September 11, 2024 at 09:41AM Researchers from the Acronis Threat Research Unit discovered an attack dubbed “WordDrone,” targeting Taiwanese drone makers. The attack involves weaponizing an old version of Microsoft Word to install a persistent backdoor, ClientEndPoint. There are similarities to a previous “TIDrone” campaign, with the attackers possibly exploiting a side-loading flaw in the … Read more
September 10, 2024 at 11:36AM China’s state-sponsored threat actor, Mustang Panda, is utilizing self-propagating malware spread through USB drives and spear-phishing to target various government entities in the Asia-Pacific region. The group’s tactics have evolved to include new vectors for initial entry, with a focus on specific countries and sectors. Trend Micro researchers advise continuous … Read more
September 10, 2024 at 08:39AM A renewed state-sponsored operation codenamed Crimson Palace, linked to China, has expanded its espionage efforts by compromising more government organizations in Southeast Asia. Cybersecurity firm Sophos identified three intrusion sets using compromised networks to deliver malware. The clusters employ various techniques, including C2 frameworks and open-source programs, to infiltrate, establish … Read more
September 9, 2024 at 05:30PM Mustang Panda, a China-based cyber espionage group, has been using new strategies and malware to carry out attacks, targeting government and non-government entities mostly in the Asia-Pacific region. The group’s recent activities involve the deployment of new tools such as FDMTP and PTSOCKET to steal information from breached networks. The … Read more
September 9, 2024 at 12:39AM The U.S. government and international partners attribute cyberattacks to Russian hacking group Cadet Blizzard, linked to GRU 161st Specialist Training Center, targeting infrastructure and countries including Ukraine and NATO members. Cyber actors use destructive malware, and DOJ has indicted Russian officers associated with Unit 29155. Agencies emphasize system updates, network … Read more
August 30, 2024 at 09:45AM Researchers have discovered a sophisticated malware campaign using Google Sheets for command-and-control activities. The campaign targets various organizations worldwide, impersonating tax authorities to distribute a bespoke information-gathering tool called Voldemort. The malware utilizes advanced techniques while also exhibiting characteristics of cybercrime activity. Proofpoint experts believe the campaign is likely espionage-driven … Read more
August 30, 2024 at 07:30AM Cybersecurity researchers have discovered a new network infrastructure set up by Iranian threat actors to support recent targeting of U.S. political campaigns, displaying a meticulously crafted system using dynamic DNS providers for phishing attacks. This comes amid increased Iranian cyber activity against the U.S., including ramped-up malicious cyber activities. After … Read more
August 30, 2024 at 02:42AM Chinese-speaking users are being targeted in a sophisticated cyber espionage campaign called SLOW#TEMPEST, using phishing emails to infect Windows systems with Cobalt Strike payloads. The attackers established persistence within systems, conducted reconnaissance, and set up remote access, allowing them to move laterally across networks undetected. The campaign appears to be … Read more
August 30, 2024 at 12:31AM Iranian government-backed actors were reportedly using fake recruiting websites and social media accounts to target Farsi speakers suspected of collaborating with Iran’s enemies, including Israel. Google’s Mandiant team uncovered the operation, linking it to Iran’s regime and cyber unit APT42. The campaign’s purpose was to gather personal information and potentially … Read more
August 29, 2024 at 12:24PM A non-profit supporting Vietnamese human rights has been targeted by a multi-year cyber espionage campaign attributed to APT32. The group uses various malware delivery methods, including spear-phishing and watering hole attacks. The intrusion has resulted in the compromise of several hosts and the theft of sensitive information, with a focus … Read more