Security News

Microsoft Exchange servers hacked by new ToddyCat APT gang
2022-06-21 11:46

An advanced persistent threat group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020. At the time, the hacking group exploited the ProxyLogon Exchange flaws that allowed them to gain remote code execution on vulnerable servers to deploy China Chopper web shells.

New ToddyCat APT group targets Exchange servers in Asia, Europe
2022-06-21 11:46

An advanced persistent threat group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020. At the time, the hacking group exploited the ProxyLogon Exchange flaws that allowed them to gain remote code execution on vulnerable servers to deploy China Chopper web shells.

China-linked APT Flew Under Radar for Decade
2022-06-17 13:34

Researchers have identified a small yet potent China-linked APT that has flown under the radar for nearly a decade running campaigns against government, education and telecommunication organizations in Southeast Asia and Australia. Researchers from SentinelLabs said the APT, which they dubbed Aoqin Dragon, has been operating since at least 2013.

Windows MSDT zero-day now exploited by Chinese APT hackers
2022-05-31 22:00

Chinese-linked threat actors are now actively exploiting a Microsoft Office zero-day vulnerability to execute malicious code remotely on Windows systems. This Microsoft Windows Support Diagnostic Tool remote code execution flaw impacts all Windows client and server platforms still receiving security updates.

APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days
2022-05-18 14:01

Most advanced persistent threat groups use known vulnerabilities in their attacks against organizations, suggesting the need to prioritize faster patching rather than chasing zero-day flaws as a more effective security strategy, new research has found. One belief the research debunked is that all APTs are highly sophisticated and prefer attacking zero-day flaws rather than ones that have already been patched.

APT gang 'Sidewinder' goes on two-year attack spree across Asia
2022-05-12 08:04

The advanced persistent threat gang known as SideWinder has gone on an attack spree in the last two years, conducting almost 1,000 raids and deploying increasingly sophisticated attack methods. Noushin Shaba, a senior security researcher on Kaspersky's global research and analysis team, today told the Black Hat Asia conference that SideWinder mostly targets military and law enforcement agencies in Pakistan, Bangladesh and other South Asian nations.

Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia
2022-05-11 18:27

An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the Bitter APT based on overlaps in the command-and-control infrastructure with that of prior campaigns mounted by the same actor.

China-linked APT Caught Pilfering Treasure Trove of IP
2022-05-04 17:32

The researchers attributed the campaign, with "Moderate-to-high confidence," to the Winnti group. Winnti is "An exceptionally capable adversary" that is "Believed to be operating on behalf of Chinese state interests and specializes in cyberespionage and intellectual property theft."

Cyberespionage APT Now Identified as Three Separate Actors
2022-04-29 11:51

A threat group responsible for sophisticated cyberespionage attacks against U.S. utilities is actually comprised of three subgroups, all with their own toolsets and targets, that have been operating globally since 2018, researchers have found. The group is known not only for targeting U.S. organizations in the utilities sector, but also diplomatic organizations in the Middle East and Africa, according to a report published this week by researchers at security firm ESET. Though it's apparently been active since 2018, TA410 first came up on researchers' radar in 2019, when Proofpoint uncovered a phishing campaign targeting three U.S. companies in the utilities sector that used a novel malware then dubbed LookBack.

U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware
2022-04-17 20:07

The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems and supervisory control and data acquisition devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple U.S. agencies said in an alert.