Advanced Persistent Threat


NEWS 
  • Konni Campaign Distributed Via Malicious Document

    November 20, 2023

    FortiGuard Labs recently identified the use of a Russian-language Word document equipped with a malicious macro in the ongoing Konni campaign. Despite the document’s creation date of September, ongoing activity on the campaign’s C2 server is evident in internal telemetry. This campaign relies on a remote access trojan (RAT) capable of extracting information and executing commands ...

  • Data stolen in hack of nuclear energy testing facility Idaho National Lab

    November 20, 2023

    The Idaho National Laboratory, part of the U.S. Department of Energy and one of the country’s foremost advanced nuclear energy testing labs, has suffered a breach that released the details of employees online. A hacking group called SiegeSec took responsibility for the breach, which occurred Sunday night. In a statement to local media, INL media spokesperson ...

  • Stately Taurus targets the Philippines as tensions flare in the South Pacific

    November 17, 2023

    Tensions between China and the Philippines have risen sharply over the past several months. Coinciding with these real-world events, Unit 42 researchers observed three Stately Taurus campaigns during the month of August. These campaigns are assessed to have targeted entities in the South Pacific including the Philippines government. The campaigns leveraged legitimate software including Solid PDF ...

  • Into The Trash: Analyzing LitterDrifter

    November 17, 2023

    Gamaredon, also known as Primitive Bear, ACTINIUM, and Shuckworm, is a unique player in the Russian espionage ecosystem that targets a wide variety of almost exclusively Ukrainian entities. While researchers often struggle to uncover evidence of Russian espionage activities, Gamaredon is notably conspicuous. The group behind it conducts large-scale campaigns while still primarily focusing on regional ...

  • TA402 Uses Complex IronWind Infection Chains to Target Middle East-Based Government Entities

    November 14, 2023

    In mid-2023, Proofpoint researchers first identified TA402 (Molerats, Gaza Cybergang, Frankenstein, WIRTE) activity using a labyrinthine infection chain to target Middle Eastern governments with a new initial access downloader Proofpoint has dubbed IronWind. From July through October 2023, TA402 utilized three variations of this infection chain—Dropbox links, XLL file attachments, and RAR file attachments—with each variant ...

  • Advanced threat predictions for 2024

    November 14, 2023

    Advanced persistent threats (APTs) are the most dangerous threats, as they employ complex tools and techniques, and often are highly targeted and hard to detect. Amid the global crisis and escalating geopolitical confrontations, these sophisticated cyberattacks are even more dangerous, as there is often more at stake.  In this article, Kaspersky’s Global Research and Analysis Team ...

  • In-depth analysis of July 2023 exploit chain featuring CVE-2023-36884 and CVE-2023-36584

    November 13, 2023

    During their analysis of a July 2023 campaign targeting groups supporting Ukraine’s admission into NATO, Unit 42 researchers discovered a new vulnerability for bypassing Microsoft’s Mark-of-the-Web (MotW) security feature. This activity has been attributed by the community to the pro-Russian APT group known as Storm-0978 (also known as the RomCom Group, in reference to their use ...

  • Modern Asian APT groups’ tactics, techniques and procedures (TTPs)

    November 9, 2023

    This report consists of six main sections – Incidents involving Asian APT groups in various regions of the planet Information on five unique incidents that Kaspersky researchers detected in different parts of the world. Each incident is a unique case within a specific country and industry, and they provide a description of the actions and TTPs ...

  • Agonizing Serpens (Aka Agrius) Targeting the Israeli Higher Education and Tech Sectors

    November 6, 2023

    Unit 42 researchers have investigated a series of destructive cyberattacks beginning in January 2023 and continuing as recently as October 2023, targeting the education and technology sectors in Israel. The attacks are characterized by attempts to steal sensitive data, such as personally identifiable information (PII) and intellectual property. Once the attackers stole the information, they ...

  • New Zealand: Money-motivated cyber attacks outnumber those carried out by nation-states

    November 2, 2023

    Major financially motivated cyber attacks in New Zealand have exceeded those launched by nation-states for the first time, and AI looms as an ever-greater weapon, a new report says. In its latest annual threat report, the National Cyber Security Centre said the potential impact was growing – though the number of major attacks dropped slightly, to ...