uses a previously … Read more