APT List  H  2021  2020  2019  2018  2017  2016

DATE

NAME

Info

CATEG.

WEB

30.10.24

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, APT

The Hacker News

29.10.24

Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that APT

The Hacker News

27.10.24

Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices The North Korean threat actor known as Lazarus Group has been attributed to the zero-day exploitation of a now-patched security flaw APT

The Hacker News

27.10.24

North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data

North Korean information technology (IT) workers who obtain employment under false identities in Western companies are not

APT

The Hacker News

26.10.24 Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies APTThe Hacker News
26.10.24 SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack An advanced persistent threat (APT) actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile APTThe Hacker News
26.10.24 China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns China's National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as Volt Typhoon is a fabrication of the U.S. and its allies. APTThe Hacker News

15.9.24

Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero- APTThe Hacker News

15.9.24

OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the APTThe Hacker News

27.9.24

Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware AttacksThe threat actor known as Storm-0501 has targeted government, manufacturing, transportation, and law enforcement sectors in theAPTThe Hacker News

26.9.24

N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted AttacksThreat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activityAPTThe Hacker News

26.9.24

From 12 to 21: how we discovered connections between the Twelve and BlackJack groupsAn investigation of BlackJack’s software, TTPs, and motivations led Kaspersky experts to identify a possible connection with the Twelve group.APTSecurelist

26.9.24

Cloudflare Warns of India-Linked Hackers Targeting South and East Asian EntitiesAn advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credentialAPTThe Hacker News

26.9.24

Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage CampaignNation-state threat actors backed by Beijing broke into a "handful" of U.S. internet service providers (ISPs) as part of a cyber espionageAPTThe Hacker News

24.9.24

US proposes ban on connected vehicle tech from China, RussiaToday, the Biden administration announced new proposed measures to defend the United States' national security from potential threats linked to connected vehicle technologies originating from China and Russia.APT

BleepingComputer

21.9.24

Hacktivist Group Twelve Targets Russian Entities with Destructive Cyber AttacksA hacktivist group known as Twelve has been observed using an arsenal of publicly available tools to conduct destructive cyberAPTThe Hacker News

20.9.24

Windows vulnerability abused braille “spaces” in zero-day attacksA recently fixed "Windows MSHTML spoofing vulnerability" tracked under CVE-2024-43461 is now marked as previously exploited after it was used in attacks by the Void Banshee APT hacking group.APTBleepingComputer

20.9.24

Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle EastAn Iranian advanced persistent threat (APT) threat actor likely affiliated with the Ministry of Intelligence and Security (MOIS) is now acting as an initial access facilitator that provides remote access toAPTThe Hacker News

19.9.24

Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and MilitaryA Chinese national has been indicted in the U.S. on charges of conducting a "multi-year" spear-phishing campaign to obtainAPTThe Hacker News

18.9.24

North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN MalwareA North Korea-linked cyber-espionage group has been observed leveraging job-themed phishing lures to target prospective victims inAPTThe Hacker News

16.9.24

North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor MalwareCybersecurity researchers are continuing to warn about North Korean threat actors' attempts to target prospective victims onAPTThe Hacker News

12.9.24

Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware AttackIraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran state-APTThe Hacker News

12.9.24

DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and EuropeA "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and EuropeAPTThe Hacker News

11.9.24

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread MalwareCybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise ofAPTThe Hacker News

11.9.24

Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast AsiaA trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia asAPTThe Hacker News

11.9.24

Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific GovernmentsThe threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration andAPTThe Hacker News

10.9.24

Chinese hackers use new data theft malware in govt attacksNew attacks attributed to China-based cyber espionage group Mustang Panda show that the threat actor switched to new strategies and malware called FDMTP and PTSOCKET to download payloads and steal information from breached networks.APT

BleepingComputer

9.9.24

Chinese Hackers Exploit Visual Studio Code in Southeast Asian CyberattacksThe China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio CodeAPTThe Hacker News

8.9.24

North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job ScamsThreat actors affiliated with North Korea have been observed leveraging LinkedIn as a way to target developers as part of a fakeAPTThe Hacker News

6.9.24

Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle EastUnnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threatAPTThe Hacker News

5.9.24

North Korean Hackers Targets Job Seekers with Fake FreeConference AppNorth Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com toAPTThe Hacker News

31.8.24

Russian APT29 hackers use iOS, Chrome exploits created by spyware vendorsThe Russian state-sponsored APT29 hacking group has been observed using the same iOS and Android exploits created by commercial spyware vendors in a series of cyberattacks between November 2023 and July 2024.APT

BleepingComputer

31.8.24

South Korean hackers exploited WPS Office zero-day to deploy malwareThe South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets.APT

BleepingComputer

31.8.24

New Tickler malware used to backdoor US govt, defense orgsThe APT33 Iranian hacking group has used new Tickler malware to backdoor the networks of organizations in the government, defense, satellite, oil and gas sectors in the United States and the United Arab Emirates.APT

BleepingComputer

30.8.24

Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage CampaignCybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-controlAPTThe Hacker News

30.8.24

Iranian Hackers Set Up New Network to Target U.S. Political CampaignsCybersecurity researchers have unearthed new network infrastructure set up by Iranian threat actors to support activitiesAPTThe Hacker News

30.8.24

North Korean Hackers Target Developers with Malicious npm PackagesThreat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicatingAPTThe Hacker News

30.8.24

New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike PayloadsChinese-speaking users are the target of a "highly organized and sophisticated attack" campaign that is likely leveraging phishingAPTThe Hacker News

30.8.24

Vietnamese Human Rights Group Targeted in Multi-Year Cyberattack by APT32A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety ofAPTThe Hacker News

28.8.24

APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace BackdoorA South Korea-aligned cyber espionage has been linked to the zero-day exploitation of a now-patched critical remote code executionAPTThe Hacker News

27.8.24

Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPsThe Chinese state-backed hacking group Volt Typhoon is behind attacks that exploited a zero-day flaw in Versa Director to upload a custom webshell to steal credentials and breach corporate networks.APT

BleepingComputer

27.8.24

Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT SectorsThe China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-dayAPTThe Hacker News

23.8.24

US warns of Iranian hackers escalating influence operationsThe U.S. government is warning of increased effort from Iran to influence upcoming elections through cyber operations targeting Presidential campaigns and the American public.APT

BleepingComputer

21.8.24

Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho MalwareIranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominentAPTThe Hacker News

20.8.24

Microsoft Patches Zero-Day Flaw Exploited by North Korea's Lazarus GroupA newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group , a prolific state-sponsored actorAPTThe Hacker News

20.8.24

Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime GroupCybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7 . The twoAPTThe Hacker News

16.8.24

Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC MalwareCybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands toAPTThe Hacker News

16.8.24

Chinese hacking groups target Russian government, IT firmsA series of targeted cyberattacks that started at the end of July 2024, targeting dozens of systems used in Russian government organizations and IT companies, are linked to Chinese hackers of the APT31 and APT 27 groups.APT

BleepingComputer

16.8.24

US dismantles laptop farm used by undercover North Korean IT workers​​The U.S. Justice Department arrested a Nashville man charged with helping North Korean IT workers obtain remote work at companies across the United States and operating a laptop farm they used to pose as U.S.-based individuals.APT

BleepingComputer

15.8.24

Russian-Linked Hackers Target Eastern European NGOs and MediaRussian and Belarusian non-profit organizations, Russian independent media, and international non-governmentalAPTThe Hacker News

15.8.24

China-Backed Earth Baku Expands Cyber Attacks to Europe, Middle East, and AfricaThe China-backed threat actor known as Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to includeAPTThe Hacker News

9.8.24

North Korean hackers exploit VPN update flaw to install malwareSouth Korea's National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN's software update to deploy malware and breach networks.APT

BleepingComputer

9.8.24

Hackers breach ISP to poison software updates with malwareA Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware.APT

BleepingComputer

8.8.24

University Professors Targeted by North Korean Cyber Espionage GroupThe North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers,APTThe Hacker News
6.8.24North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm RegistryThe North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScriptAPTThe Hacker News

5.8.24

Kazakh Organizations Targeted by 'Bloody Wolf' Cyber AttacksOrganizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware calledAPTThe Hacker News

5.8.24

China-Linked Hackers Compromise ISP to Deploy Malicious Software UpdatesThe China-linked threat actor known as Evasive Panda compromised an unnamed internet service provider (ISP) to push maliciousAPTThe Hacker News

2.8.24

APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber AttackA Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-APTThe Hacker News

2.8.24

APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing LureA Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modularAPTThe Hacker News

1.8.24

North Korea-Linked Malware Targets Developers on Windows, Linux, and macOSThe threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOSAPTThe Hacker News

27.7.24

Chinese hackers deploy new Macma macOS backdoor versionThe Chinese hacking group tracked as 'Evasive Panda' was spotted using new versions of the Macma backdoor and the Nightdoor Windows malware.APT

BleepingComputer

20.7.24

Notorious FIN7 hackers sell EDR killer to other threat actorsThe notorious FIN7 hacking group has been spotted selling its custom "AvNeutralizer" tool, used to evade detection by killing enterprise endpoint protection software on corporate networks.APT

BleepingComputer

19.7.24

APT41 Infiltrates Networks in Italy, Spain, Taiwan, Turkey, and the U.K.Several organizations operating within global shipping and logistics, media and entertainment, technology, and automotive sectors inAPT

The Hacker News

18.7.24

TAG-100: New Threat Actor Uses Open-Source Tools for Widespread AttacksUnknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targetingAPT

The Hacker News

18.7.24

North Korean Hackers Update BeaverTail Malware to Target MacOS UsersCybersecurity researchers have discovered an updated variant of a known stealer malware that attackers affiliated with the DemocraticAPTThe Hacker News

17.7.24

FIN7 Group Advertises Security-Bypassing Tool on Dark Web ForumsThe financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several undergroundAPT

The Hacker News

17.7.24

China-linked APT17 Targets Italian Companies with 9002 RAT MalwareA China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variantAPTThe Hacker News

16.7.24

Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber AttacksThe Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recentAPT

The Hacker News

16.7.24

Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida StealerAn advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in theAPTThe Hacker News

13.7.24

Japan warns of attacks linked to North Korean Kimsuky hackersJapan's Computer Emergency Response Team Coordination Center (JPCERT/CC) is warning that Japanese organizations are being targeted in attacks by the North Korean 'Kimsuky' threat actors.APT

BleepingComputer

11.7.24

Chinese APT40 hackers hijack SOHO routers to launch attacksAn advisory by CISA and multiple international cybersecurity agencies highlights the tactics, techniques, and procedures (TTPs) of APT40 (aka "Kryptonite Panda"), a state-sponsored Chinese cyber-espionage actor.APT

BleepingComputer

11.7.24

CloudSorcerer hackers abuse cloud services to steal Russian govt dataA new advanced persistent threat (APT) group named CloudSorcerer abuses public cloud services to steal data from Russian government organizations in cyberespionage attacks.APT

BleepingComputer

11.7.24

Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalkThe China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version"APT

The Hacker News

9.7.24

Cybersecurity Agencies Warn of China-linked APT40's Rapid Exploit AdaptationCybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released aAPTThe Hacker News

8.7.24

New APT Group "CloudSorcerer" Targets Russian Government EntitiesA previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-APTThe Hacker News

1.7.24

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver MalwareA China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used inAPTThe Hacker News

30.6.24

U.S. indicts Russian GRU hacker, offers $10 million rewardThe U.S. indicted Russian national Amin Timovich Stigal for his alleged role in cyberattacks targeting Ukrainian government computer networks in an operation from the Russian foreign military intelligence agency (GRU) prior to invading the country.APT

BleepingComputer

29.6.24

Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive DataThe North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that'sAPT

The Hacker News

28.6.24Four FIN9 hackers indicted for cyberattacks causing $71M in lossesFour Vietnamese nationals linked to the international cybercrime group FIN9 have been indicted for their involvement in a series of computer intrusions that caused over $71 million in losses to companies in the U.S.APT

BleepingComputer

27.6.24UNC3886 hackers use Linux rootkits to hide on VMware ESXi VMsA suspected Chinese threat actor tracked as UNC3886 uses publicly available open-source rootkits named 'Reptile' and 'Medusa' to remain hidden on VMware ESXi virtual machines, allowing them to conduct credential theft, command execution, and lateral movement.APT

BleepingComputer

27.6.24Chinese and N. Korean Hackers Target Global Infrastructure with RansomwareThreat actors with suspected ties to China and North Korea have been linked to ransomware and data encryption attacks targetingAPTThe Hacker News
25.6.244 FIN9-linked Vietnamese Hackers Indicted in $71M U.S. Cybercrime SpreeFour Vietnamese nationals with ties to the FIN9 cybercrime group have been indicted in the U.S. for their involvement in a series ofAPTThe Hacker News
25.6.24RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese OrganizationsA likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic,APTThe Hacker News
23.6.24ExCobalt Cyber Gang Targets Russian Sectors with New GoRed BackdoorRussian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoorAPTThe Hacker News
23.6.24Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage CampaignA previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaignAPTThe Hacker News
19.6.24UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term SpyingThe China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet , Ivanti , and VMware devicesAPTThe Hacker News
19.6.24New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN InstallersChinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs maliciousAPTThe Hacker News
17.6.24China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 DevicesA suspected China-nexus cyber espionage actor has been attributed as behind a prolonged attack against an unnamed organizationAPTThe Hacker News
15.6.24Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber AttacksA suspected Pakistan-based threat actor has been linked to a cyber espionage campaign targeting Indian government entities in 2024.APTThe Hacker News
14.6.24North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing TacticsThreat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country'sAPTThe Hacker News
13.6.24China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems GloballyState-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a knownAPTThe Hacker News
12.6.24Chinese Actor SecShow Conducts Massive DNS Probing on Global ScaleCybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting DomainAPTThe Hacker News
8.6.24Chinese hacking groups team up in cyber espionage campaignChinese state-sponsored actors have been targeting a government agency since at least March 2023 in a cyberespionage campaign that researchers track as Crimson PalaceAPT

BleepingComputer

31.5.24

Microsoft links North Korean hackers to new FakePenny ransomwareMicrosoft has linked a North Korean hacking group it tracks as Moonstone Sleet to FakePenny ransomware attacks, which have led to millions of dollars in ransom demands.APT

BleepingComputer

31.5.24

Russian Hackers Target Europe with HeadLace Malware and Credential HarvestingThe Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across EuropeAPTThe Hacker News

30.5.24

Cyber Espionage Alert: LilacSquid Targets IT, Energy, and Pharma SectorsA previously undocumented cyber espionage-focused threat actor named LilacSquid has been linked to targeted attacks spanningAPTThe Hacker News

29.5.24

Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker GroupA never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacksAPTThe Hacker News

27.5.24

Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian TargetsThe Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, andAPTThe Hacker News

25.5.24

State hackers turn to massive ORB proxy networks to evade detectionSecurity researchers are warning that China-linked state-backed hackers are increasingly relying on vast proxy networks of virtual private servers and compromised connected devices for cyberespionage operations.APT

BleepingComputer

25.5.24

Chinese hackers hide on military and govt networks for 6 yearsA previously unknown threat actor dubbed "Unfading Sea Haze" has been targeting military and government entities in the South China Sea region since 2018, remaining undetected all this time.APT

BleepingComputer

24.5.24

New Frontiers, Old Tactics: Chinese Espionage Group Targets Africa & Caribbean GovtsThe China-linked threat actor known as Sharp Panda has expanded their targeting to include governmental organizations in Africa andAPTThe Hacker News

23.5.24

Inside Operation Diplomatic Specter: Chinese APT Group's Stealthy Tactics ExposedGovernmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat (APT) group as partAPTThe Hacker News

23.5.24

Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea CountriesCybersecurity researchers have disclosed details of a previously undocumented threat group called Unfading Sea Haze that'sAPTThe Hacker News

20.5.24

Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and IsraelAn Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personasAPTThe Hacker News

18.5.24

Kimsuky hackers deploy new Linux backdoor in attacks on South KoreaThe North Korean hacker group Kimsuki has been using a new Linux malware called Gomir that is a version of the GoBear backdoor delivered via trojanized software installers.APT

BleepingComputer

17.5.24

North Korean Hackers Exploit Facebook Messenger in Targeted Malware CampaignThe North Korea-linked Kimsuky hacking group has been attributed to a new social engineering attack that employsAPTThe Hacker News

16.5.24

Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic MissionsAn unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East were targeted by twoAPTThe Hacker News

11.5.24

FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RATThe financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimateAPTThe Hacker News

11.5.24

North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto FirmsThe North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-basedAPTThe Hacker News

10.5.24

Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign

Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked

APT

The Hacker News

8.5.24Iranian hackers pose as journalists to push backdoor malwareThe Iranian state-backed threat actor tracked as APT42 is employing social engineering attacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets.APT

BleepingComputer

7.5.24APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud DataThe Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate targetAPTThe Hacker News
7.5.24China-Linked Hackers Used ROOTROT Webshell in MITRE Network IntrusionThe MITRE Corporation has offered more details into the recently disclosed cyber attack, stating that the first evidence of theAPT

The Hacker News

6.5.24NSA warns of North Korean hackers exploiting weak DMARC email policiesThe NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spearphishing attacks.APT

BleepingComputer

4.5.24Muddling Meerkat hackers manipulate DNS using China’s Great FirewallA new cluster of activity tracked as "Muddling Meerkat" is believed to be linked to a Chinese state-sponsored threat actor's manipulation of DNS to probe networks globally since October 2019, with a spike in activity observed in September 2023.APT

BleepingComputer

30.4.24China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global ScaleA previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domainAPTThe Hacker News
27.4.24DPRK hacking groups breach South Korean defense contractorsThe National Police Agency in South Korea issued an urgent warning today about North Korean hacking groups targeting defense industry entities to steal valuable technology information.APT

BleepingComputer

25.4.24State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for EspionageA new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbedAPTThe Hacker News
25.4.24Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt StrikeCybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver malwareAPTThe Hacker News
24.4.24Microsoft: APT28 hackers exploit Windows flaw reported by NSAMicrosoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg.APT

BleepingComputer

23.4.24Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' MalwareThe Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print SpoolerAPTThe Hacker News
23.4.24ToddyCat Hacker Group Uses Advanced Tools for Industrial-Scale Data TheftThe threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environmentsAPTThe Hacker News
19.4.24FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak BackdoorThe infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotiveAPTThe Hacker News
18.4.24Russian Sandworm hackers pose as hacktivists in water utility breachesThe Sandworm hacking group associated with Russian military intelligence has been hiding attacks and operations behind multiple online personas posing as hacktivist groups.APT

BleepingComputer

18.4.24Russian APT Deploys New 'Kapeka' Backdoor in Eastern European AttacksA previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting EasternAPTThe Hacker News
16.4.24Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft AttacksThe threat actor known as Muddled Libra has been observed actively targeting software-as-a-service (SaaS) applications andAPTThe Hacker News
12.4.24Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest CampaignThe Iranian threat actor known as MuddyWater has been attributed to a new command-and-control (C2) infrastructure called APTThe Hacker News
5.4.24Vietnam-Based Hackers Steal Financial Data Across Asia with MalwareA suspected Vietnamese-origin threat actor has been observed targeting victims in several Asian and Southeast Asian countriesAPTThe Hacker News
4.4.24Winnti's new UNAPIMON tool hides malware from security softwareThe Chinese 'Winnti' hacking group was found using a previously undocumented malware called UNAPIMON to let malicous processes run without being detected.APT

BleepingComputer

4.4.24U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based HackersThe U.S. Cyber Safety Review Board ( CSRB ) has criticized Microsoft for a series of security lapses that led to the breach ofAPTThe Hacker News
2.4.24China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy OperationsA threat activity cluster tracked as Earth Freybug has been observed using a new malware called UNAPIMON to fly under theAPTThe Hacker News
30.3.24Finland confirms APT31 hackers behind 2021 parliament breachThe Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security (MSS) was behind a breach of the country's parliament disclosed in March 2021.APT

BleepingComputer

29.3.24Finland Blames Chinese Hacking Group APT31 for Parliament Cyber AttackThe Police of Finland (aka Poliisi) has formally accused a Chinese nation-state actor tracked as APT31 for orchestrating a cyberAPTThe Hacker News
27.3.24US sanctions APT31 hackers behind critical infrastructure attacksThe U.S. Treasury Department has sanctioned a Wuhan-based company used by the Chinese Ministry of State Security (MSS) as cover in attacks against U.S. critical infrastructure organizations.APT

BleepingComputer

27.3.24Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN CountriesTwo China-linked advanced persistent threat (APT) groups have been observed targeting entities and member countries affiliatedAPTThe Hacker News
26.3.24Key Lesson from Microsoft's Password Spray Hack: Secure Every AccountIn January 2024, Microsoft discovered they'd been the victim of a hack orchestrated by Russian-state hackers Midnight BlizzardAPTThe Hacker News
26.3.24Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing AttacksThe Iran-affiliated threat actor tracked as MuddyWater (aka Mango Sandstorm or TA450) has been linked to a new phishing campaign in March 2024 that aims to deliver a legitimate Remote MonitoringAPTThe Hacker News
24.3.24N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing CyberattacksThe North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shiftingAPTThe Hacker News
22.3.24China-Linked Group Breaches Networks via Connectwise, F5 Software FlawsA China-linked threat cluster leveraged security flaws in Connectwise ScreenConnect and F5 BIG-IP software to deliver custom malware capableAPTThe Hacker News
22.3.24Russia Hackers Using TinyTurla-NG to Breach European NGO's SystemsThe Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) inAPTThe Hacker News
18.3.24APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing SchemeThe Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitatingAPTThe Hacker News
8.3.24Microsoft Confirms Russian Hackers Stole Source Code, Some Customer SecretsMicrosoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access toAPTThe Hacker News
6.3.24North Korea hacks two South Korean chip firms to steal engineering dataThe National Intelligence Service (NIS) in South Korea warns that North Korean hackers target domestic semiconductor manufacturers in cyber espionage attacks.APT

BleepingComputer

6.3.24New APT Group 'Lotus Bane' Behind Recent Attacks on Vietnam's Financial EntitiesA financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023.APTThe Hacker News
2.3.24Lazarus hackers exploited Windows zero-day to gain Kernel privilegesNorth Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques.APT

BleepingComputer

2.3.24Russian hackers hijack Ubiquiti routers to launch stealthy attacksRussian APT28 military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners.APT

BleepingComputer

29.2.24Russian hackers shift to cloud attacks, US and allies warnMembers of the Five Eyes (FVEY) intelligence alliance warned today that APT29 Russian Foreign Intelligence Service (SVR) hackers are now switching to attacks targeting their victims' cloud services.APT

BleepingComputer

29.2.24Iran-Linked UNC1549 Hackers Target Middle East Aerospace & Defense SectorsAn Iran-nexus threat actor known as UNC1549 has been attributed with medium confidence to a new set of attacks targeting aerospace, aviation,APTThe Hacker News
28.2.24Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot ThreatIn a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to takeAPTThe Hacker News
28.2.24Five Eyes Agencies Expose APT29's Evolving Cloud Attack TacticsCybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state-APTThe Hacker News
23.2.24North Korean hackers now launder stolen crypto via YoMix tumblerThe North Korean hacker collective Lazarus, infamous for having carried out numerous large-scale cryptocurrency heists over the years, has switched to using YoMix bitcoin mixer to launder stolen proceeds.APT

BleepingComputer

21.2.24Mustang Panda Targets Asia with Advanced PlugX Variant DOPLUGSThe China-linked threat actor known as Mustang Panda has targeted various Asian countries using a variant of the PlugX (aka Korplug) backdoor dubbedAPTThe Hacker News
21.2.24Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting AttacksCybersecurity researchers have unearthed a new influence operation targeting Ukraine that leverages spam emails to propagate war-relatedAPTThe Hacker News
20.2.24New Report Reveals North Korean Hackers Targeting Defense Firms WorldwideNorth Korean state-sponsored threat actors have been attributed to a cyber espionage campaign targeting the defense sector across the world. In a jointAPTThe Hacker News
19.2.24Russian-Linked Hackers Target 80+ Organizations via Roundcube FlawsThreat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-APTThe Hacker News
19.2.24Iranian Hackers Target Middle East Policy Experts with New BASICSTAR BackdoorThe Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a newAPTThe Hacker News
9.2.24Chinese hackers hid in US infrastructure network for 5 yearsThe Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies.APT

BleepingComputer

8.2.24Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South KoreaThe North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called APTThe Hacker News

3.2.24

Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay AttacksRussian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023,APTThe Hacker News

31.1.24

China-Linked Hackers Target Myanmar's Top Ministries with Backdoor BlitzThe China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twinAPTThe Hacker News

26.1.24

Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global OrgsMicrosoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 haveAPTThe Hacker News

20.1.24

Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT AttackMicrosoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments fromAPTThe Hacker News