Security News

Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks
2024-05-17 08:46

The Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea's Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear...

Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks
2024-04-17 13:32

A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The...

Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries
2024-03-27 04:20

Two China-linked advanced persistent threat (APT) groups have been observed targeting entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN) as part of a...

New APT Group 'Lotus Bane' Behind Recent Attacks on Vietnam's Financial Entities
2024-03-06 07:01

A financial entity in Vietnam was the target of a previously undocumented threat actor called Lotus Bane that was first detected in March 2023. Singapore-headquartered Group-IB described the...

Blackwood APT delivers malware by hijacking legitimate software update requests
2024-01-25 11:19

ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group, which they dubbed Blackwood. It leverages adversary-in-the-middle techniques to hijack update requests from legitimate software to deliver the implant.

Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack
2024-01-20 03:11

Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other...

Researchers Unmask Sandman APT's Hidden Link to China-Based KEYPLUG Backdoor
2023-12-11 13:59

Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that's known to use a backdoor known as...

New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government
2023-11-25 05:08

An unspecified government entity in Afghanistan was targeted by a previously undocumented web shell called HrServ in what’s suspected to be an advanced persistent threat (APT) attack. The web...

Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw
2023-11-16 13:51

A hacking group that leveraged a recently disclosed security flaw in the WinRAR software as a zero-day has now been categorized as an entirely new advanced persistent threat (APT). Cybersecurity...

State-sponsored APTs are leveraging WinRAR bug
2023-10-18 15:00

A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows. "The widespread exploitation of the WinRAR bug highlights that exploits for known vulnerabilities can be highly effective, despite a patch being available," Google TAG analysts have noted.