Tag: APT

Billbug Attack Detection: China-Linked Espionage Actors Target Southeast Asian Organizations
Billbug Attack Detection: China-Linked Espionage Actors Target Southeast Asian Organizations

ESET’s Q2-Q3 2024 APT Activity Report highlights China-affiliated groups leading global APT operations, with campaigns aimed at intelligence gathering being among the most common and persistent threats. The China-linked espionage group known as Billbug has been observed breaching multiple organizations in Southeast Asia across several industry verticals throughout August 2024 and February 2025 using novel […]

Read More
Seashell Blizzard Attack Detection: A Long-Running Cyber-Espionage “BadPilot” Campaign by russian-linked Hacking Group 
Seashell Blizzard Attack Detection: A Long-Running Cyber-Espionage “BadPilot” Campaign by russian-linked Hacking Group 

A nefarious russia’s APT group Seashell Blizzard also known as APT44 has been waging global cyber campaigns since at least 2009. Defenders recently spotted a new long-lasting access campaign called “BadPilot,” reinforcing the group’s focus on stealthy initial infiltration and leveraging a set of advanced detection evasion techniques. Detect Seashell Blizzard Attacks For more than […]

Read More
Gamaredon Campaign Detection: russia-backed APT Group Targets Ukraine Using LNK Files to Spread Remcos Backdoor
Gamaredon Campaign Detection: russia-backed APT Group Targets Ukraine Using LNK Files to Spread Remcos Backdoor

The russia-linked Gamaredon APT notorious for a wealth of cyber-offensive operations against Ukraine resurfaces in the cyber threat arena. The ongoing Gamaredon adversary campaign against Ukraine leverages malicious LNK files disguised as war-related lures to deploy the Remcos backdoor and applies sophisticated techniques, such as DLL sideloading. Detect Gamaredon Group Attacks  The russia-affiliated hacking groups […]

Read More
Weaver Ant Attack Detection: China-Linked Group Targets a Telecom Provider in Asia Using Multiple Web Shells, Including China Chopper 
Weaver Ant Attack Detection: China-Linked Group Targets a Telecom Provider in Asia Using Multiple Web Shells, Including China Chopper 

APT groups from China were ranked among the top global cyber threats alongside North Korea, russia, and Iran, showcasing heightened offensive capabilities and posing significant challenges to the cybersecurity landscape. Following the recent revelation of the Operation AkaiRyū by MirrorFace (aka Earth Kasha), China-nexus attackers are striking again. This time, security researchers report about the […]

Read More
Operation AkaiRyū Attacks Detection: China-Backed MirrorFace APT Targets Central European Diplomatic Institute Using ANEL Backdoor
Operation AkaiRyū Attacks Detection: China-Backed MirrorFace APT Targets Central European Diplomatic Institute Using ANEL Backdoor

According to ESET APT Activity Report Q2 2024-Q3 2024, China-linked threat groups dominate global APT campaigns, with MustangPanda responsible for 12% of activity during the observed quarters of 2024. Another nefarious China-backed APT group tracked as MirrorFace (aka Earth Kasha) has been observed expanding its geographical reach to target the diplomatic agency in the EU […]

Read More
UAC-0212 Attack Detection: Hackers Linked to UAC-0002 aka Sandworm APT Subcluster Launch Targeted Attacks Against the Ukrainian Critical Infrastructure 
UAC-0212 Attack Detection: Hackers Linked to UAC-0002 aka Sandworm APT Subcluster Launch Targeted Attacks Against the Ukrainian Critical Infrastructure 

In Q1 2024, defenders uncovered destructive cyberattacks against the information and communication technology systems (ICT) of approximately 20 organizations in the critical infrastructure sector across 10 regions of Ukraine. CERT-UA has been observing this activity tracked as a separate threat cluster, UAC-0133, which, with a high level of confidence, is linked to a nefarious russia-afiliated […]

Read More
RedCurl/EarthKapre APT Attack Detection: A Sophisticated Cyber-Espionage Group Uses a Legitimate Adobe Executable to Deploy a Loader
RedCurl/EarthKapre APT Attack Detection: A Sophisticated Cyber-Espionage Group Uses a Legitimate Adobe Executable to Deploy a Loader

The nefarious cyber-espionage hacking collective tracked as EarthKapre or RedCurl APT has resurfaced to target legal sector organizations using Indeed-themed phishing. In the latest attack, adversaries notorious for highly sophisticated offensive capabilities applied reconnaissance commands and tools, exfiltrated data, and deployed the EarthKapre/RedCurl loader. Detect RedCurl/EarthKapre APT Attacks In 2024, state-sponsored cyber groups from China, […]

Read More
Sandworm APT Attacks Detection: russian State-Sponsored Hackers Deploy Malicious Windows KMS Activators to Target Ukraine
Sandworm APT Attacks Detection: russian State-Sponsored Hackers Deploy Malicious Windows KMS Activators to Target Ukraine

For over a decade, russia-backed Sandworm APT group (also tracked as UAC-0145, APT44) has consistently targeted Ukrainian organizations, with a primary focus on state bodies and critical infrastructure. Since the full-scale invasion, this GRU-affiliated military cyber-espionage group has intensified its attacks against Ukrainian targets. The latest malicious campaign, analyzed in February 2025, appears to have […]

Read More
Secret Blizzard Attack Detection: The russia-Linked APT Group Targets Ukraine via Amadey Malware to Deploy the Updated Kazuar Backdoor Version
Secret Blizzard Attack Detection: The russia-Linked APT Group Targets Ukraine via Amadey Malware to Deploy the Updated Kazuar Backdoor Version

Hot on the heels of russia-linked BlueAlpha’s exploitation of Cloudflare Tunneling services to spread GammaDrop malware, another russia-backed state-sponsored APT group comes to the spotlight. The nefarious actor tracked as Secret Blizzard (aka Turla) APT group has been observed leveraging offensive tools and infrastructure of other hacking collectives. The group’s campaigns also focus on deploying […]

Read More
New Cyber-Espionage Campaign Detection: Suspected China-Backed Actors Target High-Profile Organizations in Southeast Asia
New Cyber-Espionage Campaign Detection: Suspected China-Backed Actors Target High-Profile Organizations in Southeast Asia

Defenders observe increasing numbers of cyber-attacks linked to China-backed APT groups, primarily focused on intelligence gathering. In September 2024, a China-affiliated APT group tracked as Earth Baxia set its sights on a state agency in Taiwan and possibly other nations within the APAC region. A recently uncovered cyber-espionage campaign has been targeting high-profile organizations in […]

Read More