TOP 10 unattributed APT mysteries
Targeted attack attribution is always a tricky thing, and in general, we believe that attribution is best left to law enforcement agencies. The reason is that, while in 90%, it is possible to understand...
Tagged: APT
State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
The infection chain used in this campaign bears significant similarities to a historic campaign Proofpoint observed in July 2021, making it likely the same threat actor is behind both clusters of activity. click here...
Iran-linked TunnelVision APT is actively exploiting the Log4j vulnerability
SentinelOne observed the potentially destructive Iran-linked APT group TunnelVision actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. click here to read full Article Read more on Hacking News
Molerats APT Strikes Again with New NimbleMamba Malware
Researchers from Proofpoint spotted a new phishing campaign that targeted multiple Middle Eastern governments, foreign-policy think tanks, and a state-affiliated airline, with the new NimbleMamba trojan. NimbleMamba is believed to share some similarities with...
MuddyWater APT Associated with Recent Attacks on Turkey
Iranian MuddyWater APT has reportedly launched fresh attacks targeting the users in the Turkish government and other private organizations in the country. Hackers lure victims via maldocs that masquerade as genuine documents from the...
Lazarus APT Uses Windows Update to Spew Malware
The group once again dangled fake job opportunities at engineers in a spear-phishing campaign that used Windows Update as a living-off-the-land technique and GitHub as a C2. click here to read full Article Read...
Molerats APT Group Targets the Middle East
ThreatLabz exposed cyberespionage group Molerats that has been leveraging cloud services, such as Google Drive and Dropbox, to host payloads to target the Middle East. The targets picked by the attackers included important members...
BlueNoroff APT Group Eyeing Crypto Startups
A North Korea-linked APT group has been spotted targeting cryptocurrency startups worldwide with fake MetaMask browser extensions to steal cryptocurrency from users’ wallets. The attackers work around a complex infrastructure, including various exploits and...
Molerats APT Targets Users in the Middle East in New Attacks Using .NET Backdoor
ThreatLabz researchers observed several similarities in the C2 communication and .NET payload between this campaign and the previous campaigns attributed to the Molerats APT group. click here to read full Article Read more on...
MoonBounce: the dark side of UEFI firmware
What happened? At the end of 2021, we were made aware of a UEFI firmware-level compromise through logs from our Firmware Scanner, which has been integrated into Kaspersky products since the beginning of 2019....
Donot Team APT Strikes Government, Military Targets in Asian Countries
Also known as APT-C-35 and SectorE02, the Electronic Frontier Foundation (EFF) has previously tied Donot Team to Innefu Labs, an Indian ‘cybersecurity’ company that claims to work with the government. click here to read...
Patchwork APT Infects Itself With Its Own Malware
During its latest campaign, from November to December 2021, the group used malicious RTF documents, pretending to be from Pakistani officials, to deploy a new strain of the BADNEWS RAT, also known as Ragnatela....
Patchwork APT Hackers Score Own Goal in Recent Malware Attacks
Researchers have shed light on the tactics, techniques, and procedures embraced by an Indian-origin hacking group called Patchwork as part of a renewed campaign that commenced in late November 2021. click here to read...
BADNEWS! Patchwork APT Hackers Score Own Goal in Recent Malware Attacks
Threat hunters have shed light on the tactics, techniques, and procedures embraced by an Indian-origin hacking group called Patchwork as part of a renewed campaign that commenced in late November 2021, targeting Pakistani government...
APT Groups Registering C2 Domains Way Before Attacks
Recent research claims that 22.3% of aged domain owners may return dangerous outcomes, as these dormant domains are increasingly being misused by attackers. click here to read full Article Read More on latest vulnerability...
BlackTech APT Pulls Out New Flagpro Malware To Target Japan and Others
NTT Security exposed the China-linked BlackTech espionage group using new Flagpro malware in recent attacks against Japanese companies in the media, defense, and communications industries. The attack begins with a spear-phishing email, which is...
