apt

Russian APT Nomadic Octopus hacked Tajikistani carrier

Russian APT group Nomadic Octopus hacked a Tajikistani carrier to spy on government officials and public service infrastructures. Russian cyber espionage group Nomadic Octopus (aka DustSquad) has hacked a Tajikistani telecoms provider to spy on 18 entities, including high-ranking government officials, telecommunication services, and public service infrastructures. The cyberspies compromised a broad range of devices, […]

The post Russian APT Nomadic Octopus hacked Tajikistani carrier appeared first on Security Affairs.

May 1, 2023
0 comment
Read More >>

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Russia-linked APT28 group is targeting Ukrainian government bodies with fake ‘Windows Update’ guides, Computer Emergency Response Team of Ukraine (CERT-UA) warns. The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) has been active since at least 2007 and it has targeted governments, […]

The post Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies appeared first on Security Affairs.

April 30, 2023
0 comment
Read More >>

APT trends report Q1 2023

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

April 27, 2023
0 comment
Read More >>

North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

North Korea-linked APT group BlueNoroff (aka Lazarus) was spotted targeting Mac users with new RustBucket malware. Researchers from security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket, family in recent attacks. The group BlueNoroff is considered a group that operates under the control of the notorious North Korea-linked Lazarus APT group. The […]

The post North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware appeared first on Security Affairs.

April 25, 2023
0 comment
Read More >>

Tomiris called, they want their Turla malware back

We continued to track Tomiris as a separate threat actor over three new attack campaigns between 2021 and 2023, and our telemetry allowed us to shed light on the group. In this blog post, we’re excited to share what we now know of Tomiris with the broader community, and discuss further evidence of a possible connection to Turla.

April 24, 2023
0 comment
Read More >>

At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack

North Korea-linked APT group behind the 3CX supply chain attack also broke into two critical infrastructure organizations in the energy sector. Symantec researchers reported that the campaign conducted by North Korea-linked threat actors that included the 3CX supply chain attack also hit two critical infrastructure organizations in the energy sector. “The X_Trader software supply chain […]

The post At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack appeared first on Security Affairs.

April 22, 2023
0 comment
Read More >>

Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

North Korea-linked APT group Lazarus employed new Linux malware in attacks that are part of Operation Dream Job. North Korea-linked APT group Lazarus is behind a new campaign tracked as Operation DreamJob (aka DeathNote or NukeSped) that employed Linux malware. The threat actors were observed using social engineering techniques to compromise its targets, with fake job offers […]

The post Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack appeared first on Security Affairs.

April 21, 2023
0 comment
Read More >>

Google TAG warns of Russia-linked APT groups targeting Ukraine

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG). In Q1 2023, threat actors linked to Russia’s military intelligence service focused their phishing […]

The post Google TAG warns of Russia-linked APT groups targeting Ukraine appeared first on Security Affairs.

April 20, 2023
0 comment
Read More >>

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

UK and US agencies are warning of Russia-linked APT28 group exploiting vulnerabilities in Cisco networking equipment. Russia-linked APT28 group accesses unpatched Cisco routers to deploy malware exploiting the not patched CVE-2017-6742 vulnerability (CVSS score: 8.8), states a joint report published by the UK National Cyber Security Centre (NCSC), the US National Security Agency (NSA), US Cybersecurity and Infrastructure […]

The post US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws appeared first on Security Affairs.

April 19, 2023
0 comment
Read More >>

Iran-linked Mint Sandstorm APT targeted US critical infrastructure

An Iran-linked APT group tracked as Mint Sandstorm is behind a string of attacks aimed at US critical infrastructure between late 2021 to mid-2022. Microsoft has linked the Iranian Mint Sandstorm APT (previously tracked by Microsoft as PHOSPHORUS) to a series of attacks aimed at US critical infrastructure between late 2021 to mid-2022. The IT giant reported Mint […]

The post Iran-linked Mint Sandstorm APT targeted US critical infrastructure appeared first on Security Affairs.

April 19, 2023
0 comment
Read More >>