Today > | 1 Medium vulnerabilities - You can now download lists of IOCs here!
9 attack reports | 0 vulnerabilities
ESET researchers have discovered previously unknown Linux backdoors attributed to the China-aligned Gelsemium APT group. The main backdoor, named WolfsBane, is the Linux equivalent of Gelsemium's Gelsevirine backdoor for Windows. Another backdoor, FireWood, is connected to the group's Project Wood …
ESET researchers uncovered two distinct toolsets used by the GoldenJackal APT group to breach air-gapped systems in government organizations. The first toolset, observed in 2019, included GoldenDealer for delivering executables via USB drives, GoldenHowl as a modular backdoor, and GoldenRobo for fi…
CloudScout is a post-compromise toolset used by Evasive Panda to target a Taiwanese government entity and religious organization between 2022 and 2023. The toolset can retrieve data from various cloud services using stolen web session cookies. It works with MgBot, Evasive Panda's malware framework,…
Cyble Research and Intelligence Labs uncovered an ongoing cyberattack campaign utilizing malicious LNK files to gain unauthorized Remote Desktop access on compromised systems. The sophisticated multi-stage attack chain employs PowerShell and BAT scripts to evade detection, create administrative acc…
The report details a campaign by the Chinese advanced persistent threat (APT) group Stately Taurus, which carried out cyberespionage operations against government entities in Southeast Asia. The group employed a novel technique that leveraged the reverse shell feature of Visual Studio Code to gain …
An analysis identified a suspected cyber espionage campaign by TAG-100, a threat group exploiting internet-facing devices and utilizing open-source tools like the Go backdoor Pantegana. The campaign compromised two Asia-Pacific intergovernmental organizations and targeted multiple diplomatic, trade…
Sophos Managed Detection and Response initiated a threat hunt across customers after detecting abuse of a vulnerable VMware executable. The hunt uncovered a complex, persistent cyberespionage campaign by Chinese state-sponsored actors targeting a high-profile government organization in Southeast As…
An analysis reveals long-term espionage operations by a Chinese advanced persistent threat (APT) group against at least seven governmental entities across the Middle East, Africa and Asia since late 2022. The threat actor attempts to obtain sensitive and classified information about diplomatic and …
This comprehensive analysis delves into the continuous evolution and refinement of sophisticated malware entities employed by a persistent cyberespionage group targeting organizations in the Asia-Pacific region. The malware, known as Waterbear and its latest iteration, Deuterbear, have undergone si…