APT

Pierluigi Paganini May 04, 2023
Russia-linked Sandworm APT uses WinRAR in destructive attacks on Ukraine’s public sector

CERT-UA is warning of destructive cyberattacks conducted by the Russia-linked Sandworm APT group against the Ukraine public sector. Russia-linked APT group Sandworm is behind destructive cyberattacks against Ukrainian state networks, the Ukrainian Government Computer Emergency Response Team (CERT-UA) warns. The Sandworm group (aka BlackEnergy, UAC-0082, Iron Viking, Voodoo Bear, and TeleBots) has been active since 2000, it operates under the control […]

Pierluigi Paganini May 02, 2023
North Korea-linked ScarCruft APT uses large LNK files in infection chains

North Korea-linked ScarCruft APT group started using oversized LNK files to deliver the RokRAT malware starting in early July 2022. Check Point researchers reported that the infection chains observed in the attacks attributed to North Korea-linked ScarCruft APT group (aka APT37, Reaper, and Group123) since 2022 have stopped heavily relying on malicious documents to deliver malware and instead […]

Pierluigi Paganini April 26, 2023
China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

China-linked threat actor tracked as Alloy Taurus is using a Linux variant of the PingPull backdoor and a new tool dubbed Sword2033. Researchers from Palo Alto Networks Unit 42 recently observed the China-linked Alloy Taurus group  (aka GALLIUM, Softcell) targeting Linux systems with a new variant of PingPull backdoor. While investigating the activity of the group, the […]

Pierluigi Paganini April 20, 2023
Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

North Korea-linked APT group Lazarus employed new Linux malware in attacks that are part of Operation Dream Job. North Korea-linked APT group Lazarus is behind a new campaign tracked as Operation DreamJob (aka DeathNote or NukeSped) that employed Linux malware. The threat actors were observed using social engineering techniques to compromise its targets, with fake job offers […]

Pierluigi Paganini April 10, 2023
Iran-linked MERCURY APT behind destructive attacks on hybrid environments

Iran-linked APT group MERCURY is behind destructive attacks on hybrid environments masquerading as a ransomware operation. The Microsoft Threat Intelligence team observed a series of destructive attacks on hybrid environments that were carried out by MuddyWater APT group (aka MERCURY). Threat actors masqueraded the attacks as a standard ransomware operation. MERCURY (aka MuddyWater, SeedWorm and TEMP.Zagros) has been active since […]

Pierluigi Paganini April 06, 2023
Analyzing attacks conducted by North Korea-linked ARCHIPELAGO APT group

Google’s Threat Analysis Group (TAG) warns of a North Korea-linked cyberespionage group tracked as ARCHIPELAGO. Google’s Threat Analysis Group (TAG) is warning of the North Korea-linked ARCHIPELAGO group that is targeting government and military personnel, think tanks, policy makers, academics, and researchers in South Korea, the US and elsewhere. Google experts are tracking ARCHIPELAGO since […]

Pierluigi Paganini March 28, 2023
Bitter APT group targets China’s nuclear energy sector 

Intezer researchers reported that a South Asian espionage group, tracked as Bitter, is targeting the Chinese nuclear energy industry. Intezer researchers uncovered a cyberespionage campaign targeting the Chinese nuclear energy sector, they linked it to the Bitter APT group. The Bitter APT group is a South Asian cyberespionage group active since at least 2021. The group […]

Pierluigi Paganini March 27, 2023
Technical analysis of China-linked Earth Preta APT’s infection chain

China-linked Earth Preta cyberespionage group has been observed adopting new techniques to bypass security solutions. Trend Micro researchers reported that the China-linked Earth Preta group (aka Mustang Panda) is actively changing its tools, tactics, and procedures (TTPs) to bypass security solutions. Earth Preta, also known as “RedDelta” or “Bronze President,” has been active since at least […]

Pierluigi Paganini March 15, 2023
YoroTrooper APT group targets CIS countries and embassies

A new APT group, dubbed YoroTrooper, has been targeting government and energy organizations across Europe, experts warn. Cisco Talos researchers uncovered a new cyber espionage group targeting CIS countries, embassies and EU health care agency since at least June 2022. The APT group focuses on government or energy organizations in Azerbaijan, Tajikistan, Kyrgyzstan and other Commonwealth […]

Pierluigi Paganini March 08, 2023
China-linked APT Sharp Panda targets government entities in Southeast Asia

China-linked APT group Sharp Panda targets high-profile government entities in Southeast Asia with the Soul modular framework. CheckPoint researchers observed in late 2022, a campaign attributed to the China-linked APT group Sharp Panda that is targeting a high-profile government entity in the Southeast Asia. The state-sponsored hackers used a new version of the SoulSearcher loader, which eventually loads a new […]