EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

In late July 2024, we detected a series of ongoing targeted cyberattacks on dozens of computers at Russian government organizations and IT companies. The threat actors infected devices using phishing emails with malicious shortcut attachments. These shortcuts were used to Read More …

Chinese hackers targeted UK’s Electoral Commission and politicians, say security services

Chinese state-backed hackers were responsible for two “malicious” digital campaigns targeting the UK’s democratic institutions and politicians, the security services have found. The UK holds China responsible for a prolonged cyber-attack on the Electoral Commission during which Beijing allegedly accessed Read More …

Common TTPs of attacks against industrial organizations

In 2022 Kaspersky investigated a series of attacks against industrial organizations in Eastern Europe. In the campaigns, the attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems. Based on similarities found between these Read More …

Belgium says Chinese hackers attacked its Ministry of Defense

The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups targeted the country’s defense and interior ministries. “Belgium exposes malicious cyber activities that significantly affected our sovereignty, democracy, security and society at large by targeting the FPS Read More …

France warns of APT31 cyberspies targeting French organizations

Today, the French national cyber-security agency warned of an ongoing series of attacks against a large number of French organizations coordinated by the Chinese-backed APT31 hacking group. “It appears from our investigations that the threat actor uses a network of Read More …

Chinese hackers cloned attack tool belonging to NSA’s Equation Group

Chinese threat actors “cloned” and used a Windows zero-day exploit stolen from the NSA’s Equation Group for years before the privilege escalation flaw was patched, researchers say. On Monday, Check Point Research (CPR) said the tool was a “clone” of Read More …