A Chinese nation-state group has been observed targeting Foreign Affairs ministries and embassies in Europe using HTML smuggling techniques to deliver the PlugX remote access trojan on compromised systems.

The Iranian state-sponsored group dubbed MuddyWater has been attributed to a previously unseen command-and-control (C2) framework called PhonyC2 that’s been put to use by the actor since 2021.

In a new report, Sekoia analysts say that the DDoSia platform has grown significantly over the year, reaching 10,000 active members contributing firepower to the project’s DDoS attacks and 45,000 subscribers on its main Telegram channel.

The latest PowerStar variant offers remote execution of PowerShell and C# commands, persistence through various methods, dynamic configuration updates, multiple C2 channels, system reconnaissance, and monitoring of established persistence mechanisms.

The latest hack claimed by GhyamSarnegouni demonstrates the depth of information that hackers and hacktivists are accessing in Iran’s internal politics, with potentially significant implications for national security.

An analysis of the group’s modus operandi has revealed its emphasis on operational security, carefully using an extensive set of open-source tools against a limited number of victims to carry out long-term malicious acts.

Check Point laid bare a Chinese APT operation using a self-propagating USB malware called WispRider. A European healthcare institution fell victim to it after an employee used an infected USB drive on the hospital’s system. The USB drives were further …

Libra is the designation given by Unit 42 for cybercrime groups. The “muddled” moniker for the threat actor stems from the prevailing ambiguity with regard to the use of the 0ktapus framework.

Security experts came across a new campaign—from late 2022 to early 2023—by the Chinese state-sponsored threat group APT15, which used a novel backdoor called Graphican that possesses several capabilities. Symantec has published the IOCs for a better u…

Graphican is notable for using Microsoft Graph API and OneDrive to stealthily obtain its C2 infrastructure addresses in encrypted form, giving it versatility and resistance against take-downs.