Tag : apt

20 attack reports | 0 vulnerabilities

Attack Reports

Title Published Tags Description Number of indicators
Analysis of Suspected APT Attack Activities by “Silver Fox” July 10, 2024, 10:19 a.m. This document examines the recent activities of the Silver Fox cybercrime group, which has traditionally targeted financial and t… 7
Exposing Attack Operations Utilizing PyPI Against Windows, Linux and macOS Platforms July 8, 2024, 10:50 a.m. The report details the APT-C-26 (Lazarus) group's recent attack campaign utilizing malicious Python packages hosted on the PyPI r… 28
espionage group targets government agencies with and more infection techniques June 24, 2024, 8:11 a.m. A recently discovered threat actor, dubbed 'SneakyChef,' has been conducting an ongoing espionage campaign targeting government a… 148
FHAPPI Campaign APT10 FreeHosting APT PowerSploit Poison Ivy June 19, 2024, 7:24 a.m. This analysis details a malicious campaign dubbed 'FHAPPI' by the researcher, which utilized compromised Geocities Japan accounts… 5
Keylogger Installed Using MS Office Equation Editor Vulnerability (Kimsuky) June 13, 2024, 10:14 a.m. This technical analysis examines a campaign by the Kimsuky threat group that exploited a vulnerability (CVE-2017-11882) in the Mi… 0
APT Attacks Using Cloud Storage June 11, 2024, 10:09 a.m. The report describes a malicious campaign where threat actors utilize cloud services like Google Drive, OneDrive, and Dropbox to … 1
SmallTiger Malware Used in Attacks Against South Korean Businesses (Kimsuky and Andariel) June 11, 2024, 10:04 a.m. This report details a series of attacks targeting South Korean companies, particularly defense contractors, automobile part manuf… 19
Operation ControlPlug: Targeted attack campaign using MSC files June 6, 2024, 2:55 p.m. An investigation revealed that the threat group DarkPeony, also known as Operation ControlPlug, employed a novel technique involv… 14
Hellhounds: Operation Lahat May 28, 2024, 11:28 a.m. A group called Hellhounds has continued attacking Russian organizations into 2024 using various techniques to compromise infrastr… 73
Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea May 24, 2024, 8:21 a.m. An investigation by Bitdefender Labs uncovered a previously unidentified cyber threat actor called Unfading Sea Haze. This group … 47
Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages May 24, 2024, 7:49 a.m. BlackBerry discovered the Pakistani-based advanced persistent threat group Transparent Tribe (APT36) targeting the Indian governm… 97
APT attack discovered using Facebook and MS management console (Attack signs detected targeting Korea and Japan) May 21, 2024, 11:15 a.m. A threat actor impersonated a North Korean human rights official on Facebook and approached targets. They shared malicious URLs d… 46
Master of Puppets: Uncovering the pro-Russian influence campaign May 21, 2024, 8:22 a.m. The DoppelGänger campaign is an ongoing influence operation attributed to Russian entities Structura and the Social Design Agency… 588
Analysis of APT attack cases targeting domestic companies using Dora RAT (Andariel Group) May 20, 2024, 10:20 a.m. AhnLab Security Intelligence Center (ASEC) recently confirmed that the Andariel group carried out APT attacks on domestic compani… 10
Deserialization of VIEWSTATE: how an “unpatched” vulnerability plays into the hands of pro-government groups May 20, 2024, 10:05 a.m. At the end of 2023, the Solar 4RAYS team was investigating an attack on a Russian telecom company by an Asian advanced persistent… 9
To the Moon and back(doors): Lunar landing in diplomatic missions May 16, 2024, 9:35 a.m. ESET researchers discovered two previously unknown backdoors – LunarWeb and LunarMail – compromising a European ministry of forei… 12
The Overlapping Cyber Strategies Of Transparent Tribe And SideCopy Against India May 15, 2024, 3:16 p.m. CRIL's analysis revealed SideCopy APT group's sophisticated malware campaign, employing malicious LNK files and a complex infecti… 21
Untangling Iran's APT42 Operations May 3, 2024, 9:36 a.m. APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim ne… 160
Analysis of APT Group's Use of Malicious LNK Files to Deliver RokRat Attack April 29, 2024, 6:40 p.m. The report details a recent cyber attack campaign by the APT-C-28 (ScarCruft) group, known for targeting organizations in Korea a… 3
Uncorking Old Wine: Zero-Day from 2017 + Loader in Unholy Alliance April 29, 2024, 5:51 p.m. An analysis uncovered a suspected malicious campaign targeting entities in Ukraine. The attack employed an old vulnerability from… 6