APT trends report Q2 2023
This is our latest summary of the significant events and findings, focusing on activities that we observed during Q2 2023.
apt
North Korean hackers targeted tech companies through JumpCloud and GitHub
North Korean state-sponsored hackers have been linked to two recent cyberattack campaigns: one involving a spear-phishing attack on JumpCloud and the other targeting tech employees on GitHub through a social engineering campaign. The JumpCloud intrusio…
Experts believe North Korea behind JumpCloud supply chain attack
SentinelOne researchers attribute the recent supply chain attacks on JumpCloud to North Korea-linked threat actors. JumpCloud is a cloud-based directory service platform designed to manage user identities, devices, and applications in a seamless and secure manner. It allows IT administrators to centralize and simplify their identity and access management tasks across various systems and applications. […]
The post Experts believe North Korea behind JumpCloud supply chain attack appeared first on Security Affairs.
Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group
China-linked group APT41 was spotted using two previously undocumented Android spyware called WyrmSpy and DragonEgg China-linked APT group APT41 has been observed using two previously undocumented Android spyware called WyrmSpy and DragonEgg. The APT41 group, aka Winnti, Axiom, Barium, Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007. Researchers at cybersecurity firm […]
The post Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group appeared first on Security Affairs.
Microsoft Exchange servers compromised by Turla APT
Turla has been targeting defense sector organizations in Ukraine and Eastern Europe with DeliveryCheck and Kazuar backdoors / infostealers and has been using compromised Microsoft Exchange servers to control them. Turla APT Turla (aka Secret Blizzard, …
Thanks Storm-0558! Microsoft to expand default access to cloud logs
Starting in September 2023, more federal government and commercial Microsoft customers will have access to expanded cloud logging capabilities at no additional charge, Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) have annou…
JumpCloud revealed it was hit by a sophisticated attack by a nation-state actor
Software firm JumpCloud announced it was the victim of a sophisticated cyber attack carried out by a nation-state actor. JumpCloud is a cloud-based directory service platform designed to manage user identities, devices, and applications in a seamless and secure manner. It allows IT administrators to centralize and simplify their identity and access management tasks across […]
The post JumpCloud revealed it was hit by a sophisticated attack by a nation-state actor appeared first on Security Affairs.
Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise
Ukraine’s Computer Emergency Response Team (CERT-UA) states that Russia-linked APT Gamaredon starts stealing data 30 minutes after the initial compromise. Ukraine’s Computer Emergency Response Team (CERT-UA) is warning that the Russia-linked APT group Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) use to steal data from victims’ networks in less than an hour after the initial compromise. Gamaredon has […]
The post Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial compromise appeared first on Security Affairs.
Microsoft mitigated an attack by Chinese threat actor Storm-0558
Microsoft announced it has mitigated a cyber attack by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. Microsoft announced it has mitigated an attack conducted by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. Storm-0558 threat actors focus on government agencies in Western Europe and were observed conducting cyberespionage, […]
The post Microsoft mitigated an attack by Chinese threat actor Storm-0558 appeared first on Security Affairs.
Iran-linked APT TA453 targets Windows and macOS systems
Iran-linked APT group tracked TA453 has been linked to a new malware campaign targeting both Windows and macOS systems. The Iran-linked threat actor TA453 has been linked to a malware campaign that targets both Windows and macOS. TA453 is a nation-state actor that overlaps with activity tracked as Charming Kitten, PHOSPHORUS, and APT42. TA453 in May 2023 started […]
The post Iran-linked APT TA453 targets Windows and macOS systems appeared first on Security Affairs.