Budworm: APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Org

The Budworm advanced persistent threat (APT) group continues to actively develop its toolset. Most recently, the Threat Hunter Team in Symantec, part of Broadcom, discovered Budworm using an updated version of one of its key tools to target a Middle Read More …

Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government

A cluster of threat actor activity that Unit 42 observed attacking a Southeast Asian government target could provide insight into a rarely seen, stealthy APT group known as Gelsemium. The researchers found this activity as part of an investigation into Read More …

Carderbee: APT Group use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong

A previously unknown advanced persistent threat (APT) group used the legitimate Cobra DocGuard software to carry out a supply chain attack with the goal of deploying the Korplug backdoor (aka PlugX) onto victim computers. In the course of this attack, Read More …

Belgium says Chinese hackers attacked its Ministry of Defense

The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups targeted the country’s defense and interior ministries. “Belgium exposes malicious cyber activities that significantly affected our sovereignty, democracy, security and society at large by targeting the FPS Read More …

Red Cross: State hackers breached our network using Zoho bug

The International Committee of the Red Cross (ICRC) said today that the hack disclosed last month against its servers was a targeted attack likely coordinated by a state-backed hacking group. During the incident, the attackers gained access to the personal Read More …

German govt warns of APT27 hackers backdooring business networks

The BfV German domestic intelligence services (short for Bun­des­amt für Ver­fas­sungs­schutz) warn of ongoing attacks coordinated by the APT27 Chinese-backed hacking group. This active campaign is targeting German commercial organizations, with the attackers using the HyperBro remote access trojans (RAT) Read More …

APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus

Over the course of three months, a persistent and determined APT actor has launched multiple campaigns which have now resulted in compromises to at least 4 additional organizations, for a total of 13. Beginning on Sept. 16, 2021, the U.S. Read More …

Major Gaming Companies Hit with Ransomware Linked to APT27

A recent slew of related ransomware attacks on top videogame companies has been associated with the notorious Chinese-linked APT27 threat group, suggesting that the advanced persistent threat (APT) is swapping up its historically espionage centralized tactics to adopt ransomware, a Read More …

LuckyMouse uses malicious NDISProxy Windows driver to target gov’t entities

The LuckyMouse advanced persistent threat (APT) is back with a twist in tactics that harnesses LeagSoft certificates to spread Trojans by way of malicious NDISProxy drivers. It was back in June that researchers discovered that LuckyMouse, also known as EmissaryPanda and Read More …