Trend Micro researchers have been tracking an active intrusion set that primarily targets organizations located in countries including Brazil, India, and Southeast Asia since 2023.
The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations. The actor also takes advantage of various known vulnerabilities to exploit public-facing servers. Research reports have also mentioned their aggressive operations, including REF0657, STAC6451, and CL-STA-0048. Evidence the researchers collected indicates this group is a China-nexus intrusion set, which Trend Micro now track as Earth Lamia.
Read more…
Source: Trend Micro
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Cisco Releases Security Updates for Unified CCX
November 6, 2025
Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4 Read more… Source: NHS Digital Sign up for the Cyber Security Review Newsletter The latest cyber security news and ...
- SonicWall blames state hackers for damaging data breach
November 6, 2025
SonicWall has blamed “state-sponsored threat actors” for the cloud backup security breach which hit its services in September 2025. In an update posted on the company’s website, SonicWall said it completed the investigation into the incident, and confirmed that the malicious activity was “carried out by a state-sponsored threat actor” and was “isolated to the unauthorized ...
- Malware-pwned laptop gifts cybercriminals Nikkei’s Slack
November 6, 2025
Japanese media behemoth Nikkei has admitted to a data breach after miscreants slipped into its internal Slack workspace, exposing the personal details of more than 17,000 employees and business partners.… The company blamed the intrusion on malware that infected an employee’s device, letting attackers pinch Slack credentials and waltz into its chat system. Once the suspicious ...
- Android malware steals your card details and PIN to make instant ATM withdrawals
November 6, 2025
The Polish Computer Emergency Response Team (CERT Polska) analyzed a new Android-based malware that uses NFC technology to perform unauthorized ATM cash withdrawals and drain victims’ bank accounts. Researchers found that the malware, called NGate, lets attackers withdraw cash from ATMs (Automated Teller Machines, or cash machines) using banking data exfiltrated from victims’ phones—without ever physically ...
- Washington Post says it is among victims of cyber breach tied to Oracle software
November 6, 2025
The Washington Post said it is among victims of a sweeping cyber breach tied to Oracle software. In a statement released on Thursday, the newspaper said it was one of those impacted “by the breach of the Oracle E-Business Suite platform.” The paper did not provide further detail, but its statement comes after CL0P, the notorious ...
- Italian political consultant says he was targeted with Paragon spyware
November 6, 2025
Francesco Nicodemo, a consultant who works with left-wing politicians in Italy, has gone public as the latest person targeted with Paragon spyware in the country. On Thursday, Nicodemo said in a Facebook post that for 10 months, he preferred not to publicize his case because he “did not want to be used for political propaganda,” ...