Tag: APT

MQsTTang Backdoor Detection: New Custom Malware by Mustang Panda APT Actively Used in the Latest Campaign Against Government Entities  

New day, new malicious threat challenging cyber defenders! Recently, security researchers have revealed a novel malware strain being actively leveraged by Mustang Panda APT in their ongoing campaign against targets in Europe and Asia. Dubbed MQsTTang, the new custom backdoor has been developed from scratch to fly under the radar and make attribution harder while […]

Read More
BlueNoroff Group Attack Detection
BlueNoroff Group Activity Detection: Threat Actors Apply Novel Methods to Bypass Windows Mark-of-the-Web (MoTW) Protection

BlueNoroff, which is part of the larger Lazarus Group, is a financially-motivated hacking collective striving to gain financial benefits from its offensive capabilities. The group, known for stealing cryptocurrency and commonly applying Word documents and LNK files for initial intrusion, has currently been leveraging new adversary methods. In the latest attacks, BlueNoroff experiments with new […]

Read More
What is Ransomware Detection? How to Detect Ransomware

The method of a secure cryptographic key exchange was introduced by Whitfield Diffie and Martin Hellman in 1976. Cool thing about the public and private key pair is that the decryption key cannot be deciphered in any way from an encryption key.  This feature is exactly what’s exploited by ransomware actors who encrypt data and […]

Read More
Nobelium APT
MagicWeb Detection: NOBELIUM APT Uses Sophisticated Authentication Bypass

A notorious APT group tracked as NOBELIUM (aka APT29, Cozy Bear, and The Dukes) adds new threats to their set of malicious tricks. The threat actor, responsible for a 2020 headline-making hack of Texas-based SolarWinds company, remains a highly active criminal gang, impacting a wide range of industries and organizations in public, private, and non-governmental […]

Read More
Armageddon APT aka UAC-0010 Uses GammaLoad and GammaSteel Malware in Targeted Cyber-Attacks on Ukraine

With the outbreak of the global cyber war, the malicious activity of the Armageddon cyber-espionage group aka Gamaredon or UAC-0010 has been in the limelight in the cyber threat arena targeting Ukrainian state bodies. The hacking collective launched a series of phishing cyber-attacks, including campaigns in May spreading GammaLoad.PS1_v2 malware and in April 2022. On […]

Read More
North Korean Hackers APT37
APT37 Detection: North Korean Hackers Distribute Konni RAT, Target Orgs in Czechia and Poland

The APT37, aka Reaper, Ricochet Chollima, and ScarCruft, is a hacking group affiliated with North Korea. The hackers have been active since at least 2012, mostly targeting orgs in the public and private sectors in South Korea. Starting in 2017, the adversaries expanded their targeting, now seeking victims globally. The affected sectors include but are […]

Read More
PingPull Malware
PingPull Malware Detection: New Stealthy RAT Used by Gallium APT

Researchers report new attacks with an upgraded remote access trojan (RAT) dubbed PingPull launched by Gallium hackers. The Gallium APT has been around since at least 2012 and bears the markings of what is likely a nation-state threat actor, believed to be backed by the Chinese government. Their latest activity is characterized by APT’s strive […]

Read More
Evilnum APT Group
Evilnum Hacking Group Resurfaces With Spear Phishing Attacks on European Migration Organizations

The operations of Evilnum hackers have been watched closely by security analysts since 2020, with the threat actors’ activity traced back as early as 2018. The APT group is predominantly associated with the attacks on the FinTech sector in Europe, often classified as a financially motivated group. Sources claimed that the most recent spear phishing […]

Read More
ToddyCat APT Targets Microsoft Exchange Servers to Deploy Samurai Backdoor and Ninja Trojan

Meet a novel player in the cyber threat arena! Starting from late 2020 security experts are tracking a new APT collective, dubbed ToddyCat, which was spotted targeting Microsoft Exchange servers in Europe and Asia to deploy custom malware samples. Among the malicious strains distributed by the ToddyCat are previously unknown Samurai backdoor and Ninja Trojan […]

Read More
Log4Shell in VMware Horizon and UAG Servers
New Attempts to Exploit Log4Shell in VMware Horizon Systems: CISA Warns of Threat Actors Actively Leveraging CVE-2021-44228 Apache Log4j Vulnerability

The notorious CVE-2021-44228 Apache Log4j vulnerability aka Log4Shell is still haunting cyber defenders along with reports about its active in-the-wild exploitations. Starting from December 2021, the nefarious Log4Shell flaw on unpatched VMware Horizon and Unified Access Gateway (UAG) servers has been widely weaponized by threat actors enabling them to gain initial access to targeted systems. […]

Read More