More results...
New and mysterious APT Sandman spotted targeting telcos in Europe and Asia as part of a cyberespionage campaign.
The post New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware appeared first on SecurityWeek.
ShroudedSnooper threat actors are targeting telecommunication service providers in the Middle East with a backdoor called HTTPSnoop. Cisco Talos researchers recently discovered a new stealthy implant dubbed HTTPSnoop that was employed in attacks against telecommunications providers in the Middle East. The HTTPSnoop backdoor supports novel techniques to interface with Windows HTTP kernel drivers and devices […]
The post ShroudedSnooper threat actors target telecom companies in the Middle East appeared first on Security Affairs.
China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca, discovered an encrypted file hosted on a server under the control of the group. Additional analysis led to the discovery of a […]
The post Earth Lusca expands its arsenal with SprySOCKS Linux malware appeared first on Security Affairs.
The North Korea-linked APT group Lazarus has stolen more than $240 million worth of cryptocurrency since June 2023, researchers warn. According to a report published by blockchain cyber security firm Elliptic, in the past 104 days, the North Korea-linked APT group Lazarus has stolen most of $240 million in crypto assets from multiple businesses, including […]
The post North Korea’s Lazarus APT stole almost $240 million in crypto assets since June appeared first on Security Affairs.
Iran-linked Peach Sandstorm APT is behind password spray attacks against thousands of organizations globally between February and July 2023. Microsoft researchers observed a series of password spray attacks conducted by Iran nation-state actors as part of a campaign named Peach Sandstorm (aka Holmium, APT33, Elfin, and Magic Hound). The APT33 group has been around since at least […]
The post Iranian Peach Sandstorm group behind recent password spray attacks appeared first on Security Affairs.
Cybercriminals are increasingly trying to find ways to get around security, detection, intelligence and controls as APTs start to merge with conventional cybercrime.
The post How Next-Gen Threats Are Taking a Page From APTs appeared first on SecurityWe…
Iran-linked APT group Charming Kitten used a previously undocumented backdoor named Sponsor in attacks against entities in Brazil, Israel, and the U.A.E. ESET researchers observed a series of attacks, conducted by the Iran-linked APT group Charming Kitten (aka Ballistic Bobcat APT, APT35, Phosphorus, Newscaster, TA453, and Ajax Security Team), which are targeting various entities in Brazil, Israel, and the United Arab Emirates. The Charming […]
The post Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor appeared first on Security Affairs.
Microsoft reveals how a crash dump from 2021 inadvertently exposed a key that Chinese cyberspies later leveraged to hack US government emails.
The post Crash Dump Error: How a Chinese Espionage Group Exploited Microsoft’s Mistakes appeared first …
Meta disrupted two influence campaigns orchestrated by China and Russia, the company blocked thousands of accounts and pages. Meta announced it has taken down two of the largest known covert influence operations originating from China and Russia. The social network giant revealed it has blocked thousands of accounts and pages across its platform. The company […]
The post Meta disrupted two influence campaigns from China and Russia appeared first on Security Affairs.
ReversingLabs researchers linked the VMConnect campaign to the North Korea-linked APT group Labyrinth Chollima. ReversingLabs researchers believe that the North Korea-linked APT group Labyrinth Chollima is behind the VMConnect campaign. Threat actors uploaded a series of malicious packages to the PyPI (Python Package Index) repository, including a rogue package posing as the VMware vSphere connector […]
The post North Korea-linked APT Labyrinth Chollima behind PyPI supply chain attacks appeared first on Security Affairs.