Security News

Chinese Naikon APT Rediscovered After New Five-year Stealth Campaign
2020-05-07 14:00

Naikon, a Chinese APT group that disappeared after its activities were disclosed in 2015, has been rediscovered and may have remained active but unrecognized since the 2015 reports. Researchers have uncovered evidence of a five-year stealth campaign against similar targets in the same geographical area that they believe to be conducted by Naikon.

Naikon APT Hid Five-Year Espionage Attack Under Radar
2020-05-07 10:00

After five years under the radar, the Naikon APT group has been unmasked in a long-term espionage campaign against several governments in the Asia-Pacific region. The Chinese APT group was first uncovered by Kaspersky researchers in 2015, in attacks against top-level government agencies around the South China Sea.

Shadow Broker leaked NSA files point to unknown APT group
2020-04-24 10:35

Remember the Shadow Brokers, the mysterious group that stole and leaked a collection of NSA files in 2016? Well, it's the gift that keeps on giving. A security researcher claims to have unearthed a previously-unknown APT group after reading over some of the dumped files.

Nazar: Old Iran-Linked APT Operation Monitored by NSA
2020-04-23 17:05

A security researcher says he has uncovered an advanced persistent threat operation that started over a decade ago and which is referenced in the collection of National Security Agency hacking tools that the Shadow Brokers made public in 2017. The researcher, who refers to the operation as 'Nazar', based on "Debug paths left alongside Farsi resources in some of the malware droppers," believes that the activity was centered around the 2010-2013 timeframe, based on submission times in VirusTotal.

A Dozen Nation-Backed APTs Tap COVID-19 to Cover Spy Attacks
2020-04-23 14:50

According to Google's Threat Analysis Group, more than a dozen nation-state-backed APTs are using the COVID-19 pandemic as a cover for their various cyberespionage and malware activities. The email had an embedded tracking link, which Mandiant researchers said contained the victim's email address and a code to report back to the actors if the email was opened.

APT attacks targeting Linux, Windows and Android remained undetected for nearly a decade
2020-04-09 04:00

Five related APT groups operating in the interest of the Chinese government have systematically targeted Linux servers, Windows systems and mobile devices running Android while remaining undetected for nearly a decade, according to BlackBerry. Linux runs nearly all of the top 1 million websites online, 75% of all web servers, 98% of the world's supercomputers and 75% of major cloud service providers.

Emerging APT Mounts Mass iPhone Surveillance Campaign
2020-03-26 17:49

A recently discovered, mass-targeted watering-hole campaign has been aiming at Apple iPhone users in Hong Kong - infecting website visitors with a newly developed custom surveillance malware. Despite the deep level of surveillance afforded by the malware, researchers said that the campaign doesn't appear to be a targeted effort, apart from focusing on Hong Kong residents.

Coronavirus-Themed APT Attack Spreads Malware
2020-03-13 16:40

An advanced persistent threat group is leveraging the coronavirus pandemic to infect victims with a previously unknown malware, in a recently discovered campaign that researchers call "Vicious Panda." Researchers identified two suspicious Rich Text Format files targeting the Mongolian public sector.

China-linked APT Hackers Launch Coronavirus-Themed Attacks
2020-03-13 14:34

Even a long-standing China-based APT has begun to use the threat in a new spear-phishing campaign. Researchers from Check Point Research have found a spear-phishing campaign targeting the Mongolian public sector and apparently emanating from China.

Microsoft Exchange Server Flaw Exploited in APT Attacks
2020-03-09 18:01

Multiple threat groups are actively exploiting a vulnerability in Microsoft Exchange servers, researchers warn. After Microsoft patched the flaw in February researchers with the Zero Day Initiative, which first reported the vulnerability, published further details of the flaw and how it could be exploited.