China-linked TA413 group targets Tibetan entities with new backdoor

China-linked cyberespionage group TA413 exploits employ a never-before-undetected backdoor called LOWZERO in attacks aimed at Tibetan entities. A China-linked cyberespionage group, tracked as TA413 (aka LuckyCat), is exploiting recently disclosed flaws in Sophos Firewall (CVE-2022-1040) and Microsoft Office (CVE-2022-30190) to deploy a never-before-detected backdoor called LOWZERO in attacks aimed at Tibetan entities. The TA413 APT group is known to be focused […]

Continue Reading

Metador, a never-before-seen APT targeted ISPs and telco for about 2 years

A previously undetected hacking group, tracked as Metador, has been targeting telecommunications, internet services providers (ISPs), and universities for about two years. SentinelLabs researchers uncovered a never-before-seen threat actor, tracked as Metador, that primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and Africa. The experts pointed out that […]

Continue Reading

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Multiple security firms have reported that the Sandworm APT continues to target Ukraine with multiple means, including custom malware and botnet like Cyclops […]

Continue Reading

Russia-linked Gamaredon APT target Ukraine with a new info-stealer

Russia-linked Gamaredon APT targets employees of the Ukrainian government, defense, and law enforcement agencies with a custom information-stealing malware. Russia-linked Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, and Trident Ursa) is targeting employees of the Ukrainian government, defense, and law enforcement agencies with a piece of a custom-made information stealer implant. The malicious code was designed to […]

Continue Reading

Gamaredon APT targets Ukrainian government agencies in new campaign

By Asheer Malhotra and Guilherme Venere. Cisco Talos recently identified a new, ongoing campaign attributed to the Russia-linked Gamaredon APT that infects Ukrainian users with information-stealing malware. The adversary is using phishing documents containing lures related to the Russian invasion of Ukraine. LNK files, PowerShell and VBScript enable initial access, while malicious binaries are deployed […]

Continue Reading

Gamaredon APT targets Ukrainian government agencies in new campaign

By Asheer Malhotra and Guilherme Venere. Cisco Talos recently identified a new, ongoing campaign attributed to the Russia-linked Gamaredon APT that infects Ukrainian users with information-stealing malware. The adversary is using phishing documents containing lures related to the Russian invasion of Ukraine. LNK files, PowerShell and VBScript enable initial access, while malicious binaries are deployed […]

Continue Reading

Linux variant of the SideWalk backdoor discovered

ESET researchers have discovered a Linux variant of the SideWalk backdoor, one of the multiple custom implants used by the SparklingGoblin APT group. Commands with different or missing implementation in the Linux version of SideWalk Targeting a Hong Kong university This variant was first deployed against a Hong Kong university in February 2021 — the […]

Continue Reading

Iran-linked TA453 used new Multi-Persona Impersonation technique in recent attacks

Iran-linked threat actors target individuals specializing in Middle Eastern affairs, nuclear security and genome research. In mid-2022, Proofpoint researchers uncovered a cyberespionage campaign conducted by Iran-linked TA453 threat actors. The campaign aimed at individuals specializing in Middle Eastern affairs, nuclear security and genome research. Threat actors used at least two actor-controlled personas on a single […]

Continue Reading