Redfly: Espionage Actors Continue to Target Critical Infrastructure

Espionage actors are continuing to mount attacks on critical national infrastructure (CNI) targets, a trend that has become a source of concern for governments and CNI organizations worldwide. Symantec’s Threat Hunter Team has found evidence that a threat actor group Read More …

Carderbee: APT Group use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong

A previously unknown advanced persistent threat (APT) group used the legitimate Cobra DocGuard software to carry out a supply chain attack with the goal of deploying the Korplug backdoor (aka PlugX) onto victim computers. In the course of this attack, Read More …

China APT group using Russia invasion, COVID-19 in phishing attacks

A China-based threat group is likely running a month-long campaign using a variant of the Korplug malware and targeting European diplomats, internet service providers (ISPs) and research institutions via phishing lures that refer to Russia’s invasion of Ukraine and COVID-19 Read More …

OceanLotus APT campaign debuts new backdoor that resembles old Korplug RAT

The suspected Vietnamese APT group OceanLotus has added a new backdoor to its repertoire of malicious tools – one that includes capabilities for enabling file, registry and process manipulation, and also downloading more malicious files. According a Mar. 13 blog post by ESET researcher Read More …