Tag: APT

LitterDrifter – Russia’s USB Worm Targeting Ukrainian Entities

LitterDrifter USB worm is a cyber threat targeting Ukrainian entities, emphasizing the need for robust cybersecurity defenses worldwide.

LitterDrifter USB worm, intricately linked to the notorious Gamaredon group and originating from Russia. It has set its sights on Ukrainian entities, adding a concerning layer to the already complex world of state-sponsored cyber espionage. This USB worm, believed to be orchestrated by Russian actors, not only showcases the adaptability and innovation of Gamaredon but… Continue reading LitterDrifter – Russia’s USB Worm Targeting Ukrainian Entities

Bahamut APT Targets Users With Fake SafeChat App

This Safe Chat app is not safe.

Attackers are using a fake SafeChat Android app to attack users in the South Asian region. The malware is designed to steal call logs, text messages, and GPS locations from targeted smartphones. India’s APT group “Bahamut” is probably behind all this mess. Bahamut Group Exploit Phony Android Application Recently, analysts came over advanced Android malware… Continue reading Bahamut APT Targets Users With Fake SafeChat App

APT28 Attacked Ukrainian and Polish Organizations

Recorded Future, in collaboration with CERT-UA researchers, has unveiled a recent cyber offensive orchestrated by Russian-speaking hackers affiliated with the APT28 Group (also known as Fancy Bear, BlueDelta, Sednit, and Sofacy). Their target: Roundcube mail servers of various Ukrainian organizations, including government entities. As a reminder, we previously reported on the divergence of hacker groups,… Continue reading APT28 Attacked Ukrainian and Polish Organizations

Chinese Hackers Use Google Command & Control Capabilities in Attacks

Google experts have warned that the Chinese “government” hack group APT41 is abusing the red team’s GC2 (Google Command and Control) tool. According to experts, GC2 was used in attacks on Taiwanese media and an unnamed Italian recruiting company. Let me remind you that we also wrote that Chinese Hackers Injected a Backdoor into the… Continue reading Chinese Hackers Use Google Command & Control Capabilities in Attacks

Security Breach

Security breach is a case of unauthorised access to a protected area

A security breach is an unauthorized access to a device, network, program, or data. Security breaches result from the network or device security protocols being violated or circumvented. Let’s see the types of security breaches, the ways they happen, and methods to counteract security breaches. What is a Security Breach? First of all, let’s have… Continue reading Security Breach

Disrupting SEABORGIUM’s Ongoing Phishing Operations

Microsoft Threat Intelligence Center (MSTIC) experts announce the disruption of an operation conducted by the Russian-speaking hacking group SEABORGIUM, targeting individuals and organizations in NATO countries. As a reminder, we previously reported the discovery of a new version of malware from Russian hackers called LOLI Stealer. The APT group, referred to as SEABORGIUM by Microsoft,… Continue reading Disrupting SEABORGIUM’s Ongoing Phishing Operations

Russian Organizations Under Attack By Chinese APTs

Chinese APTs Increasingly Target Russian Organizations

Unveiling a recent cyber saga, the experts at SentinelLabs have unearthed a menacing digital force, strategically honing in on Russian organizations. In their detective work, they’ve traced the sinister trail back to the notorious Chinese APT group, a revelation corroborated by the vigilant eyes at Ukraine CERT (CERT-UA). The plot thickens as the adversaries deploy… Continue reading Russian Organizations Under Attack By Chinese APTs

Iranian Spear-Phishing Operation Targets US And Israeli High Executives

Iranian Spear-Phishing Operation Targets US And Israeli High Executives

In a wake of rising tensions between Israel and Iran, researchers from Check Point Research (CPR) discovered numerous attempts of spear phishing attacks from the supposedly Iranian Phosphorus APT group. Researchers also assume that the activity might have been conducted earlier, but so far they traced back it to at least December 2021. It is… Continue reading Iranian Spear-Phishing Operation Targets US And Israeli High Executives

Attackers Exploit MSDT Follina Bug to Drop RAT

Threat Actors Exploit MSDT Follina Bug To Drop RAT And Infostealer

Security specialists caution users about the exploitation of the recently disclosed Follina Bug found in all supported versions of Windows. Threat actors have actively utilized this vulnerability to install payloads such as the AsyncRAT trojan and infostealer. Understanding the Follina Vulnerability On May 27, 2022, the public became aware of a remote code execution (RCE)… Continue reading Attackers Exploit MSDT Follina Bug to Drop RAT

Fake Exploits Used to Deliver Cobalt Strike Beacons

Cyble experts have warned that cybercriminals are attacking IS researchers, distributing malware under the guise of exploits for Windows, which eventually installs Cobalt Strike beacons on the experts’ machines. Let me remind you that we also wrote that Emotet now installs Cobalt Strike beacons. Cyble analysts report that malware disguised as PoC exploits for a… Continue reading Fake Exploits Used to Deliver Cobalt Strike Beacons