Skip to main content

Tag: apt

57 articles

Dimly lit control room with computer screens and industrial systems hinting at hidden network presence.

Chinese Hackers Maintain Decade-Long Spy Operation in Isolated Network

Chinese hackers pulled off a stunning 10-year cyber-espionage heist, infiltrating a supposedly airtight network and gaining unfettered access to every login, command, and secret. The masterminds behind Operation Highland, linked to the Velvet Ant cluster, expertly embedded their digital fingerprints into the network's authentication process.

Analyst 207
Busy office in Vietnam with cityscape view and people working at desks.

OceanLotus Targets Vietnam Investors with SPECTRALVIPER Backdoor

The notorious 15-year-old APT group, OceanLotus, is now setting its sights on Vietnam's investors with a cunning new backdoor attack called SPECTRALVIPER, showcasing their relentless adaptability and aggressive tactics. This latest move has left experts wondering if it's a temporary shift or a long-term strategy.

Analyst 207
Worn computer workstation in a cluttered Ukrainian office with outdated software visible on the monitor.

Russia-Aligned Groups Exploit WinRAR Flaw to Deploy Stealers in Ukraine

Despite a July 2025 patch, a vulnerability in WinRAR, known as CVE-2025-8088, continues to be exploited by Russia-aligned groups, including SHADOW-EARTH-066, to deploy stealers in Ukraine. This highlights the risks of unmanaged software leaving exploited entry points open long after a fix is released.

Analyst 207
Person sits at laptop in European café, face downcast, with blurred cityscape and bank storefront in background.

Android Malware NFCShare Targets Europe Banks via GitHub Updates

Malicious actors are using GitHub to spread new variants of the NFCShare Android malware, disguising them as banking app updates to target customers of European banks. Victims are first lured into downloading the malware through phishing sites that mimic real banks, where they're prompted to install a fake update.

Analyst 207
Rows of equipment racks and patch panels in a brightly-lit office network closet.

Chinese APT Exploits New Malware to Prolong Network Access

A Chinese-linked espionage group, tracked as UNC5221 or VerdantBamboo, exploited new malware to secretly maintain access to US networks for over 18 months, evading detection by blending in with legitimate traffic. The attackers used a sophisticated backdoor called Brickstorm to prolong their stay undetected.

Analyst 207
Cluttered office desk with laptop, router, and papers, softly glowing in a cityscape-lit room.

Gamaredon Exploits WinRAR Flaw to Deliver GammaWorm, GammaSteel Malware

Cyber attackers have cleverly exploited a WinRAR flaw to unleash a potent malware duo, GammaWorm and GammaSteel, with the goal of taking control of infected systems and executing malicious scripts. This sneaky tactic, spotted by French cybersecurity firm Sekoia, allows hackers to fingerprint host systems, manipulate network settings, and fetch additional payloads from command and control servers.

Analyst 207
Campaign office with computers, phones, and papers on a desk near a window overlooking a blurred cityscape.

Cybersecurity Threats Target Election Campaign Systems

As the 2026 midterms approach, a new report warns that cybersecurity threats are increasingly targeting the online accounts, platforms, and websites used by election campaigns, donors, and voters, rather than voting machines or ballot-counting systems. This shift in focus allows attackers to exploit vulnerabilities and manipulate public perception with alarming ease and realism.

Analyst 207
Windows desktop with File Explorer partially open, showing blurred files and a hint of a hidden folder in the background.

FSB-Linked Worm Exploits Windows Flaw to Evade Detection

Cyber attackers have cleverly exploited a known Windows flaw, CVE-2025-8088, to sneak a malicious payload into victims' systems, allowing them to gain access and lay the groundwork for further attacks. This stealthy move was uncovered by Sekoia, which tracked the initial access stage as GammaPhish.

Analyst 207
Laptop on a cluttered wooden desk in a small Ukrainian office with blurred screen.

Russia-Linked GREYVIBE Exploits AI in Ukraine Cyberattacks

Discover how the Russia-linked group GREYVIBE is using AI to launch sophisticated cyberattacks on Ukraine, leveraging tactics like spear-phishing emails and fake websites to spread malware. WithSecure researchers have tracked GREYVIBE's activities back to August 2025, revealing a pattern of attacks targeting Ukraine's military, government, and civilian sectors.

Analyst 207
Workers inspect a shipping container at a busy Gulf port with cargo ships and cranes in the background.

Chinese Hackers Exploit Middle East War to Target Energy, Maritime Firms

Chinese-aligned hackers are intensifying their attacks on maritime and energy companies in the Gulf region, exploiting the Middle East conflict to expand their espionage operations and gain a strategic advantage for Beijing. This alarming surge in cyber threats has been flagged by cybersecurity researchers at ESET.

Analyst 207
Close-up of computer circuit board with exposed casing revealing abstract malicious code in background.

MuddyWater Exploits DLL Side-Loading in Global Espionage Push

MuddyWater hackers have launched a massive global espionage campaign, infiltrating at least nine organizations across four continents by cleverly disguising malicious code as legitimate software. They used a sneaky trick called DLL side-loading to quietly steal credentials and browser data.

Analyst 207
Dimly lit server room with rows of computer servers and networking equipment, suggesting a compromised environment.

Russian Hackers Upgrade Kazuar Backdoor to Modular Botnet

Microsoft researchers have uncovered a significant upgrade to the Kazuar backdoor, transforming it into a modular peer-to-peer botnet by the notorious Russian hacker group, Secret Blizzard. This sophisticated tool has been used to target high-stakes organizations and critical systems across Europe, Asia, and Ukraine.

Analyst 207
Rows of rack-mounted computer equipment and cables in a neutral-colored server room.

Turla Upgrades Kazuar Backdoor to Modular P2P Botnet

Microsoft's Threat Intelligence team has uncovered a significant upgrade to the Kazuar backdoor by the notorious Russian state-sponsored group Turla, now a modular P2P botnet designed for long-term intelligence collection. This move enables Turla to maintain a persistent grip on compromised systems.

Analyst 207
Cluttered office desk with laptop and scattered papers near a bright window.

Kimsuky APT Expands Arsenal with Advanced PebbleDash Malware Tools

Kimsuky's malware arsenal just got a major boost with the addition of advanced PebbleDash tools, allowing the group to infiltrate systems with even more sophisticated tactics. Their latest campaign uses clever spear-phishing and malicious attachments to catch victims off guard.

Analyst 207
Rows of computer workstations and monitors display code and network diagrams in a brightly-lit cybersecurity research…

Mustang Panda Unveils Modular FDMTP Backdoor in Cyberespionage Push

Cyberespionage groups like Mustang Panda are constantly evolving their tactics, and a recent campaign has seen the emergence of a modular backdoor that allows attackers to adapt and persist in compromised environments. This sophisticated tool enables hackers to blend in with legitimate processes, making it a major concern for security experts.

Analyst 207
Government building in Ukraine with a sense of unease, document on desk.

Ghostwriter Launches Geofenced PDF Phishing Against Ukraine Government

Meet FrostyNeighbor, a Belarus-aligned threat actor that's been wreaking havoc since 2016 with sophisticated cyber espionage and influence operations targeting Ukraine and beyond. This adaptive group has earned a reputation for evolving its tactics, using diverse lures and delivery mechanisms to stay one step ahead.

Analyst 207
Person sitting at desk with laptop showing Microsoft Teams, surrounded by office equipment and cityscape through window.

KongTuke Hackers Exploit Microsoft Teams for Rapid Corporate Breaches

KongTuke hackers have found a lightning-fast way to breach corporations, exploiting Microsoft Teams to go from initial contact to persistent foothold in under five minutes. This alarming new tactic is part of KongTuke's evolving social engineering toolkit, complementing its previous web-based attacks.

Analyst 207
Brightly-lit office interior with subtle Middle Eastern architectural influence, laptop screen in foreground.

Iran-Linked APT Exploits Ransomware Disguise for Espionage

MuddyWater, an Iran-linked APT group, has been caught exploiting a ransomware disguise to secretly infiltrate systems, using interactive tactics to harvest credentials and gain internal access. By masquerading as a Chaos ransomware affiliate, the group aimed to throw off detectives and cover its espionage tracks.

Analyst 207
Modern office interior with subtle hints of cyber activity in the background.

MuddyWater hackers exploit Chaos ransomware as cyber-espionage decoy

MuddyWater hackers have cleverly used Chaos ransomware as a decoy to mask their true intentions - and it's not about making a quick buck. Instead, their tactics suggest a more sinister goal, blurring the lines between state-sponsored espionage and cybercrime.

Analyst 207
Formal government building exterior with architectural columns and facade details.

China-Linked UAT-8302 Exploits Shared Malware to Target Global Governments

Meet UAT-8302, a sophisticated China-linked threat group that's been secretly targeting governments worldwide, deploying custom malware to infiltrate and gather intel. Its recent attacks have hit government entities in South America and southeastern Europe, raising global cybersecurity concerns.

Analyst 207
Smartphone on a cluttered gaming desk with blurred Android game interface.

North Korean Hackers Infiltrate Android Games to Spy on Defectors

Security researchers at Eset stumbled upon a sneaky plot by North Korean hackers, who infiltrated popular Android games to spy on defectors by hiding a backdoor called BirdCall in the apps. The malicious code was cleverly disguised in game files available for download on a regional gaming platform's official website.

Analyst 207
A cluttered office workspace with laptop and papers on a desk in a brightly-lit room.

Silver Fox APT Targets Russia, India with ABCDoor Backdoor

Over 1,600 malicious emails, disguised as tax-audit notices, were sent to targets in India and Russia between January and February 2026, aiming to trick recipients into downloading a backdoor or clicking on a malicious link. The cleverly crafted phishing campaign unfolded in two waves, using PDFs and archives to spread the ABCDoor backdoor.

Analyst 207
Rows of equipment and monitors line the walls of a network operations center, with technicians working in the background.

Novel Chinese Spy Group Infiltrates Critical Networks in Poland, Asia

A recent investigation by TrendAI has uncovered a concerning China-linked espionage campaign, with a novel spy group infiltrating over a dozen critical networks across Poland and Asia, leaving behind a lingering threat that's experts' biggest worry. The threat group, tracked as Shadow-Earth-053, has been actively compromising networks since December 2024.

Analyst 207
Person walks into a courtroom with a blurred government seal in the background.

China Hacker Extradited Over Silk Typhoon Cyber Attacks

In a major breakthrough, 34-year-old Chinese national Xu Zewei has been extradited to the US to face charges for his alleged role in the massive Silk Typhoon cyber attacks that hit over 12,700 US organizations. Xu appeared in a Houston federal court over the weekend, facing serious charges including wire fraud, unauthorized computer access, and identity theft.

Analyst 207