Tag: state-sponsored

2 Attack Reports | 0 Vulnerabilities

Attack reports

China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike

A Chinese state-sponsored threat group, TAG-112, has compromised two Tibetan websites to deliver Cobalt Strike malware. The attackers embedded malicious JavaScript in the sites, spoofing a TLS certificate error to trick visitors into downloading a disguised security certificate. This campaign highl…
state-sponsored
cobalt strike
cyber-espionage
2024-11-13
china-nexus
tibetan websites
joomla vulnerabilities
tls certificate spoofing
evasive panda
tag-102
Published: November 13, 2024
Downloadable IOCs: 19

Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

This advisory outlines the activities of an Iran-based cyber threat group that has conducted numerous intrusions against organizations in the United States and other countries since 2017, with the goal of obtaining network access to facilitate ransomware attacks. The group, known by various names s…
ransomware
state-sponsored
credential-theft
blackcat
alphv
CVE-2024-3400
iran
CVE-2024-21887
CVE-2024-24919
noberus
2024-08-28
webshells
CVE-2022-1388
CVE-2023-3519
noescape
ransomhouse
CVE-2019-19781
Published: August 28, 2024
Downloadable IOCs: 33
Click here to see more Attack Reports