APT

Pierluigi Paganini October 25, 2021
Russia-linked Nobelium APT targets orgs in the global IT supply chain

Russia-linked Nobelium APT group has breached at least 14 managed service providers (MSPs) and cloud service providers since May 2021. The SolarWinds security breach was not isolated, Russia-linked Nobelium APT group has targeted140 managed service providers (MSPs) and cloud service providers and successfully breached 14 of them since May 2021. The NOBELIUM APT (APT29, Cozy Bear, and […]

Pierluigi Paganini October 20, 2021
China-linked LightBasin group accessed calling records from telcos worldwide

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. A China-linked hacking group, tracked as LightBasin (aka UNC1945), hacked mobile telephone networks around the globe and used specialized tools to access calling records and text messages from telecommunications companies. The cyberespionage group has been active […]

Pierluigi Paganini October 19, 2021
Symantec uncovered a previously unknown nation-state actor, named Harvester, that targeted telcos

Symantec spotted a previously unknown nation-state actor, tracked as Harvester, that is targeting telecommunication providers and IT firms in South Asia. Symantec spotted a previously unknown nation-state actor, tracked as Harvester, that is using a custom implant, dubbed Backdoor.Graphon, in attacks aimed at telecommunication providers, IT firms, and government entities in South Asia. At this […]

Pierluigi Paganini October 16, 2021
Russia-Linked TA505 targets financial institutions in a new malspam campaign

Russia-linked TA505 group leverages a lightweight Office file to spread malware in a campaign, tracked as MirrorBlast, aimed at financial institutions. Russia-linked APT group TA505 (e.g. Evil Corp) is leveraging a lightweight Office file in a new malware campaign, tracked as MirrorBlast, targeting financial institutions in multiple geographies. TA505 hacking group has been active since 2014 […]

Pierluigi Paganini October 14, 2021
Google sent over 50,000 warnings of state-sponsored attacks, +33% from same period in 2020

Google revealed to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers since January. Google announced to have sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021. The data were provided by Google’s Threat Analysis Group (TAG), which tracks government-backed hacking campaign, which warns of a […]

Pierluigi Paganini October 11, 2021
Iran-linked DEV-0343 APT target US and Israeli defense technology firms

DEV-0343: Iran-linked threat actors are targeting US and Israeli defense technology companies leveraging password spraying attacks. Researchers at Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (DSU) uncovered a malicious activity cluster, tracked as DEV-0343, that is targeting the Office 365 tenants of US and Israeli defense technology companies. Threat actors are launching extensive […]

Pierluigi Paganini October 08, 2021
58% of all nation-state attacks in the last year were launched by Russian nation-state actors

Microsoft revealed that Russia-linked cyberespionage groups are behind the majority of the nation-state cyber attacks on US government agencies. Microsoft revealed that most of the cyber attacks on US government agencies are orchestrated by Russia-linked cyberespionage groups. According to the IT giant, approximately 58% of all nation-state attacks between July 2020 and June 2021 were […]

Pierluigi Paganini October 08, 2021
Google warns of APT28 attack attempts against 14,000 Gmail users

Google warned more than 14,000 Gmail users that they have been the target of nation-state spear-phishing campaigns. On Wednesday, Google announced to have warned approximately 14,000 Gmail users that they had been targeted by nation-state hackers. Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch […]

Pierluigi Paganini October 07, 2021
Operation GhostShell: MalKamak APT targets aerospace and telco firms

Operation GhostShell: Threat actors used ShellClient malware in cyberespionage campaigns aimed at companies in the aerospace and telecommunications sectors. Hackers use stealthy ShellClient malware on aerospace, telco firms Cybereason Nocturnus and Incident Response Teams discovered a new threat actor that is targeting organizations in the aerospace and telecommunications sectors with the ShellClient malware as part […]

Pierluigi Paganini October 04, 2021
New APT ChamelGang Targets energy and aviation companies in Russia

ChamelGang APT is a new cyberespionage group that focuses on fuel and energy organizations and aviation industry in Russia ChamelGang is a new APT group that was first spotted in March by researchers at security firm Positive Technologies, it targets Russian companies in the energy and aviation industry. In March, the cyberespionage group was observed leveraging […]