A cyberespionage group, tracked as Witchetty, used steganography to hide a previously undocumented backdoor in a Windows logo. Broadcom's Symantec Threat Hunter Team observed a threat actor, tracked as Witchetty, using steganography to hide a previously...
The Russia-linked APT28 group is using mouse movement in decoy Microsoft PowerPoint documents to distribute malware. The Russia-linked APT28 employed a technique relying on mouse movement in decoy Microsoft PowerPoint documents to deploy malware,...
North Korea-linked Lazarus APT group is targeting macOS Users searching for jobs in the cryptocurrency industry. North Korea-linked Lazarus APT group continues to target macOS with a malware campaign using job opportunities as a lure. The attackers...
China-linked cyberespionage group TA413 exploits employ a never-before-undetected backdoor called LOWZERO in attacks aimed at Tibetan entities. A China-linked cyberespionage group, tracked as TA413 (aka LuckyCat), is exploiting recently disclosed...
A previously undetected hacking group, tracked as Metador, has been targeting telecommunications, internet services providers (ISPs), and universities for about two years. SentinelLabs researchers uncovered a never-before-seen threat actor, tracked...
Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target...
North Korea-linked threat actor UNC4034 is spreading tainted versions of the PuTTY SSH and Telnet client. In July 2022, Mandiant identified a novel spear phish methodology that was employed by North Korea-linked threat actor UNC4034. The attackers...
Russia-linked Gamaredon APT targets employees of the Ukrainian government, defense, and law enforcement agencies with a custom information-stealing malware. Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear,...
China-linked SparklingGoblin APT was spotted using a Linux variant of a backdoor known as SideWalk against a Hong Kong university. Researchers from ESET discovered a Linux variant of the SideWalk backdoor, which is a custom implant used by the China-linked...
Iran-linked threat actors target individuals specializing in Middle Eastern affairs, nuclear security and genome research. In mid-2022, Proofpoint researchers uncovered a cyberespionage campaign conducted by Iran-linked TA453 threat actors. The...