Tag: apt
57 articles

Chinese Hackers Maintain Decade-Long Spy Operation in Isolated Network
Chinese hackers pulled off a stunning 10-year cyber-espionage heist, infiltrating a supposedly airtight network and gaining unfettered access to every login, command, and secret. The masterminds behind Operation Highland, linked to the Velvet Ant cluster, expertly embedded their digital fingerprints into the network's authentication process.

OceanLotus Targets Vietnam Investors with SPECTRALVIPER Backdoor
The notorious 15-year-old APT group, OceanLotus, is now setting its sights on Vietnam's investors with a cunning new backdoor attack called SPECTRALVIPER, showcasing their relentless adaptability and aggressive tactics. This latest move has left experts wondering if it's a temporary shift or a long-term strategy.

Russia-Aligned Groups Exploit WinRAR Flaw to Deploy Stealers in Ukraine
Despite a July 2025 patch, a vulnerability in WinRAR, known as CVE-2025-8088, continues to be exploited by Russia-aligned groups, including SHADOW-EARTH-066, to deploy stealers in Ukraine. This highlights the risks of unmanaged software leaving exploited entry points open long after a fix is released.

Android Malware NFCShare Targets Europe Banks via GitHub Updates
Malicious actors are using GitHub to spread new variants of the NFCShare Android malware, disguising them as banking app updates to target customers of European banks. Victims are first lured into downloading the malware through phishing sites that mimic real banks, where they're prompted to install a fake update.

Chinese APT Exploits New Malware to Prolong Network Access
A Chinese-linked espionage group, tracked as UNC5221 or VerdantBamboo, exploited new malware to secretly maintain access to US networks for over 18 months, evading detection by blending in with legitimate traffic. The attackers used a sophisticated backdoor called Brickstorm to prolong their stay undetected.

Gamaredon Exploits WinRAR Flaw to Deliver GammaWorm, GammaSteel Malware
Cyber attackers have cleverly exploited a WinRAR flaw to unleash a potent malware duo, GammaWorm and GammaSteel, with the goal of taking control of infected systems and executing malicious scripts. This sneaky tactic, spotted by French cybersecurity firm Sekoia, allows hackers to fingerprint host systems, manipulate network settings, and fetch additional payloads from command and control servers.

Cybersecurity Threats Target Election Campaign Systems
As the 2026 midterms approach, a new report warns that cybersecurity threats are increasingly targeting the online accounts, platforms, and websites used by election campaigns, donors, and voters, rather than voting machines or ballot-counting systems. This shift in focus allows attackers to exploit vulnerabilities and manipulate public perception with alarming ease and realism.

FSB-Linked Worm Exploits Windows Flaw to Evade Detection
Cyber attackers have cleverly exploited a known Windows flaw, CVE-2025-8088, to sneak a malicious payload into victims' systems, allowing them to gain access and lay the groundwork for further attacks. This stealthy move was uncovered by Sekoia, which tracked the initial access stage as GammaPhish.

Russia-Linked GREYVIBE Exploits AI in Ukraine Cyberattacks
Discover how the Russia-linked group GREYVIBE is using AI to launch sophisticated cyberattacks on Ukraine, leveraging tactics like spear-phishing emails and fake websites to spread malware. WithSecure researchers have tracked GREYVIBE's activities back to August 2025, revealing a pattern of attacks targeting Ukraine's military, government, and civilian sectors.

Chinese Hackers Exploit Middle East War to Target Energy, Maritime Firms
Chinese-aligned hackers are intensifying their attacks on maritime and energy companies in the Gulf region, exploiting the Middle East conflict to expand their espionage operations and gain a strategic advantage for Beijing. This alarming surge in cyber threats has been flagged by cybersecurity researchers at ESET.

MuddyWater Exploits DLL Side-Loading in Global Espionage Push
MuddyWater hackers have launched a massive global espionage campaign, infiltrating at least nine organizations across four continents by cleverly disguising malicious code as legitimate software. They used a sneaky trick called DLL side-loading to quietly steal credentials and browser data.

Russian Hackers Upgrade Kazuar Backdoor to Modular Botnet
Microsoft researchers have uncovered a significant upgrade to the Kazuar backdoor, transforming it into a modular peer-to-peer botnet by the notorious Russian hacker group, Secret Blizzard. This sophisticated tool has been used to target high-stakes organizations and critical systems across Europe, Asia, and Ukraine.

Turla Upgrades Kazuar Backdoor to Modular P2P Botnet
Microsoft's Threat Intelligence team has uncovered a significant upgrade to the Kazuar backdoor by the notorious Russian state-sponsored group Turla, now a modular P2P botnet designed for long-term intelligence collection. This move enables Turla to maintain a persistent grip on compromised systems.

Kimsuky APT Expands Arsenal with Advanced PebbleDash Malware Tools
Kimsuky's malware arsenal just got a major boost with the addition of advanced PebbleDash tools, allowing the group to infiltrate systems with even more sophisticated tactics. Their latest campaign uses clever spear-phishing and malicious attachments to catch victims off guard.

Mustang Panda Unveils Modular FDMTP Backdoor in Cyberespionage Push
Cyberespionage groups like Mustang Panda are constantly evolving their tactics, and a recent campaign has seen the emergence of a modular backdoor that allows attackers to adapt and persist in compromised environments. This sophisticated tool enables hackers to blend in with legitimate processes, making it a major concern for security experts.

Ghostwriter Launches Geofenced PDF Phishing Against Ukraine Government
Meet FrostyNeighbor, a Belarus-aligned threat actor that's been wreaking havoc since 2016 with sophisticated cyber espionage and influence operations targeting Ukraine and beyond. This adaptive group has earned a reputation for evolving its tactics, using diverse lures and delivery mechanisms to stay one step ahead.

KongTuke Hackers Exploit Microsoft Teams for Rapid Corporate Breaches
KongTuke hackers have found a lightning-fast way to breach corporations, exploiting Microsoft Teams to go from initial contact to persistent foothold in under five minutes. This alarming new tactic is part of KongTuke's evolving social engineering toolkit, complementing its previous web-based attacks.

Iran-Linked APT Exploits Ransomware Disguise for Espionage
MuddyWater, an Iran-linked APT group, has been caught exploiting a ransomware disguise to secretly infiltrate systems, using interactive tactics to harvest credentials and gain internal access. By masquerading as a Chaos ransomware affiliate, the group aimed to throw off detectives and cover its espionage tracks.

MuddyWater hackers exploit Chaos ransomware as cyber-espionage decoy
MuddyWater hackers have cleverly used Chaos ransomware as a decoy to mask their true intentions - and it's not about making a quick buck. Instead, their tactics suggest a more sinister goal, blurring the lines between state-sponsored espionage and cybercrime.

China-Linked UAT-8302 Exploits Shared Malware to Target Global Governments
Meet UAT-8302, a sophisticated China-linked threat group that's been secretly targeting governments worldwide, deploying custom malware to infiltrate and gather intel. Its recent attacks have hit government entities in South America and southeastern Europe, raising global cybersecurity concerns.

North Korean Hackers Infiltrate Android Games to Spy on Defectors
Security researchers at Eset stumbled upon a sneaky plot by North Korean hackers, who infiltrated popular Android games to spy on defectors by hiding a backdoor called BirdCall in the apps. The malicious code was cleverly disguised in game files available for download on a regional gaming platform's official website.

Silver Fox APT Targets Russia, India with ABCDoor Backdoor
Over 1,600 malicious emails, disguised as tax-audit notices, were sent to targets in India and Russia between January and February 2026, aiming to trick recipients into downloading a backdoor or clicking on a malicious link. The cleverly crafted phishing campaign unfolded in two waves, using PDFs and archives to spread the ABCDoor backdoor.

Novel Chinese Spy Group Infiltrates Critical Networks in Poland, Asia
A recent investigation by TrendAI has uncovered a concerning China-linked espionage campaign, with a novel spy group infiltrating over a dozen critical networks across Poland and Asia, leaving behind a lingering threat that's experts' biggest worry. The threat group, tracked as Shadow-Earth-053, has been actively compromising networks since December 2024.

China Hacker Extradited Over Silk Typhoon Cyber Attacks
In a major breakthrough, 34-year-old Chinese national Xu Zewei has been extradited to the US to face charges for his alleged role in the massive Silk Typhoon cyber attacks that hit over 12,700 US organizations. Xu appeared in a Houston federal court over the weekend, facing serious charges including wire fraud, unauthorized computer access, and identity theft.