June 20, 2024 at 07:15AM Cyber espionage linked to China has targeted telecom operators in an unnamed Asian country since at least 2021, using backdoors and attempting to steal credentials. The attacks also targeted a services company and a university in another Asian country. The campaign appears to involve tools used by various Chinese espionage … Read more
May 3, 2024 at 09:57AM Threat actors are increasingly using Microsoft Graph API for malicious purposes to evade detection, enabling communication with command-and-control (C&C) infrastructure on Microsoft cloud services. Symantec uncovered instances of nation-state-aligned hacking groups using this method, including the deployment of previously undocumented malware called BirdyClient. The popularity of Graph API among attackers … Read more
October 19, 2023 at 12:45PM Iranian hacking group MuddyWater, also known as APT34 or OilRig, breached a Middle Eastern government network and maintained access for eight months. They used a PowerShell backdoor called PowerExchange to steal passwords and data, and blend in with typical network traffic. They also utilized other tools such as Backdoor.Tokel, Trojan.Dirps, … Read more