Threat actors often exploit cloud services for C2 to disguise their actions as normal, legitimate traffic. The nefarious Chinese state-backed APT41 hacking collective has been observed employing the TOUGHPROGRESS malicious strain delivered through a hacked government website and targeting multiple other governmental entities. What sets this attack apart is that the malware uses Google Calendar […]
A coordinated advisory from cybersecurity and intelligence agencies across North America, Europe, and Australia confirms a two-year-long cyberespionage campaign by russian GRU Unit 26165 (APT28, Forest Blizzard, Fancy Bear). The campaign targets logistics and tech providers facilitating foreign aid to Ukraine. Detect APT28 (Forest Blizzard, Fancy Bear) Attacks Against Western Companies Since a full-scale invasion […]
ESET’s Q2-Q3 2024 APT Activity Report highlights China-affiliated groups leading global APT operations, with campaigns aimed at intelligence gathering being among the most common and persistent threats. The China-linked espionage group known as Billbug has been observed breaching multiple organizations in Southeast Asia across several industry verticals throughout August 2024 and February 2025 using novel […]
A nefarious russia’s APT group Seashell Blizzard also known as APT44 has been waging global cyber campaigns since at least 2009. Defenders recently spotted a new long-lasting access campaign called “BadPilot,” reinforcing the group’s focus on stealthy initial infiltration and leveraging a set of advanced detection evasion techniques. Detect Seashell Blizzard Attacks For more than […]
The russia-linked Gamaredon APT notorious for a wealth of cyber-offensive operations against Ukraine resurfaces in the cyber threat arena. The ongoing Gamaredon adversary campaign against Ukraine leverages malicious LNK files disguised as war-related lures to deploy the Remcos backdoor and applies sophisticated techniques, such as DLL sideloading. Detect Gamaredon Group Attacks The russia-affiliated hacking groups […]
APT groups from China were ranked among the top global cyber threats alongside North Korea, russia, and Iran, showcasing heightened offensive capabilities and posing significant challenges to the cybersecurity landscape. Following the recent revelation of the Operation AkaiRyū by MirrorFace (aka Earth Kasha), China-nexus attackers are striking again. This time, security researchers report about the […]
According to ESET APT Activity Report Q2 2024-Q3 2024, China-linked threat groups dominate global APT campaigns, with MustangPanda responsible for 12% of activity during the observed quarters of 2024. Another nefarious China-backed APT group tracked as MirrorFace (aka Earth Kasha) has been observed expanding its geographical reach to target the diplomatic agency in the EU […]
In Q1 2024, defenders uncovered destructive cyberattacks against the information and communication technology systems (ICT) of approximately 20 organizations in the critical infrastructure sector across 10 regions of Ukraine. CERT-UA has been observing this activity tracked as a separate threat cluster, UAC-0133, which, with a high level of confidence, is linked to a nefarious russia-afiliated […]
The nefarious cyber-espionage hacking collective tracked as EarthKapre or RedCurl APT has resurfaced to target legal sector organizations using Indeed-themed phishing. In the latest attack, adversaries notorious for highly sophisticated offensive capabilities applied reconnaissance commands and tools, exfiltrated data, and deployed the EarthKapre/RedCurl loader. Detect RedCurl/EarthKapre APT Attacks In 2024, state-sponsored cyber groups from China, […]
For over a decade, russia-backed Sandworm APT group (also tracked as UAC-0145, APT44) has consistently targeted Ukrainian organizations, with a primary focus on state bodies and critical infrastructure. Since the full-scale invasion, this GRU-affiliated military cyber-espionage group has intensified its attacks against Ukrainian targets. The latest malicious campaign, analyzed in February 2025, appears to have […]