Advanced Persistent Threat

  • Growth of ‘hackers for hire’ will lead to more attacks and unpredictable threats, UK cyber security agency warns

    April 19, 2023

    The number of “hackers for hire” is set to grow over the next five years, leading to more cyber attacks and increasingly unpredictable threats, the UK’s cyber security agency has warned. A rise in spyware is also anticipated and other hacking tools, according to a new report by the National Cyber Security Centre (NCSC), which is ...

  • Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

    April 18, 2023

    Over the past several months, Microsoft has observed a mature subgroup of Mint Sandstorm, an Iranian nation-state actor previously tracked as PHOSPHORUS, refining its tactics, techniques, and procedures (TTPs). Specifically, this subset has rapidly weaponized N-day vulnerabilities in common enterprise applications and conducted highly-targeted phishing campaigns to quickly and successfully access environments of interest. This Mint ...

  • State-sponsored campaigns target global network infrastructure

    April 18, 2023

    Recently, the UK’s National Cyber Security Center (NCSC) released a report on a sustained campaign by a Russian intelligence agency targeting a vulnerability in routers that Cisco had published a patch for in 2017. This campaign, dubbed “Jaguar Tooth,” is an example of a much broader trend of sophisticated adversaries targeting networking infrastructure to advance ...

  • Hackers abuse Google Command and Control red team tool in attacks

    April 17, 2023

    The Chinese state-sponsored hacking group APT41 was found abusing the GC2 (Google Command and Control) red teaming tool in data theft attacks against a Taiwanese media and an Italian job search company. APT 41, also known as HOODOO, is a Chinese state-sponsored hacking group known to target a wide range of industries in the USA, Asia, ...

  • Following the Lazarus group by tracking DeathNote campaign

    April 12, 2023

    The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. Kaspersky researchers have previously published information about the connections of each cluster of this group. In this blog, Kaspersky focus on an active cluster that they dubbed DeathNote because the malware responsible for downloading additional payloads is named Dn.dll or Dn64.dll. This threat is ...

  • Mantis: New Tooling Used in Attacks Against Palestinian Targets

    April 4, 2023

    The Mantis cyber-espionage group (aka Arid Viper, Desert Falcon, APT-C-23), a threat actor believed to be operating out of the Palestinian territories, is continuing to mount attacks, deploying a refreshed toolset and going to great lengths to maintain a persistent presence on targeted networks. While the group is known for targeting organizations in the Middle East, ...

  • APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations

    March 28, 2023

    Mandiant researchers released a report on APT43, a prolific threat actor operating on behalf of the North Korean regime that they have observed engaging in cybercrime as a way to fund their espionage operations. According to Mandiant they track tons of activity throughout the year, but don’t always have enough evidence to attribute it to a ...

  • New malware variant has “radio silence” mode to evade detection

    March 7, 2023

    The Sharp Panda cyber-espionage hacking group is targeting high-profile government entities in Vietnam, Thailand, and Indonesia with a new version of the ‘Soul’ malware framework. The particular malware was previously seen in espionage campaigns targeting critical Southeast Asian organizations, attributed to various Chinese APTs. Read more… Source: Bleeping Computer  

  • Clasiopa: New group targets materials research organization in Asia

    February 23, 2023

    A hitherto unknown attack group has been observed targeting a materials research organization in Asia. The group, which Symantec calls Clasiopa, is characterized by a distinct toolset, which includes one piece of custom malware (Backdoor.Atharvan). At present, there is no firm evidence on where Clasiopa is based or whom it acts on behalf. The infection vector ...

  • Hydrochasma: Previously unknown group targets medical and shipping organizations in Asia

    February 22, 2023

    Shipping companies and medical laboratories in Asia are being targeted in a likely intelligence-gathering campaign that relies exclusively on publicly available and living-off-the-land tools. Hydrochasma, the threat actor behind this campaign, has not been linked to any previously identified group, but appears to have a possible interest in industries that may be involved in COVID-19-related treatments ...