cyberespionage
-
UAC-0063 leveraged trojanized legitimate documents from Kazakhstan’s Ministry of Foreign Affairs tackling the country’s diplomatic cooperation with other nations between 2021 and 2024 to facilitate the distribution of the Hatvibe and Cherryspy payloads, a report from Sekoia revealed.
-
MalBot December 12, 2024, 5:10pm 1 Attacks involved the exploitation of open-source and living-off-the-land tactics previously associated with Chinese advanced persistent threat groups, including the Rakshasa and Stowaway reverse proxy programs, the PlugX remote access trojan, and custom DLL files enabling login credential exfiltration, according to an analysis from the Symantec Threat Hunter Team.
-
Venom Spider leveraged the VenomLNK tool to facilitate initial access in both campaigns, the first of which involved the tool being used to show a decoy PNG image while executing RevC2, which enabled Chromium browser cookie and credential exfiltration, shell command execution, screenshot capturing, and traffic proxying, according to an analysis from Zscaler ThreatLabz.
-
Share this article
-
Insikt Group, the threat research division of Recorded Future, has uncovered a cyberespionage campaign attributed to TAG-110, a Russia-aligned threat activity group. This campaign, active since at least July 2024, has targeted organizations across eleven countries in Asia and Europe, with a primary focus on Central Asia.
-
Included in the Phobos-hit organizations that paid a ransom were a California public school system, a North Carolina children’s hospital, a Maryland-based accounting and consulting service provider, and health organizations in Pennsylvania and Maryland, revealed an unsealed indictment against suspected Phobos administrator Evgenii Ptitsyn.
-
Kaspersky Labs has unveiled an advanced malware framework, QSC, reportedly deployed by the CloudComputating group (also known as BackdoorDiplomacy). This sophisticated tool is built with a modular, plugin-based architecture that enables adaptation within targeted networks, particularly in the telecommunications sector across South and West Asia.
-
Introduction In 2021, we began to investigate an attack on the telecom industry in South Asia. During the investigation, we discovered QSC: a multi-plugin malware framework that loads and runs plugins (modules) in memory. The framework includes a Loader, a Core module, a Network module, a Command Shell module and a File Manager module. It…
-
Cybercrime , Fraud Management & Cybercrime , Incident & Breach Response
-
Chinese cyberespionage operation Evasive Panda, also known as Daggerfly, StormBamboo, and Bronze Highland, has targeted Taiwanese organizations with the novel CloudScout post-compromise toolset, which uses exfiltrated web session cookies to facilitate data retrieval from several cloud services, The Hacker News reports.
-
Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Video
-
Newly emergent China-linked threat operation Salt Typhoon has targeted major U.S. telecommunications providers AT&T, Lumen Technologies, and Verizon in attacks that reportedly involved the compromise of wiretap warrant requests in an effort to obtain intelligence, CNN reports.
-
Russian hacking group Callisto Group, also known as Star Blizzard, had 107 domains leveraged in cyberespionage operations dismantled by the U.S. Department of Justice and Microsoft, reports The Record, a news site by cybersecurity firm Recorded Future.
-
Aside from utilizing advanced machine learning models enabling application usage, data access rights, and security permissions management, GravityZone PHASR also leverages its endpoint security and risk analytics integration to identify organizations’ ideal attack surface configurations based on their user behaviors and known security threats.
-
Check Point Research (CPR) has uncovered a sophisticated cyberespionage campaign aimed at the Iraqi government, bearing the hallmarks of Iranian state-sponsored threat actors. This campaign, which has been ongoing for several months, bears the hallmarks of the notorious APT34 group, an Iranian cyber espionage group known to be affiliated with Iran’s Ministry of Intelligence and…
-
Comparable tactics, techniques, and procedures have been leveraged by North Korean threat group Konni, which has been tied to Kimsuky, in its escalating cyberespionage operations against Russia and South Korea, according to The Record, a news site by cybersecurity firm Recorded Future.
-
A newly identified threat cluster, dubbed TIDRONE, has been actively targeting the Taiwanese military and satellite industries since the beginning of 2024, according to a report from Trend Micro. Leveraging evolving tools and sophisticated techniques, this threat actor has demonstrated a particular interest in drone manufacturers, raising concerns about potential espionage and intellectual property theft.
-
In a recent report, cybersecurity researchers at Unit 42 have uncovered a novel and concerning tactic employed by the Chinese advanced persistent threat (APT) group Stately Taurus. This group, known for its cyberespionage campaigns targeting government entities in Southeast Asia, has been observed abusing the popular Visual Studio Code software to gain unauthorized access to…
-
More than 70 organizations worldwide, over half of which are in the education, transportation, insurance, and aerospace industries, have been targeted with the novel Voldermort backdoor as part of a suspected cyberespionage campaign since early last month, BleepingComputer reports.