Chinese APT Abuses VSCode to Target Government in Asia

Unit 42 researchers recently found that Stately Taurus abused the popular Visual Studio Code software in espionage operations targeting government entities in Southeast Asia. Stately Taurus is a Chinese advanced persistent threat (APT) group that carries out cyberespionage attacks. This Read More …

Tropic Trooper spies on government entities in the Middle East

Tropic Trooper (also known as KeyBoy and Pirate Panda) is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Kaspersky recent investigation Read More …

State-backed attackers and commercial surveillance vendors repeatedly use the same exploits

Google’s Threat Analysis Group (TAG) observed multiple in-the-wild exploit campaigns, between November 2023 and July 2024, delivered from a watering hole attack on Mongolian government websites. The campaigns first delivered an iOS WebKit exploit affecting iOS versions older than 16.6.1 Read More …

BlindEagle flying high in Latin America

BlindEagle, also known as “APT-C-36”, is an APT actor recognized for employing straightforward yet impactful attack techniques and methodologies. The group is known for their persistent campaigns targeting entities and individuals in Colombia, Ecuador, Chile, Panama and other countries in Read More …

A Deep Dive into a New ValleyRAT Campaign Targeting Chinese Speakers

FortiGuard Labs recently encountered an ongoing ValleyRAT campaign specifically targeting Chinese speakers. This malware has historically targeted e-commerce, finance, sales, and management enterprises. ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control its victims and deploy Read More …

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

In late July 2024, we detected a series of ongoing targeted cyberattacks on dozens of computers at Russian government organizations and IT companies. The threat actors infected devices using phishing emails with malicious shortcut attachments. These shortcuts were used to Read More …

Chinese cyber attack sparks alert over six year old MS vuln

The United States Cybersecurity and Infrastructure Security Agency (CISA) has added a Microsoft vulnerability dating back to 2018 to its Known Exploited Vulnerabilities (KEV) catalogue after evidence emerged that it is being used in an attack chain by the China-backed Read More …

Operation Giant Financial Storm Under Circuit Breaker Orders

Since 2022, the BerBeroka group has been mentioned in every annual report released by the QiAnXin Threat Intelligence Center. The group was disclosed by QiAnXin friendly company Trend Micro. QiAnXin researchers have continued to track it under this name after merging Read More …

Fighting Ursa Luring Targets With Car for Sale

A Russian threat actor Palo Alto Unit 42 track as Fighting Ursa advertised a car for sale as a lure to distribute HeadLace backdoor malware. The campaign likely targeted diplomats and began as early as March 2024. Fighting Ursa (aka Read More …

Onyx Sleet uses array of malware to gather intelligence for North Korea

On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet. Microsoft Threat Intelligence collaborated with the Federal Bureau of Investigation (FBI) in tracking Read More …