Skip to main content

Tag: apt

57 articles

Formal office setting with laptop, papers, and pen on a desk near a window overlooking a cityscape.

GoSerpent Malware Targets Southeast Asian Governments for Espionage

A stealthy cyber threat, known as GoSerpent, has been secretly targeting Southeast Asian governments and diplomats since late 2025, with the goal of gathering sensitive intelligence. This sophisticated malware has been evolving, with a new set of malicious tools deployed as recently as May 2026.

Analyst 207
A laptop screen displays a software update, with a subtle shadow of a hand in the background, symbolizing exploitation.

ViPNet Update System Exploited in HelloNet APT Campaign

Kaspersky uncovered a sneaky APT campaign, HelloNet, that exploited the ViPNet Update System to spread malware, starting as far back as May 2026. The attackers cleverly used a malicious library to hijack the ViPNet updater, allowing them to siphon off sensitive info and clean up their tracks.

Analyst 207
Police officers work at desks in a brightly-lit station with a large map of Balochistan on the wall.

Chinese and Indian Spies Target Pakistani Police Systems

Suspected Chinese and Indian spies launched a targeted attack on Pakistani police systems, specifically focusing on the Balochistan Police, between February 2024 and April 2026. The intrusion campaigns compromised sensitive data, including biometric records, criminal case files, and national identity information.

Analyst 207
Brightly-lit server room in a Pakistani law enforcement office with generic computer equipment and network devices.

China, India-Aligned Hackers Target Pakistani Law Enforcement in Espionage Campaigns

Cyber attackers have launched a stealthy espionage campaign targeting Pakistani law enforcement agencies, breaching sensitive data like biometric records, criminal files, and personnel info. The compromised assets included servers managing police and citizen data at organizations like Balochistan Police.

Analyst 207
University server room with rows of computer equipment and subtle hints of a security breach.

Chinese Spies Exploit Roundcube Flaw to Breach University Servers

A recent series of university server breaches, attributed to a group called UNK_MassTraction, has exposed vulnerabilities in North American higher-education institutions, with potentially dozens more affected. The breach, linked to a flaw in Roundcube, is believed to be an ongoing campaign.

Analyst 207
University hallway with generic furnishings and decor, daytime scene.

Hackers Exploit Roundcube Flaw to Target Academic Researchers

A new wave of cyber attacks linked to China is targeting academic researchers in the US and Canada, specifically those in physics, engineering, and national security-related fields, by exploiting a vulnerability in Roundcube webmail servers. The campaign, tracked as 'UNK_MassTraction', has been ongoing since May and has already hit several universities.

Analyst 207
Interconnected devices in a neutral setting, forming a network.

China-Linked APT Bolsters Proxy Network with Custom Malware Arsenal

Meet UAT-7810, a China-linked advanced persistent threat that's rapidly expanding its proxy network with custom malware, allowing other attackers to hide their tracks and route traffic through compromised devices. This sophisticated operation, known as LapDogs, has been providing infrastructure for malicious activities for years.

Analyst 207
Cramped network closet with rows of equipment, patch panels, and tangled cables.

China-Linked APT Expands ORB Network with LONGLEASH Malware

Meet UAT-7810, a Chinese threat actor with a mission to build and expand Operational Relay Box (ORB) networks, which can be hijacked by other malicious groups to launch targeted attacks on high-value targets. Their latest move involves deploying the LONGLEASH malware to supercharge their ORB network.

Analyst 207
University campus scene with a building and clock tower, hint of computer equipment in foreground.

China-Aligned Hackers Exploit Roundcube Servers at US, Canada Universities

China-aligned hackers are targeting universities in the US and Canada, exploiting vulnerable Roundcube webmail servers to gain access to sensitive physics and engineering departments with potential national security links. This latest campaign highlights the ongoing threat of email-based attacks and the need for robust server security.

Analyst 207
Person sits at cluttered desk with laptop and financial documents, surrounded by papers.

China-nexus Hackers Deploy DcRAT via Fake Indian Tax Utility

Cyber attackers with ties to China are pulling out all the stops to scam Indian taxpayers, using a sophisticated fake tax utility to deploy malware and pilfer sensitive info. Their precision-crafted phishing campaign, dubbed Operation DragonReturn, sends convincing emails and PDFs that even cite real laws to trick victims.

Analyst 207
Corporate office setting with laptop on desk and cityscape through window.

ToddyCat APT Exploits OAuth to Breach Gmail via Google API

Meet ToddyCat, a sneaky APT group that's been exploiting OAuth and the Google API to secretly breach corporate Gmail accounts since 2020. Their latest trick involves a cunning malware called Umbrij, which lets them hijack email communications with ease.

Analyst 207
Cluttered office desk with laptop, papers, and storage devices.

Kaspersky Exposes AsyncRAT Campaign Using ScreenConnect

Malicious actors have launched a massive campaign using fake software downloads to spread the AsyncRAT malware, disguising it as popular utilities like OBS Studio and DNS Jumper. Kaspersky uncovered over 90 spoofed domains in 10 languages, hinting at a sophisticated and widespread threat.

Analyst 207
Blurred computer screen at a corporate office workstation in bright daylight.

ToddyCat APT Group Exploits Google API for Email Access

Meet ToddyCat, a sneaky APT group that's taken automation to the next level with its new tool, Umbrij - allowing it to secretly tap into corporate email and cloud resources by exploiting Google API. This stealthy move has helped ToddyCat remain undetected by monitoring systems, leaving organizations vulnerable to attack.

Analyst 207
Hotel staff room with laptop on desk showing suspicious email on blurred screen.

Hackers Exploit Blockchain to Target Japan Hotels via Phishing

TrendAI Research uncovered a sneaky phishing campaign in late May 2026 that targeted hotel staff in Japan, cleverly disguising emails as guest complaints or review requests to trick employees into divulging sensitive info. The attackers stayed one step ahead, constantly updating their tactics to maximize their success.

Analyst 207
Laptop in government office with blurred screen and papers nearby.

Mustang Panda Exploits Zoho WorkDrive in Indian Government Attacks

Meet the sneaky hackers known as Mustang Panda, who've been using a clever trick to steal sensitive info from Indian government machines - by hiding in plain sight within legitimate cloud traffic on Zoho WorkDrive. Their covert operation went undetected for 10 days, blending in seamlessly with routine cloud activity.

Analyst 207
Southeast Asian cityscape with industrial control system hinted in background.

China-Linked Hackers Deploy TinyRCT Backdoor in Southeast Asian Infrastructure Attacks

For years, a stealthy China-linked hacking group has been quietly targeting critical infrastructure in Southeast Asia, with a clear strategic interest in disrupting or monitoring key regional industries. Their sophisticated attacks have zeroed in on state-owned energy and government sectors, using a potent tool called the TinyRCT backdoor.

Analyst 207
Dimly lit office space with computer workstation, scattered papers, and RAR archive box, conveying targeted espionage.

Turla Unveils STOCKSTAY Backdoor in Ukraine Espionage Campaigns

Russian hackers, specifically the state-sponsored group Turla, have unleashed a new and stealthy backdoor called STOCKSTAY in a recent espionage campaign targeting Ukraine. This sneaky malware uses a secure WebSocket connection to communicate with its command center, making it a formidable tool for cyber spies.

Analyst 207
Water utility company's outdoor infrastructure with personnel and subtle computer systems.

Iranian Hackers Exploit Credentials in Cal Water Breach

Cal Water swiftly sprang into action when an Iranian-linked group, Handala, claimed to have hacked their system, activating their cybersecurity response plan and launching a thorough investigation. Thankfully, experts from Mandiant found that the breach was limited to third-party accounts, containing no evidence of a larger-scale attack.

Analyst 207
Technicians in a network equipment room, one concerned technician foreground checking a Cisco SD-WAN Manager device.

Hackers Exploit Cisco Zero-Day for High-Level Access at Telecom Provider

In a chilling cyberattack, hackers exploited a previously unknown Cisco zero-day vulnerability to gain unrestricted access to a major telecom provider's system, creating a rogue admin account with full control. The breach, detected in March, was carried out in two waves, allowing the attackers to infiltrate the provider's SD-WAN Manager devices.

Analyst 207
Network equipment and monitoring systems surround a central router in a typical operations room setting.

Mandiant Exposes Cisco SD-WAN Zero-Day Attacks' Root Access Methods

Cisco's SD-WAN system was exploited in active attacks using a high-severity flaw, allowing hackers to create a rogue root account and take full control of targeted devices. This vulnerability, tracked as CVE-2026-20245, was triggered through a simple tenant-upload feature in the command-line interface.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit server room.

SharkLoader Targets Global Entities with Cobalt Strike Deployment

Kaspersky researchers have uncovered a sophisticated campaign, dubbed StrikeShark, where hackers exploited vulnerabilities like ProxyLogon to deploy SharkLoader malware and gain access to high-stakes targets worldwide. The attackers used multiple publicly disclosed flaws to compromise internet-facing services, hitting diplomatic entities, software vendors, and more.

Analyst 207
Government agency office interior with computer workstations and a desk, featuring soft natural light and muted colors.

China-Linked Backdoor Expands to Windows with Kernel Stealth

A China-linked espionage group has unleashed a stealthy backdoor that infiltrates Windows systems, targeting government bodies in Honduras, Taiwan, Thailand, and Pakistan. The malware, known as SprySOCKS, boasts advanced espionage features and kernel-level stealth, making it a formidable threat.

Analyst 207
Government agency office interior with laptop, papers, and network diagram on wall.

Earth Lusca Expands Arsenal with Windows SprySOCKS Malware

Chinese threat actor Earth Lusca has upgraded its malware arsenal with Windows SprySOCKS, a sneaky tool that lets hackers secretly send commands to compromised devices, allowing them to fly under the radar. This latest move has been linked to a string of high-profile attacks on government organizations worldwide.

Analyst 207
Empty university hallway with slightly ajar doors, computer terminals, and research equipment.

Chinese Hackers Exploit Google Workspace to Siphon Research and Defense Emails

Chinese hackers have been secretly siphoning off sensitive emails from research and defense organizations using a clever exploit of Google Workspace, with a long-running campaign that spanned over two years. The threat actors, tracked as UNC6508, used custom malware called INFINITERED to breach externally facing servers and steal valuable intel.

Analyst 207