A recent MuddyWater campaign tracked as BlackWater shows that the APT group added new anti-detection techniques to its arsenal. Security experts at Cisco Talos attributed the recently spotted campaign tracked as "BlackWater" to the MuddyWater APT group...
Security researchers from Chronicle, Alphabet's cyber-security division, have spotted a Linux variant of the Winnti backdoor. Security experts from Chronicle, the Alphabet's cyber-security division, have discovered a Linux variant of the Winnti backdoor....
The North Korea-linked APT group ScarCruft (aka APT37 and Group123) continues to expand its arsenal by adding a Bluetooth Harvester. North Korea-linked APT group ScarCruft (aka APT37, Reaper, and Group123) continues to expand its arsenal by adding...
The U.S. Department of Homeland Security (DHS) and the FCI published a new joint report on ELECTRICFISH, a malware used by North Korea. US DHS and the Federal Bureau of Investigation (FBI) conducted a joint analysis of a traffic tunneling tool dubbed...
Russia-linked APT group Turla has been using a sophisticated backdoor, dubbed LightNeuron, to hijack Microsoft Exchange mail servers. Russia-linked APT group Turla has been using a sophisticated backdoor, dubbed LightNeuron, to hijack Microsoft Exchange...
The APT34 Glimpse project is maybe the most complete APT34 project known so far, the popular researcher Marco Ramilli analyzed it for us. Indeed we might observe a File-based command and control (a quite unusual solution) structure, a VBS launcher,...
The Hong Kong office of Amnesty International has been hit by a long-running cyberattack carried out by China-linked hackers. Amnesty International's Hong Kong office has been hit with a cyberattack launched by China-linked hackers. “This sophisticated...
Security researchers at Yoroi-Cybaze ZLab uncovered a new campaign carried out by the Russian state-actor dubbed Gamaredon. Introduction Few days after the publication of our technical article related to the evidence of possible APT28 interference...
Iran-linked OilRig cyberespionage group is using the reconnaissance malware Karkoff along with DNSpionage in recent campaigns.Iran-linked OilRig cyberespione group is using the reconnaissance malware Karkoff along with DNSpionage in recent campaigns. The...
Experts at Kaspersky Lab linked the recent supply-chain attack targeted ASUS users to the "ShadowPad" threat actor and the CCleaner incident. Security researchers at Kaspersky Lab linked the recent supply-chain attack that hit ASUS users (tracked...