Nov 25, 2023NewsroomCyber Attack / Threat Intelligence An unspecified government entity in Afghanistan was targeted by a previously undocumented web shell called HrServ in what's suspected to be an advanced persistent threat (APT) attack. The web shell, a dynamic-link library (DLL) named "hrserv.dll," exhibits "sophisticated features such as custom encoding methods for client … [Read more...] about New ‘HrServ.dll’ Web Shell Detected in APT Attack Targeting Afghan Government
apt
New Emerging APT Threat Exploiting WinRAR Flaw
Nov 16, 2023NewsroomAdvanced Persistent Threat / Zero-Day A hacking group that leveraged a recently disclosed security flaw in the WinRAR software as a zero-day has now been categorized as an entirely new advanced persistent threat (APT). Cybersecurity company NSFOCUS has described DarkCasino as an "economically motivated" actor that first came to light in 2021. "DarkCasino … [Read more...] about New Emerging APT Threat Exploiting WinRAR Flaw
Iranian APT Group OilRig Using New Menorah Malware for Covert Operations
Sep 30, 2023THNCyber Espionage / Malware Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files from the machine, and downloading another file or … [Read more...] about Iranian APT Group OilRig Using New Menorah Malware for Covert Operations
Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks
May 31, 2023Ravie LakshmananAdvanced Persistent Threat The threat actor known as Dark Pink has been linked to five new attacks aimed at various entities in Belgium, Brunei, Indonesia, Thailand, and Vietnam between February 2022 and April 2023. This includes educational entities, government agencies, military bodies, and non-profit organizations, indicating the adversarial … [Read more...] about Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks
Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry
May 06, 2023Ravie LakshmananAdvanced Persistent Threat An advanced persistent threat (APT) actor known as Dragon Breath has been observed adding new layers of complexity to its attacks by adopting a novel DLL side-loading mechanism. "The attack is based on a classic side-loading attack, consisting of a clean application, a malicious loader, and an encrypted payload, with … [Read more...] about Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry
Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials
The advanced persistent threat known as Winter Vivern has been linked to campaigns targeting government officials in India, Lithuania, Slovakia, and the Vatican since 2021. The activity targeted Polish government agencies, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign Affairs, and individuals within the Indian government, SentinelOne said in a report … [Read more...] about Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials
Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company
Mar 15, 2023Ravie LakshmananCyber Attack / Data Safety A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss prevention (DLP) company that caters to government and military entities. "The attackers compromised the DLP company's internal update servers to deliver malware inside the software developer's network, … [Read more...] about Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
Dec 28, 2022Ravie LakshmananMalware / Windows Security Microsoft's decision to block Visual Basic for Applications (VBA) macros by default for Office files downloaded from the internet has led many threat actors to improvise their attack chains in recent months. Now according to Cisco Talos, advanced persistent threat (APT) actors and commodity malware families alike are … [Read more...] about APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia
An espionage-focused threat actor known for targeting China, Pakistan, and Saudi Arabia has expanded to set its sights on Bangladeshi government organizations as part of an ongoing campaign that commenced in August 2021. Cybersecurity firm Cisco Talos attributed the activity with moderate confidence to a hacking group dubbed the Bitter APT based on overlaps in the … [Read more...] about Bitter APT Hackers Add Bangladesh to Their List of Targets in South Asia
U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware
The U.S. government on Wednesday warned of nation-state actors deploying specialized malware to maintain access to industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices. "The APT actors have developed custom-made tools for targeting ICS/SCADA devices," multiple U.S. agencies said in an alert. "The tools enable them to scan for, … [Read more...] about U.S. Warns of APT Hackers Targeting ICS/SCADA Systems with Specialized Malware