China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

China-linked APT group VANGUARD PANDA, aka Volt Typhoon, was spotted observing a novel tradecraft to gain initial access to target networks. CrowdStrike researchers observed the China-linked APT group VANGUARD PANDA, aka Volt Typhoon, using a novel tradecraft to gain initial access to target networks. The Volt Typhoon group has been active since at least mid-2021 […]

The post China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks appeared first on Security Affairs.

June 26, 2023
Read More >>

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Russia-linked APT28 group hacked into Roundcube email servers belonging to multiple Ukrainian organizations. A joint investigation conducted by Ukraine’s Computer Emergency Response Team (CERT-UA) and Recorded Future revealed that the Russia-linked APT28 group hacked into Roundcube email servers belonging to multiple Ukrainian organizations. The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) has been active since at least 2007 […]

The post Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities appeared first on Security Affairs.

June 21, 2023
Read More >>

Barracuda ESG zero-day exploited by China-linked APT

Experts linked the UNC4841 threat actor behind the attacks exploiting the recently patched Barracuda ESG zero-day to China. Mandiant researchers linked the threat actor UNC4841 behind the attacks that exploited the recently patched Barracuda ESG zero-day vulnerability to China. “Through the investigation, Mandiant identified a suspected China-nexus actor, currently tracked as UNC4841, targeting a subset […]

The post Barracuda ESG zero-day exploited by China-linked APT appeared first on Security Affairs.

June 15, 2023
Read More >>

Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine

Russia-linked APT group Gamaredon is using a new toolset in attacks aimed at critical organizations in Ukraine. The Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. Symantec researchers reported that in some cases, the cyberespionage group remained undetected in the […]

The post Russia-linked APT Gamaredon update TTPs in recent attacks against Ukraine appeared first on Security Affairs.

June 15, 2023
Read More >>

Double Action, Triple Infection, and a New RAT: SideCopy’s Persistent Targeting of Indian Defence

Overview A new attack campaign of SideCopy APT has been discovered targeting the Indian Defence sector. The group utilizes phishing email attachments & URLs as the infection vector to download malicious archive files leading to the deployment of two different Action RAT payloads and a new .NET-based RAT. There are three infection chains with themes […]

The post Double Action, Triple Infection, and a New RAT: SideCopy’s Persistent Targeting of Indian Defence appeared first on Blogs on Information Technology, Network & Cybersecurity | Seqrite.

June 15, 2023
Read More >>

Microsoft links Cadet Blizzard APT to Russia’s military intelligence GRU

Microsoft linked a series of wiping attacks to a Russia-linked APT group, tracked as Cadet Blizzard, that is under the control of the GRU. Microsoft attributes the operations carried out by the Russia-linked APT group tracked as Cadet Blizzard to the Russian General Staff Main Intelligence Directorate (GRU). The IT giant pointed out that Cadet Blizzard is […]

The post Microsoft links Cadet Blizzard APT to Russia’s military intelligence GRU appeared first on Security Affairs.

June 15, 2023
Read More >>

China-linked APT UNC3886 used VMware ESXi Zero-Day

A China-linked APT group tracked as UNC3886 has been spotted exploiting a VMware ESXi zero-day vulnerability. Mandiant researchers observed a China-linked cyberespionage group, tracked as UNC3886, exploiting a VMware ESXi zero-day vulnerability tracked as CVE-2023-20867. “VMware Tools contains an Authentication Bypass vulnerability in the vgauth module.” reads the advisory published by VMware. “A fully compromised […]

The post China-linked APT UNC3886 used VMware ESXi Zero-Day appeared first on Security Affairs.

June 14, 2023
Read More >>

Stealth Soldier backdoor used is targeted espionage attacks in Libya

Researchers detected a cyberespionage campaign in Libya that employs a new custom, modular backdoor dubbed Stealth Soldier. Experts at the Check Point Research team uncovered a series of highly-targeted espionage attacks in Libya that employ a new custom modular backdoor dubbed Stealth Soldier. Stealth Soldier is surveillance software that allows operators to spy on the victims […]

The post Stealth Soldier backdoor used is targeted espionage attacks in Libya appeared first on Security Affairs.

June 9, 2023
Read More >>

Experts detail a new Kimsuky social engineering campaign

North Korea-linked APT Kimsuky has been linked to a social engineering campaign aimed at experts in North Korean affairs. SentinelLabs researchers uncovered a social engineering campaign by the North Korea-linked APT group Kimsuky that is targeting experts in North Korean affairs. The attacks are part of a broader campaign recently detailed in a joint advisory published by […]

The post Experts detail a new Kimsuky social engineering campaign appeared first on Security Affairs.

June 8, 2023
Read More >>