Tag: APT

ToddyCat APT Targets Microsoft Exchange Servers to Deploy Samurai Backdoor and Ninja Trojan

Meet a novel player in the cyber threat arena! Starting from late 2020 security experts are tracking a new APT collective, dubbed ToddyCat, which was spotted targeting Microsoft Exchange servers in Europe and Asia to deploy custom malware samples. Among the malicious strains distributed by the ToddyCat are previously unknown Samurai backdoor and Ninja Trojan […]

Read More
Log4Shell in VMware Horizon and UAG Servers
New Attempts to Exploit Log4Shell in VMware Horizon Systems: CISA Warns of Threat Actors Actively Leveraging CVE-2021-44228 Apache Log4j Vulnerability

The notorious CVE-2021-44228 Apache Log4j vulnerability aka Log4Shell is still haunting cyber defenders along with reports about its active in-the-wild exploitations. Starting from December 2021, the nefarious Log4Shell flaw on unpatched VMware Horizon and Unified Access Gateway (UAG) servers has been widely weaponized by threat actors enabling them to gain initial access to targeted systems. […]

Read More
DarkCrystal RAT
DarkCrystal RAT Detection: Russia-Affiliated APT Targets Ukrainian Telecom Companies

On June 24, 2022, CERT-UA warned about a new malicious campaign targeting telecommunication providers in Ukraine. According to the investigation, russia-linked adversaries launched a massive phishing campaign delivering DarkCrystal remote access Trojan (RAT), able to perform reconnaissance, data theft, and code execution on the affected instances. The malicious activity is tracked as UAC-0113, which with […]

Read More
China-Backed Threat Actors
ShadowPad Malware Detection: Backdoor Popular Among Chinese Clusters of Espionage Activity

ShadowPad is a modular backdoor highly popular among China-located threat actors, including such clusters of espionage activity as BRONZE UNIVERSITY, BRONZE RIVERSIDE, BRONZE STARLIGHT, and BRONZE ATLAS. The malware is used to download further malicious payloads, opening the way to wider exploitation potential. According to the research data, the malware traces its roots back to […]

Read More
CredoMap and Cobalt Strike Beacon Malware
CredoMap and Cobalt Strike Beacon Detection: APT28 Group and UAC-0098 Threat Actors Once Again Attack Ukrainian Organizations

On June 20, 2022, CERT-UA issued two separate alerts that warn the global cybersecurity community of a new wave of cyber-attacks on Ukrainian organizations weaponizing the nefarious zero-day vulnerability actively exploited in the wild and tracked as CVE-2022-30190 aka Folina. In the CERT-UA#4842 alert, cybersecurity researchers unveiled the malicious activity by a hacking group identified […]

Read More
CrescentImp Malware Detection: Russia-Linked Sandworm APT Targets Ukrainian Media Organizations

The notorious Microsoft Office zero-day vulnerability tracked as CVE-2022-30190 aka Follina is still being actively exploited by multiple hacking organizations across the world. On June 10, 2022, CERT-UA released a new alert warning of ongoing cyber-attacks targeting Ukrainian media organizations. Threat actors continue to leverage the CVE-2022-30190 vulnerability in the latest malicious email campaign aimed […]

Read More
Operation restyLink Detection
Operation RestyLink: Detecting APT Campaign Targeting Japan

Since April 2022 researchers are observing a series of targeted cyber-attacks aimed specifically at Japanese organizations. The campaign, dubbed Operation RestyLink, is believed to be active since at least March 2022, with related malicious activity traced back to October 2021. The exact attribution is currently unclear, but the attack kill chain and its highly-targeted nature […]

Read More
Trojanized IDA Pro
Detecting Trojanized IDA Pro Installers Distributed by Lazarus Hackers

The infamous Lazarus APT strikes again, with security professionals being under attack during the most recent campaign. State-sponsored actor leverages a pirated version of the widely-used IDA Pro reverse engineering application to compromise researchers’ devices with backdoors and remote access Trojans (RATs). NukeSpeed RAT Delivered via Trojanized IDA Pro  According to the research by ESET, […]

Read More
MysterySnail Attack Detection

Security experts from Kaspersky uncovered a sophisticated cyber-espionage campaign that leverages a zero-day bug in Windows (CVE-2021-40449) to attack IT firms, military contractors, and diplomatic institutions. The campaign was attributed to a China-backed APT group tracked as IronHusky. The hacker collective exploited a recently-discovered CVE-2021-40449 to infect systems with a previously unknown remote access Trojan […]

Read More
FoggyWeb Detection
FoggyWeb Backdoor Detection

Microsoft has recently uncovered yet another piece of malware leveraged by the infamous NOBELIUM APT group since spring 2021. The new threat, dubbed FoggyWeb, acts as a post-exploitation backdoor able to exfiltrate information from Active Directory Federation Services (AD FS) servers. Malware has been used in targeted attacks against multiple organizations globally while staying unnoticed […]

Read More