The nefarious China-backed Earth Preta APT also known as Mustang Panda has been targeting Asian countries in the long-lasting adversary campaign, which applied an advanced iteration of PlugX malware dubbed DOPLUGS. Detecting Earth Preta Attacks Using DOPLUGS Malware The year 2023 has been marked by the escalating activity of APT collectives reflecting the influence of […]
The infamous North Korean state-sponsored hacking group Kimsuky APT has been spotted leveraging a newly discovered Golang-based information stealer tracked as Troll Stealer along with GoBear malware strains in recent attacks against South Korea. The novel malware is capable of stealing user data, network-related data, system information, and other types of data from compromised systems. […]
State-sponsored hackers acting on behalf of the Beijing government have been organizing offensive operations aimed at collecting intelligence and launching destructive campaigns against the US and global organizations for years, with multiple observed attacks being related to such groups as Mustang Panda or APT41. The latest joint alert by the intelligence agencies of the US, […]
Critical zero-day vulnerabilities impacting external-facing systems pose severe threats to multiple organizations that rely on them, exposing them to risks of RCE and system compromise, just like the active exploitation of the FortiOS SSL-VPN flaw caused havoc in January 2023. Recently, Chinese state-sponsored hacking groups have been observed exploiting two zero-day vulnerabilities tracked as CVE-2023-46805 […]
Throughout the second half of December 2023, cybersecurity researchers uncovered a series of phishing attacks against Ukrainian government agencies and Polish organizations attributed to the infamous russian nation-backed APT28 hacking collective. CERT-UA has recently issued a heads-up covering the in-depth overview of the latest APT28 attacks, from the initial compromise to posing a threat to […]
Adversaries set their eyes on a notorious security flaw in Log4j Java Library tracked as CVE-2021-44228, aka Log4Shell, even a couple of years after its disclosure. A new campaign dubbed “Operation Blacksmith” involves the exploitation of the Log4Shell vulnerability to deploy new malicious strains written in DLang, including novel RATs. The North Korean APT Lazarus […]
The increasing menace posed by nation-state actors continuously increases with new sophisticated attack methods adopted by APT collectives and a massive shift towards stealthiness & operational security. Recently, security researchers revealed a destructive campaign against Israeli organizations launched by an Iran-affiliated hacker group dubbed Agonizing Serpens (aka Agrius, BlackShadow). The main objective of this offensive […]
ShadowPad backdoor is popular among multiple state-backed APTs, including China-linked hacking groups, widely used in their cyber espionage campaigns. A nefarious cyber espionage group known as Redfly has taken advantage of ShadowPad’s offensive capabilities targeting Asia’s state electricity grid organization for half a year. Shadowpad Trojan Detection The growing threat of nation-state APT attacks poses […]
The financial sector, the keystone of the global economy, has become increasingly digitized in recent years. While this transformation brings efficiency and convenience, it also exposes financial institutions to many cybersecurity challenges. Threat actors, ranging from sophisticated hacker groups to opportunistic individuals, are constantly targeting the financial sector, seeking to exploit vulnerabilities for financial gain. […]
Cybersecurity researchers issue a heads-up covering a new targeted cyber attack by the UAC-0057 group against Ukrainian public officials leveraging XLS files that contain a malicious macro spreading PicassoLoader malware. The malicious loader is capable of dropping another malicious strain dubbed njRAT to spread the infection further. PicassoLoader and njRAT Malware Distribution by UAC-0057 Hackers: […]