APT

Pierluigi Paganini March 28, 2022
GhostWriter APT targets state entities of Ukraine with Cobalt Strike Beacon 

Ukraine CERT-UA warns that the Belarus-linked GhostWriter APT group is targeting state entities of Ukraine with Cobalt Strike Beacon. Ukraine CERT-UA uncovered a spear-phishing campaign conducted by Belarus-linked GhostWriter APT group targeting Ukrainian state entities with Cobalt Strike Beacon. The phishing messages use a RAR-archive named “Saboteurs.rar”, which contains RAR-archive “Saboteurs 21.03.rar.” This second archive […]

Pierluigi Paganini March 23, 2022
China-linked GIMMICK implant now targets macOS

Gimmick is a newly discovered macOS implant developed by the China-linked APT Storm Cloud and used to target organizations across Asia. In late 2021, Volexity researchers investigated an intrusion in an environment they were monitoring and discovered a MacBook Pro running macOS 11.6 (Big Sur) that was compromised with a previously unknown macOS malware tracked […]

Pierluigi Paganini March 18, 2022
Russia-linked Cyclops Blink botnet targeting ASUS routers

The recently discovered Cyclops Blink botnet, which is believed to be a replacement for the VPNFilter botnet, is now targeting the ASUS routers. The recently discovered Cyclops Blink botnet is now targeting the ASUS routers, reports Trend Micro researchers. The Cyclops Blink malware has been active since at least June 2019, it targets WatchGuard Firebox and other […]

Pierluigi Paganini February 26, 2022
Fileless SockDetour backdoor targets U.S.-based defense contractors

Researchers provided details about a stealthy custom malware dubbed SockDetour that targeted U.S.-based defense contractors. Cybersecurity researchers from Palo Alto Networks’ Unit 42 have analyzed a previously undocumented and custom backdoor tracked as SockDetour that targeted U.S.-based defense contractors. According to the experts, the SockDetour backdoor has been in the wild since at least July 2019. Unit 42 attributes […]

Pierluigi Paganini February 25, 2022
Ukraine: Belarusian APT group UNC1151 targets military personnel with spear phishing

The CERT of Ukraine (CERT-UA) warned of a spear-phishing campaign targeting Ukrainian armed forces personnel. The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of an ongoing spear-phishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel. The Ukrainian agency attributes the campaign to the Belarus-linked cyberespionage group tracked as UNC1151. In […]

Pierluigi Paganini February 24, 2022
US and UK link new Cyclops Blink malware to Russian state hackers

UK and US cybersecurity agencies linked Cyclops Blink malware to Russia’s Sandworm APT US and UK cybersecurity and law enforcement agencies published a joint security advisory about a new malware, dubbed Cyclops Blink, that has been linked to the Russian-backed Sandworm APT group. Sandworm (aka BlackEnergy and TeleBots) has been active since 2000, it operates under the […]

Pierluigi Paganini February 22, 2022
China-linked APT10 Target Taiwan’s financial trading industry

China-linked APT group APT10 (aka Stone Panda, Bronze Riverside) targets Taiwan’s financial trading sector with a supply chain attack. The campaign was launched by the APT10 group started in November 2021, but it hit a peak between 10 and 13 2022, Taiwanese cybersecurity firm CyCraft reported. The group (also known as Cicada, Stone Panda, MenuPass group, […]

Pierluigi Paganini February 07, 2022
Russian Gamaredon APT is targeting Ukraine since October

Russia-linked APT group Gamaredon is behind spear-phishing attacks against Ukrainian entities and organizations since October 2021. Russia-linked cyberespionage group Gamaredon (aka Armageddon, Primitive Bear, and ACTINIUM) is behind the spear-phishing attacks targeting Ukrainian entities and organizations related to Ukrainian affairs, since October 2021, Microsoft said. This week, Palo Alto Networks’ Unit 42 reported that the […]

Pierluigi Paganini February 04, 2022
A nation-state actor hacked media and publishing giant News Corp

American media and publishing giant News Corp revealed it was victim of a cyber attack from an advanced persistent threat actor. American media and publishing giant News Corp revealed it was victim of a cyber attack from an advanced persistent threat actor that took place in January. The attackers compromised one of the systems of the […]

Pierluigi Paganini February 03, 2022
Antlion APT group used a custom backdoor that allowed them to fly under the radar for months

A China-linked APT group tracked as Antlion used a custom backdoor called xPack that was undetected for months. A China-linked APT group tracked as Antlion is using a custom backdoor called xPack in attacks aimed at financial organizations and manufacturing companies, Symantec researchers reported. The backdoor was undetected for at least 18 months in a […]