Tag: apt
57 articles

GoSerpent Malware Targets Southeast Asian Governments for Espionage
A stealthy cyber threat, known as GoSerpent, has been secretly targeting Southeast Asian governments and diplomats since late 2025, with the goal of gathering sensitive intelligence. This sophisticated malware has been evolving, with a new set of malicious tools deployed as recently as May 2026.

ViPNet Update System Exploited in HelloNet APT Campaign
Kaspersky uncovered a sneaky APT campaign, HelloNet, that exploited the ViPNet Update System to spread malware, starting as far back as May 2026. The attackers cleverly used a malicious library to hijack the ViPNet updater, allowing them to siphon off sensitive info and clean up their tracks.

Chinese and Indian Spies Target Pakistani Police Systems
Suspected Chinese and Indian spies launched a targeted attack on Pakistani police systems, specifically focusing on the Balochistan Police, between February 2024 and April 2026. The intrusion campaigns compromised sensitive data, including biometric records, criminal case files, and national identity information.

China, India-Aligned Hackers Target Pakistani Law Enforcement in Espionage Campaigns
Cyber attackers have launched a stealthy espionage campaign targeting Pakistani law enforcement agencies, breaching sensitive data like biometric records, criminal files, and personnel info. The compromised assets included servers managing police and citizen data at organizations like Balochistan Police.

Chinese Spies Exploit Roundcube Flaw to Breach University Servers
A recent series of university server breaches, attributed to a group called UNK_MassTraction, has exposed vulnerabilities in North American higher-education institutions, with potentially dozens more affected. The breach, linked to a flaw in Roundcube, is believed to be an ongoing campaign.

Hackers Exploit Roundcube Flaw to Target Academic Researchers
A new wave of cyber attacks linked to China is targeting academic researchers in the US and Canada, specifically those in physics, engineering, and national security-related fields, by exploiting a vulnerability in Roundcube webmail servers. The campaign, tracked as 'UNK_MassTraction', has been ongoing since May and has already hit several universities.

China-Linked APT Bolsters Proxy Network with Custom Malware Arsenal
Meet UAT-7810, a China-linked advanced persistent threat that's rapidly expanding its proxy network with custom malware, allowing other attackers to hide their tracks and route traffic through compromised devices. This sophisticated operation, known as LapDogs, has been providing infrastructure for malicious activities for years.

China-Linked APT Expands ORB Network with LONGLEASH Malware
Meet UAT-7810, a Chinese threat actor with a mission to build and expand Operational Relay Box (ORB) networks, which can be hijacked by other malicious groups to launch targeted attacks on high-value targets. Their latest move involves deploying the LONGLEASH malware to supercharge their ORB network.

China-Aligned Hackers Exploit Roundcube Servers at US, Canada Universities
China-aligned hackers are targeting universities in the US and Canada, exploiting vulnerable Roundcube webmail servers to gain access to sensitive physics and engineering departments with potential national security links. This latest campaign highlights the ongoing threat of email-based attacks and the need for robust server security.

China-nexus Hackers Deploy DcRAT via Fake Indian Tax Utility
Cyber attackers with ties to China are pulling out all the stops to scam Indian taxpayers, using a sophisticated fake tax utility to deploy malware and pilfer sensitive info. Their precision-crafted phishing campaign, dubbed Operation DragonReturn, sends convincing emails and PDFs that even cite real laws to trick victims.

ToddyCat APT Exploits OAuth to Breach Gmail via Google API
Meet ToddyCat, a sneaky APT group that's been exploiting OAuth and the Google API to secretly breach corporate Gmail accounts since 2020. Their latest trick involves a cunning malware called Umbrij, which lets them hijack email communications with ease.

Kaspersky Exposes AsyncRAT Campaign Using ScreenConnect
Malicious actors have launched a massive campaign using fake software downloads to spread the AsyncRAT malware, disguising it as popular utilities like OBS Studio and DNS Jumper. Kaspersky uncovered over 90 spoofed domains in 10 languages, hinting at a sophisticated and widespread threat.

ToddyCat APT Group Exploits Google API for Email Access
Meet ToddyCat, a sneaky APT group that's taken automation to the next level with its new tool, Umbrij - allowing it to secretly tap into corporate email and cloud resources by exploiting Google API. This stealthy move has helped ToddyCat remain undetected by monitoring systems, leaving organizations vulnerable to attack.

Hackers Exploit Blockchain to Target Japan Hotels via Phishing
TrendAI Research uncovered a sneaky phishing campaign in late May 2026 that targeted hotel staff in Japan, cleverly disguising emails as guest complaints or review requests to trick employees into divulging sensitive info. The attackers stayed one step ahead, constantly updating their tactics to maximize their success.

Mustang Panda Exploits Zoho WorkDrive in Indian Government Attacks
Meet the sneaky hackers known as Mustang Panda, who've been using a clever trick to steal sensitive info from Indian government machines - by hiding in plain sight within legitimate cloud traffic on Zoho WorkDrive. Their covert operation went undetected for 10 days, blending in seamlessly with routine cloud activity.

China-Linked Hackers Deploy TinyRCT Backdoor in Southeast Asian Infrastructure Attacks
For years, a stealthy China-linked hacking group has been quietly targeting critical infrastructure in Southeast Asia, with a clear strategic interest in disrupting or monitoring key regional industries. Their sophisticated attacks have zeroed in on state-owned energy and government sectors, using a potent tool called the TinyRCT backdoor.

Turla Unveils STOCKSTAY Backdoor in Ukraine Espionage Campaigns
Russian hackers, specifically the state-sponsored group Turla, have unleashed a new and stealthy backdoor called STOCKSTAY in a recent espionage campaign targeting Ukraine. This sneaky malware uses a secure WebSocket connection to communicate with its command center, making it a formidable tool for cyber spies.

Iranian Hackers Exploit Credentials in Cal Water Breach
Cal Water swiftly sprang into action when an Iranian-linked group, Handala, claimed to have hacked their system, activating their cybersecurity response plan and launching a thorough investigation. Thankfully, experts from Mandiant found that the breach was limited to third-party accounts, containing no evidence of a larger-scale attack.

Hackers Exploit Cisco Zero-Day for High-Level Access at Telecom Provider
In a chilling cyberattack, hackers exploited a previously unknown Cisco zero-day vulnerability to gain unrestricted access to a major telecom provider's system, creating a rogue admin account with full control. The breach, detected in March, was carried out in two waves, allowing the attackers to infiltrate the provider's SD-WAN Manager devices.

Mandiant Exposes Cisco SD-WAN Zero-Day Attacks' Root Access Methods
Cisco's SD-WAN system was exploited in active attacks using a high-severity flaw, allowing hackers to create a rogue root account and take full control of targeted devices. This vulnerability, tracked as CVE-2026-20245, was triggered through a simple tenant-upload feature in the command-line interface.

SharkLoader Targets Global Entities with Cobalt Strike Deployment
Kaspersky researchers have uncovered a sophisticated campaign, dubbed StrikeShark, where hackers exploited vulnerabilities like ProxyLogon to deploy SharkLoader malware and gain access to high-stakes targets worldwide. The attackers used multiple publicly disclosed flaws to compromise internet-facing services, hitting diplomatic entities, software vendors, and more.

China-Linked Backdoor Expands to Windows with Kernel Stealth
A China-linked espionage group has unleashed a stealthy backdoor that infiltrates Windows systems, targeting government bodies in Honduras, Taiwan, Thailand, and Pakistan. The malware, known as SprySOCKS, boasts advanced espionage features and kernel-level stealth, making it a formidable threat.

Earth Lusca Expands Arsenal with Windows SprySOCKS Malware
Chinese threat actor Earth Lusca has upgraded its malware arsenal with Windows SprySOCKS, a sneaky tool that lets hackers secretly send commands to compromised devices, allowing them to fly under the radar. This latest move has been linked to a string of high-profile attacks on government organizations worldwide.

Chinese Hackers Exploit Google Workspace to Siphon Research and Defense Emails
Chinese hackers have been secretly siphoning off sensitive emails from research and defense organizations using a clever exploit of Google Workspace, with a long-running campaign that spanned over two years. The threat actors, tracked as UNC6508, used custom malware called INFINITERED to breach externally facing servers and steal valuable intel.