September 23, 2024 at 02:18AM A suspected APT from China targeted a Taiwanese government organization and other APAC countries by exploiting a security flaw. The activity uses various techniques and malware like Cobalt Strike and EAGLEDOOR to infiltrate and gather data from government and energy sectors. The threat actor’s sophistication and adaptability are notable. Key … Read more
September 22, 2024 at 09:10PM A China-linked cyber-espionage group dubbed Earth Baxia has targeted Taiwanese government agencies, the Philippine and Japanese military, and energy companies in Vietnam. The group primarily uses spear-phishing and a custom backdoor called EagleDoor, as well as exploiting a vulnerability in the open source GeoServer software. The majority of the group’s … Read more
September 19, 2024 at 09:01PM Geopolitical tensions have led to a surge in cyberattacks on US and allied organizations by North Korean cyber-espionage group Kimsuky. The group has successfully exploited poorly configured DMARC policies for spear-phishing campaigns targeting high-profile individuals and organizations. Ensuring properly configured DMARC is critical to defend against these attacks and protect … Read more
September 19, 2024 at 08:53AM A postmortem on the accidental hiring of a North Korean threat actor at a security firm uncovered a network of fake IT workers groomed to deceive US companies for the financial benefit of the North Korean government. The actors slipped through background checks and posed as credible employees, exploiting the … Read more
September 18, 2024 at 05:00PM SambaSpy, a remote access Trojan (RAT), is a sophisticated tool with various spying and data-stealing functions, initially targeting Italian victims and potentially expanding to other countries. The malware’s capabilities include file management, remote control, password stealing, and more, making it a versatile and powerful tool for threat actors. It is … Read more
September 18, 2024 at 01:09PM Lumen Technologies researchers have identified a large-scale botnet, Raptor Train, controlled by a Chinese state-sponsored espionage group known as Flax Typhoon. The botnet targets US and Taiwanese organizations in critical sectors using IoT devices and has a robust command and control infrastructure. The botnet has been used for extensive scanning … Read more
September 18, 2024 at 11:14AM UNC2970, a North Korean threat actor, has been using job-themed lures to distribute new malware to individuals in critical infrastructure sectors. Mandiant reported that UNC2970 targeted individuals in the US, UK, Netherlands, Cyprus, Germany, Sweden, Singapore, Hong Kong, and Australia. The group has been using fake job descriptions to target … Read more
September 18, 2024 at 07:03AM North Korea-linked cyber-espionage group UNC2970, alias TEMP.Hermit/Lazarus Group, is phishing energy and aerospace targets with job-themed baits, using a backdoor MISTPEN. Mandiant identified its history in strategic intelligence collection for North Korean interests. The group’s Operation Dream Job leverages weaponized PDFs and older software to execute attacks, evolving to avoid … Read more
September 18, 2024 at 02:25AM Iran continues to escalate cyber operations by utilizing APT34, also known as Hazel Sandstorm, to target government ministries in Iraq and neighboring nations. The cyberespionage group aims to gather intelligence through email tunneling and malware programs. Analysts believe the primary objective is espionage, reflecting the evolving geopolitical landscape in the … Read more
September 13, 2024 at 04:51PM Apple has withdrawn its lawsuit against NSO Group, citing risks of unintentionally revealing sensitive data and difficulties in obtaining essential information. The lawsuit, originally filed in 2021, aimed to hold NSO Group accountable for hacking into Appleās iOS platforms. Apple expressed concerns about the dynamic spyware industry and limited impact … Read more