Advanced Persistent Threat

NEWS 
  • Notes of cyber inspector: three clusters of threat in cyberspace

    September 10, 2025

    Hacktivism and geopolitically motivated APT groups have become a significant threat to many regions of the world in recent years, damaging infrastructure and important functions of government, business, and society. In late 2022 Kaspersky predicted that the involvement of hacktivist groups in all major geopolitical conflicts from now on will only increase and this is what ...

  • Deception in Depth: PRC-nexus espionage campaign hijacks web traffic to target diplomats

    August 25, 2025

    This blog post presents Google Threat Intelligence Group (GTIG) findings and analysis of this espionage campaign, as well as the evolution of the threat actor’s operational capabilities. GTIG examine how the malware is delivered, how the threat actor utilized social engineering and evasion techniques, and technical aspects of the multi-stage malware payloads. In this campaign, the ...

  • FBI: Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure

    August 20, 2025

    The Federal Bureau of Investigation (FBI) is warning the public, private sector, and international community of the threat posed to computer networks and critical infrastructure by cyber actors attributed to the Russian Federal Security Service’s (FSB) Center 16. The FBI detected Russian FSB cyber actors exploiting Simple Network Management Protocol (SNMP) and end-of-life networking devices running ...

  • Hackers breach and expose a major North Korean spying operation

    August 12, 2025

    Hackers claim to have compromised the computer of a North Korean government hacker and leaked its contents online, offering a rare window into a hacking operation by the notoriously secretive nation. The two hackers, who go by Saber and cyb0rg, published a report about the breach in the latest issue of Phrack magazine, a legendary cybersecurity ...

  • New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises

    August 12, 2025

    Trend Micro researchers recently identified a new ransomware family called Charon, deployed in a targeted attack observed in the Middle East’s public sector and aviation industry. The threat actor employed a DLL sideloading technique notably similar to tactics previously documented in the Earth Baxia campaigns, which have historically targeted government sectors. The attack chain leveraged a ...

  • From ClickFix to Command: A Full PowerShell Attack Chain

    August 11, 2025

    The FortiMail Workspace Security team recently identified a targeted intrusion campaign impacting multiple Israeli organizations. The adversary leveraged compromised internal email infrastructure to distribute phishing messages across the regional business landscape. These emails initiated a multi-stage, PowerShell-based infection chain that culminated in the delivery of a remote access trojan (RAT), executed entirely through PowerShell. Read more… Source:  Fortinet Sign ...

  • Denmark energy cyber attack highlights infrastructure security gaps

    August 4, 2025

    November 2023 saw an unprecedented cyber attack on Denmark’s energy infrastructure. In a co-ordinated breach of 22 companies, criminal gangs gained access to industrial control systems. Investigators believe at least one of the attackers was acting on behalf of a state. Michael Murphy, who heads Fortinet’s APAC Operational Technology group from the company’s Sydney office, says ...

  • Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

    July 31, 2025

    Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been targeting embassies located in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware. ApolloShadow has the capability to install a trusted root certificate to trick devices into trusting malicious actor-controlled sites, enabling ...

  • Singapore: Critical information infrastructure owners must report suspected advanced cyberattacks under new rules

    July 29, 2025

    Owners of Singapore’s critical information infrastructure (CII) will soon be required to report any incidents suspected to be caused by advanced persistent threats (APTs), a type of prolonged cyberattack typically carried out by well-resourced threat actors. The reports must be made to the Cyber Security Agency of Singapore (CSA), said Minister for Digital Development and Information ...

  • GhostContainer backdoor: Malware compromising Exchange servers of high-value organizations in Asia

    July 17, 2025

    In a recent incident response (IR) case, Kaspersky researchers discovered highly customized malware targeting Exchange infrastructure within government environments. Analysis of detection logs and clues within the sample suggests that the Exchange server was likely compromised via a known N-day vulnerability. Kaspersky in-depth analysis of the malware revealed a sophisticated, multi-functional backdoor that can be dynamically ...