US disrupts Russia-linked Snake implant’s network

The US government announced to have disrupted the peer-to-peer (P2P) network of computers compromised by the Snake malware. The Snake implant is one of the most sophisticated implants used by Russia-linked threat actors for cyberespionage purposes. The malware has been designed and used by Center 16 of Russia’s Federal Security Service (FSB) in cyber espionage […]

The post US disrupts Russia-linked Snake implant’s network appeared first on Security Affairs.

May 10, 2023
Read More >>

Iran-linked APT groups started exploiting Papercut flaw

Microsoft warns of Iran-linked APT groups that are targeting vulnerable PaperCut MF/NG print management servers. Microsoft warns that Iran-linked APT groups have been observed exploiting the CVE-2023-27350 flaw in attacks against PaperCut MF/NG print management servers. The CVE-2023-27350 flaw is a PaperCut MF/NG Improper Access Control Vulnerability. PaperCut MF/NG contains an improper access control vulnerability within the […]

The post Iran-linked APT groups started exploiting Papercut flaw appeared first on Security Affairs.

May 9, 2023
Read More >>

Dragon Breath APT uses double-dip DLL sideloading strategy

An APT group tracked as Dragon Breath has been observed employing a new DLL sideloading technique. Sophos researchers observed an APT group, tracked as Dragon Breath (aka APT-Q-27 and Golden Eye), that is using a new DLL sideloading technique that adds complexity and layers to the execution of the classic DLL sideloading. The attack consists of a clean […]

The post Dragon Breath APT uses double-dip DLL sideloading strategy appeared first on Security Affairs.

May 7, 2023
Read More >>

North Korea-linked Kimsuky APT uses new recon tool ReconShark

North Korea-linked APT group Kimsuky has been observed using a new reconnaissance tool dubbed ReconShark in a recent campaign. SentinelOne researchers observed an ongoing campaign from North Korea-linked Kimsuky Group that is using a new malware called ReconShark. The reconnaissance tool is delivered through spear-phishing emails, OneDrive links leading to document weaponized downloads, and the execution of malicious […]

The post North Korea-linked Kimsuky APT uses new recon tool ReconShark appeared first on Security Affairs.

May 5, 2023
Read More >>

Russia-linked Sandworm APT uses WinRAR in destructive attacks on Ukraine’s public sector

CERT-UA is warning of destructive cyberattacks conducted by the Russia-linked Sandworm APT group against the Ukraine public sector. Russia-linked APT group Sandworm is behind destructive cyberattacks against Ukrainian state networks, the Ukrainian Government Computer Emergency Response Team (CERT-UA) warns. The Sandworm group (aka BlackEnergy, UAC-0082, Iron Viking, Voodoo Bear, and TeleBots) has been active since 2000, it operates under the control […]

The post Russia-linked Sandworm APT uses WinRAR in destructive attacks on Ukraine’s public sector appeared first on Security Affairs.

May 4, 2023
Read More >>

North Korea-linked ScarCruft APT uses large LNK files in infection chains

North Korea-linked ScarCruft APT group started using oversized LNK files to deliver the RokRAT malware starting in early July 2022. Check Point researchers reported that the infection chains observed in the attacks attributed to North Korea-linked ScarCruft APT group (aka APT37, Reaper, and Group123) since 2022 have stopped heavily relying on malicious documents to deliver malware and instead […]

The post North Korea-linked ScarCruft APT uses large LNK files in infection chains appeared first on Security Affairs.

May 2, 2023
Read More >>

Transparent Tribe APT actively lures Indian Army amidst increased targeting of Educational Institutions

Overview APT Transparent Tribe (APT36) is luring the Indian Army into opening the malicious file themed ‘Revision of Officers posting policy.’ Quick Heal’s APT Team has been constantly tracking this persistent threat group and has encountered a new attack campaign targeting India. At the same time, we have also observed increased targeting of the education […]

The post Transparent Tribe APT actively lures Indian Army amidst increased targeting of Educational Institutions appeared first on Blogs on Information Technology, Network & Cybersecurity | Seqrite.

May 2, 2023
Read More >>

Russian APT Nomadic Octopus hacked Tajikistani carrier

Russian APT group Nomadic Octopus hacked a Tajikistani carrier to spy on government officials and public service infrastructures. Russian cyber espionage group Nomadic Octopus (aka DustSquad) has hacked a Tajikistani telecoms provider to spy on 18 entities, including high-ranking government officials, telecommunication services, and public service infrastructures. The cyberspies compromised a broad range of devices, […]

The post Russian APT Nomadic Octopus hacked Tajikistani carrier appeared first on Security Affairs.

May 1, 2023
Read More >>

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Russia-linked APT28 group is targeting Ukrainian government bodies with fake ‘Windows Update’ guides, Computer Emergency Response Team of Ukraine (CERT-UA) warns. The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) has been active since at least 2007 and it has targeted governments, […]

The post Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies appeared first on Security Affairs.

April 30, 2023
Read More >>

APT trends report Q1 2023

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

April 27, 2023
Read More >>