China-linked APT Naikon employed a new backdoor in multiple cyber-espionage operations targeting military organizations from Southeast Asia in the last 2 years. The Naikon APT group is a China-linked cyber espionage group that has been active at least since 2010 and that remained under the radar since 2015 while targeting entities in Asia-Pacific (APAC) region. Organizations targeted by the […]
Security vendor SonicWall has addressed three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products. SonicWall is warning its customers to update their hosted and on-premises email security products to address three zero-day vulnerabilities that are being actively exploited in the wild. The three vulnerabilities addressed by the security vendor are: CVE-2021-20021: Email Security Pre-Authentication Administrative […]
North Korea-linked Lazarus APT group is abusing bitmap (.BMP) image files in a recent spear-phishing campaign targeting entities in South Korea. Experts from Malwarebytes have uncovered a spear-phishing attack conducted by a North Korea-linked Lazarus APT group that obfuscated a malicious code within a bitmap (.BMP) image file. The malicious code within the bitmap image […]
Group-IB observed the North Korea-linked Lazarus APT group stealing cryptocurrency using a never-before-seen tool. In the last five years, JavaScript sniffers have grown into one of the most dangerous threats for e-commerce businesses. The simple nature of such attacks combined with the use of malicious JavaScript code for intercepting payment data attract more and more […]
Researchers from Google’s Threat Analysis Group (TAG) reported that North Korea-linked hackers are targeting security researchers via social media. The cyberspies used fake Twitter and LinkedIn social media accounts to get in contact with the victims. Experts identified two accounts impersonating recruiters for antivirus and security companies. Social media profiles were quickly removed after Google […]
China-linked APT group RedEcho has taken down its attack infrastructure after it was exposed at the end of February by security researchers. China-linked APT group RedEcho has taken down its attack infrastructure after security experts have exposed it. At the end of February, experts at Recorded Future have uncovered a suspected Chinese APT actor targeting […]
China-linked cyber espionage group APT31 is believed to be behind an attack on the Parliament of Finland that took place in 2020. China-linked cyber espionage group APT31 is believed to be behind an attack on the Parliament of Finland that took place in 2020. According to the government experts, the hackers breached some parliament email […]
Chinese APT groups are targeting telecom companies in cyberespionage campaigns collectively tracked as Operation Diànxùn, to steal 5G secrets. Chinese-language threat actors are targeting telecom companies, as part of a cyber espionage campaign tracked as ‘Operation Diànxùn,’ to steal sensitive data and trade secrets tied to 5G technology. Hackers behind these campaigns are targering people […]
The fire at the OVH datacenter in Strasbourg also impacted the command and control infrastructure used by several nation-state APT groups and cybercrime gangs. OVH, one of the largest hosting providers in the world, has suffered this week a terrible fire that destroyed its data centers located in Strasbourg. The French plant in Strasbourg includes 4 […]
Intezer experts have spotted a new strain of Linux backdoor dubbed RedXOR that is believed to be part of the arsenal of China-linked Winniti APT. Researchers from Intezer have discovered a new sophisticated backdoor, tracked as RedXOR, that targets Linux endpoints and servers. The malware was likely developed by the China-linked cyber espionage group Winnti. […]