In Q1 2024, defenders uncovered destructive cyberattacks against the information and communication technology systems (ICT) of approximately 20 organizations in the critical infrastructure sector across 10 regions of Ukraine. CERT-UA has been observing this activity tracked as a separate threat cluster, UAC-0133, which, with a high level of confidence, is linked to a nefarious russia-afiliated […]
The nefarious cyber-espionage hacking collective tracked as EarthKapre or RedCurl APT has resurfaced to target legal sector organizations using Indeed-themed phishing. In the latest attack, adversaries notorious for highly sophisticated offensive capabilities applied reconnaissance commands and tools, exfiltrated data, and deployed the EarthKapre/RedCurl loader. Detect RedCurl/EarthKapre APT Attacks In 2024, state-sponsored cyber groups from China, […]
For over a decade, russia-backed Sandworm APT group (also tracked as UAC-0145, APT44) has consistently targeted Ukrainian organizations, with a primary focus on state bodies and critical infrastructure. Since the full-scale invasion, this GRU-affiliated military cyber-espionage group has intensified its attacks against Ukrainian targets. The latest malicious campaign, analyzed in February 2025, appears to have […]
Hot on the heels of russia-linked BlueAlpha’s exploitation of Cloudflare Tunneling services to spread GammaDrop malware, another russia-backed state-sponsored APT group comes to the spotlight. The nefarious actor tracked as Secret Blizzard (aka Turla) APT group has been observed leveraging offensive tools and infrastructure of other hacking collectives. The group’s campaigns also focus on deploying […]
Defenders observe increasing numbers of cyber-attacks linked to China-backed APT groups, primarily focused on intelligence gathering. In September 2024, a China-affiliated APT group tracked as Earth Baxia set its sights on a state agency in Taiwan and possibly other nations within the APAC region. A recently uncovered cyber-espionage campaign has been targeting high-profile organizations in […]
At the end of summer, 2024, the FBI, Department of Defense, and CISA issued a joint advisory warning cybersecurity experts of a rise in operations by Iran-affiliated adversaries known as Pioneer Kitten. The U.S. cybersecurity authoring agencies in collaboration with international partners have recently issued another advisory AA24-290A covering the increasing activity of Iranian threat […]
Amid a spike in cyber-espionage efforts by North Korean APT groups targeting Southeast Asia under the SHROUDED#SLEEP campaign, cybersecurity experts are raising alarms about a parallel wave of attacks orchestrated by Iran-affiliated hackers. This newly discovered campaign focuses on spying on organizations across the UAE and Gulf regions. Known as Earth Simnavaz APT (also referred […]
North Korea-affiliated APT groups have consistently ranked among the most active adversaries over the past decade. This year, security experts have observed a significant uptick in their malicious operations, driven by enhanced toolsets and an expanded range of targets. In August 2024, North Korean hackers bolstered their arsenal with the MoonPeak Trojan. A month earlier, […]
The nefarious state-sponsored russia-aligned Gamaredon (aka Hive0051, UAC-0010, or Armageddon APT) has been launching a series of cyber-espionage campaigns against Ukraine since 2014, with cyber attacks intensifying since russia’s full-scale invasion of Ukraine on February 24, 2022. ESET recently published an in-depth technical analysis, providing insights into Gamaredon’s cyber-espionage operations against Ukraine throughout 2022 and […]
In the first quarter of 2024, state-sponsored APT groups from regions such as China, North Korea, Iran, and russia demonstrated notably sophisticated and innovative adversary methods, creating significant challenges for the global cybersecurity landscape. Recently, a China-linked APT group known as Earth Baxia has targeted a state agency in Taiwan and potentially other countries in […]