Security News

China-aligned APT is exploring new technology stacks for malicious tools
2023-03-07 04:30

ESET researchers have analyzed MQsTTang, a custom backdoor that they attribute to the China-aligned Mustang Panda APT group. Due to the nature of the decoy filenames used, researchers believe that political and governmental organizations in Europe and Asia are also being targeted.

APT-C-36 Strikes Again: Blind Eagle Hackers Target Key Industries in Colombia
2023-02-28 10:33

The threat actor known as Blind Eagle has been linked to a new campaign targeting various key industries in Colombia. Blind Eagle, also known as APT-C-36, was recently covered by Check Point Research, detailing the adversary's advanced toolset comprising Meterpreter payloads that are delivered via spear-phishing emails.

Dark Pink APT Group Targets Governments and Military in APAC Region
2023-01-11 09:32

Government and military organizations in the Asia Pacific region are being targeted by a previously unknown advanced persistent threat actor, per the latest research. Singapore-headquartered Group-IB, in a report shared with The Hacker News, said it's tracking the ongoing campaign under the name Dark Pink and attributed seven successful attacks to the adversarial collective between June and December 2022.

New Dark Pink APT group targets govt and military with custom malware
2023-01-11 07:00

Attacks targeting government agencies and military bodies in multiple countries in the APAC region have been attributed to what appears to be a new advanced threat actor that leverages custom malware to steal confidential information. Security researchers refer to this group as Dark Pink or Saaiwc Group, noting that it employs uncommon tactics, techniques, and procedures.

APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
2022-12-28 07:12

Now according to Cisco Talos, advanced persistent threat actors and commodity malware families alike are increasingly using Excel add-in files as an initial intrusion vector. One such method turns out to be XLL files, which is described by Microsoft as a "Type of dynamic link library file that can only be opened by Excel."

BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection
2022-12-27 14:57

BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into its playbook that enable it to bypass Windows Mark of the Web protections. "BlueNoroff created numerous fake domains impersonating venture capital companies and banks," security researcher Seongsu Park said, adding the new attack procedure was flagged in its telemetry in September 2022.

The challenges of tracking APT attacks
2022-11-18 06:00

Advanced persistent threats are a type of attack that's usually carried out or sponsored by a nation-state, and unlike other types of malware attacks, these pose their own challenges. Typically, an APT threat actor will perform some kind of reconnaissance on their target, and then target their victim by sending, for example, a spear-phishing email.

Transportation sector targeted by both ransomware and APTs
2022-11-18 04:00

The report includes evidence of malicious activity linked to ransomware and nation-state backed advanced persistent threat actors. Q3 cybersecurity trends US ransomware activity leads the pack: In the US alone, ransomware activity increased 100% quarter over quarter in transportation and shipping.

New "Earth Longzhi" APT Targets Ukraine and Asian Countries with Custom Cobalt Strike Loaders
2022-11-14 13:03

The victimology patterns and the targeted sectors overlap with attacks mounted by a distinct sister group of APT41 known as Earth Baku, the Japanese cybersecurity company added. Some of Earth Baku's malicious cyber activities have been tied to groups called by other cybersecurity firms ESET and Symantec under the names SparklingGoblin and Grayfly, respectively.

OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa
2022-11-03 10:21

A French-speaking threat actor dubbed OPERA1ER has been linked to a series of more than 30 successful cyber attacks aimed at banks, financial services, and telecom companies across Africa, Asia, and Latin America between 2018 and 2022. According to Singapore-headquartered cybersecurity company Group-IB, the attacks have led to thefts totaling $11 million, with actual damages estimated to be as high as $30 million.