Skip to main content

Tag: advanced persistent threat

11 articles

Rows of computer servers and network equipment in a dimly lit server room with organized cables and wires.

GoSerpent Malware Evolves with Advanced Data Exfiltration Tactics

In late 2025, a new wave of malicious activity emerged, led by the evolved GoSerpent malware, which has been quietly lurking in the shadows since at least 2021. This stealthy backdoor has upgraded its data exfiltration tactics, putting organizations on high alert.

Analyst 207
Person sitting at desk, looking concerned while on phone call.

Helix Group Exploits SharePoint with Advanced Vishing Tactics

Helix Group hackers are using clever voice phishing tactics, often impersonating managers, to trick victims into handing over account access. They use a simple yet effective playbook, starting with a convincing phone call that sets the stage for a device-code phishing scheme.

Analyst 207
Government ministry building lobby with laptop screen in foreground.

Chinese APT Deploys TinyRCT Backdoor in Southeast Asia Cyberattacks

A Chinese advanced persistent threat actor, CL-STA-1062, has launched a series of cyberattacks in Southeast Asia, targeting government entities and state-owned energy firms with a new .NET backdoor called TinyRCT. This sophisticated attack tool is part of a hybrid toolkit used by the group, which has been active since March 2022.

Analyst 207
Blurred computer screen on a well-lit office desk with scattered papers and supplies.

Hackers Infiltrate Stock Exchange Executive's Outlook Mailbox for Months

Hackers stealthily infiltrated a senior stock exchange executive's Outlook mailbox, maintaining months-long control of their computer by masquerading as legitimate software. The alarming breach, detected as early as October 10, 2025, allowed the intruder to operate with SYSTEM-level privileges, the highest level of Windows access.

Analyst 207
Modern tech facility with laptop workstation and blank screen.

Iran-nexus APT Expands Espionage Ops with New RAT Variants

Unit 42 researchers have uncovered a sophisticated espionage campaign by an Iran-linked threat group, dubbed Screening Serpens, which has deployed six new remote access Trojan (RAT) variants to target entities across the US, Israel, and the Middle East. These variants, part of two distinct malware families, signal a significant expansion of the group's cyber spying operations.

Analyst 207
Government building facade with people walking in distance, laptop screen in foreground showing blurred code.

Webworm APT Expands European Reach with Evolved Tactics

Meet Webworm, a China-aligned APT group that's now setting its sights on European governments and beyond, with a semi-opportunistic approach that's taken its targets to Belgium, Italy, Poland, Serbia, Spain, and even South Africa. This threat actor's evolved tactics signal a concerning expansion of its reach.

Analyst 207
Rack-mounted Linux server in a data center with a blank screen.

Ivanti, Palo Alto Networks Flaws Exploited in Active Attacks

Meet Quasar Linux RAT, a sneaky malware that combines remote access, evasion, and data theft capabilities, making it a potent threat to Linux systems. This powerful tool lets hackers secretly control infected hosts, harvest sensitive info, and even create a network of compromised devices that communicate with each other.

Analyst 207
Researchers Uncover Fast16 Malware's Stealthy Industrial Sabotage Role

Researchers Uncover Fast16 Malware's Stealthy Industrial Sabotage Role

Researchers have uncovered a highly sophisticated malware, Fast16, designed to secretly sabotage industrial operations by subtly manipulating critical calculations, leading to potentially catastrophic failures. This stealthy threat can silently spread across networks, altering results in high-precision applications and causing damage to real-world equipment.

Analyst 207
Researcher working on computer in laboratory setting with technical equipment.

Researchers Uncover Fast16 Malware That Preceded Stuxnet

Meet fast16.sys, a sneaky kernel driver that intercepts and modifies executable code as it's read from disk, giving its creators unprecedented control over the storage stack and filesystem. This boot-start filesystem component was a game-changer in its time, and researchers are still unraveling its secrets.

Analyst 207
Industrial control system interface on a computer screen with blurred machinery in the background.

Researchers Uncover 'fast16' Malware Targeting Engineering Software Years Before Stuxnet

Researchers have uncovered a long-forgotten malware, fast16, that was designed to sabotage engineering software, beating even the infamous Stuxnet by at least five years. This ancient cyber threat, dating back to 2005, was engineered to spread rapidly and produce inaccurate calculations across entire facilities.

Analyst 207

New Trojan STX RAT Targets Finance Sector with Sophisticated Stealth Methods

Meet STX RAT, a sneaky new remote access trojan that's got its sights set on the finance sector, using advanced stealth methods and command-and-control capabilities to evade detection. This latest threat is a wake-up call for defenders, testing their readiness to respond to increasingly sophisticated attacks.

Analyst 207