apt – Page 37 – MCYSEKA-Maritime Cyber Security Knowledge Archive

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

UK and US agencies are warning of Russia-linked APT28 group exploiting vulnerabilities in Cisco networking equipment. Russia-linked APT28 group accesses unpatched Cisco routers to deploy malware exploiting the not patched CVE-2017-6742 vulnerability (CVSS score: 8.8), states a joint report published by the UK National Cyber Security Centre (NCSC), the US National Security Agency (NSA), US Cybersecurity and Infrastructure […]

The post US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws appeared first on Security Affairs.

April 19, 2023

0 comment

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

An Iran-linked APT group tracked as Mint Sandstorm is behind a string of attacks aimed at US critical infrastructure between late 2021 to mid-2022. Microsoft has linked the Iranian Mint Sandstorm APT (previously tracked by Microsoft as PHOSPHORUS) to a series of attacks aimed at US critical infrastructure between late 2021 to mid-2022. The IT giant reported Mint […]

The post Iran-linked Mint Sandstorm APT targeted US critical infrastructure appeared first on Security Affairs.

April 19, 2023

0 comment

China-linked APT41 group spotted using open-source red teaming tool GC2

China-linked APT41 group used the open-source red teaming tool GC2 in an attack against a Taiwanese media organization. Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control (GC2) in an attack against an unnamed Taiwanese media organization. The APT41 group, aka Winnti, Axiom, Barium, Blackfly, […]

The post China-linked APT41 group spotted using open-source red teaming tool GC2 appeared first on Security Affairs.

April 17, 2023

0 comment

The Russia-linked APT29 is behind recent attacks targeting NATO and EU

Poland intelligence linked the Russian APT29 group to a series of attacks targeting NATO and European Union countries. Poland’s Military Counterintelligence Service and its Computer Emergency Response Team linked a recent string of attacks targeting NATO and European Union countries to the Russia-linked APT29 group (aka SVR group, Cozy Bear, Nobelium, and The Dukes). APT29 along with APT28 cyber espionage group […]

The post The Russia-linked APT29 is behind recent attacks targeting NATO and EU appeared first on Security Affairs.

April 13, 2023

0 comment

Following the Lazarus group by tracking DeathNote campaign

The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. In this blog, we’ll focus on an active cluster that we dubbed DeathNote.

April 12, 2023

0 comment

Iran-linked MERCURY APT behind destructive attacks on hybrid environments

Iran-linked APT group MERCURY is behind destructive attacks on hybrid environments masquerading as a ransomware operation. The Microsoft Threat Intelligence team observed a series of destructive attacks on hybrid environments that were carried out by MuddyWater APT group (aka MERCURY). Threat actors masqueraded the attacks as a standard ransomware operation. MERCURY (aka MuddyWater, SeedWorm and TEMP.Zagros) has been active since […]

The post Iran-linked MERCURY APT behind destructive attacks on hybrid environments appeared first on Security Affairs.

April 10, 2023

0 comment

Phishing from threat actor TA473 targets US and NATO officials

These phishing campaigns are exploiting a Zimbra vulnerability and affecting internet-facing webmail services. Learn how to protect your organization from this security threat.
The post Phishing from threat actor TA473 targets US and NATO officials app…

April 7, 2023

0 comment

Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. Google’s Threat Analysis Group (TAG) is warning of the North Korea-linked ARCHIPELAGO group that is targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea, the US and elsewhere. Google experts are tracking ARCHIPELAGO since […]

The post Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group appeared first on Security Affairs.

April 6, 2023

0 comment

3CX Supply chain attack allowed targeting cryptocurrency companies

Threat actors behind the 3CX supply chain attack have targeted a limited number of cryptocurrency companies with a second-state implant. As of Mar 22, 2023, SentinelOne observed a spike in behavioral detections of the 3CXDesktopApp, which is a popular voice and video conferencing software product. The products from multiple cybersecurity vendors started detecting the popular […]

The post 3CX Supply chain attack allowed targeting cryptocurrency companies appeared first on Security Affairs.

April 4, 2023

0 comment

Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack

A DLL named guard64.dll, which was loaded into the infected 3CXDesktopApp.exe process, was used in recent deployments of a backdoor that we dubbed “Gopuram” and had been tracking internally since 2020.

April 3, 2023

0 comment

1 … 35 36 37 38 39 … 42