Lucene search
K

31 matches found

Microsoft Secure
Microsoft Secure
added 2026/05/14 3:0 p.m.13 views

Kazuar: Anatomy of a nation-state botnet

In this article 1. Delivery 2. Module types 3. Botnet operations 4. Who is Secret Blizzard? 5. Mitigation and protection guidance 6. Microsoft Defender detections Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for...

6.1AI score
Exploits0
Securelist
Securelist
added 2025/12/19 10:0 a.m.11 views

Cloud Atlas activity in the first half of 2025: what changed

Known since 2014, the Cloud Atlas group targets countries in Eastern Europe and Central Asia. Infections occur via phishing emails containing a malicious document that exploits an old vulnerability in the Microsoft Office Equation Editor process CVE-2018-0802 to download and execute malicious cod...

9.3CVSS8.8AI score0.93289EPSS
Exploits7
Talos Blog
Talos Blog
added 2025/09/23 6:0 p.m.9 views

How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking

Cisco Talos discovered a new campaign active since 2022, targeting the telecommunications and manufacturing sectors in Central and South Asian countries, delivering a new variant of PlugX. Talos discovered that the new variant's features overlap with both the RainyDay and Turian backdoors,...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/08/27 1:47 p.m.14 views

ShadowSilk Hits 35 Organizations in Central Asia and APAC Using Telegram Bots

A threat activity cluster known as ShadowSilk has been attributed to a fresh set of attacks targeting government entities within Central Asia and Asia-Pacific APAC. According to Group-IB, nearly three dozen victims have been identified, with the intrusions mainly geared towards data exfiltration...

9.9CVSS8.8AI score0.99993EPSS
Exploits62
The Hacker News
The Hacker News
added 2025/01/29 5:52 a.m.11 views

UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents

The advanced persistent threat APT group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE. "This research focuses on completing the picture of UAC-0063's...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/01/14 9:10 a.m.6 views

Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware

Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather economic and political intelligence in Central Asia. The campaign has been assessed to be the work of an intrusion set dubbed UAC-0063 , which...

7.7AI score
Exploits0
Securelist
Securelist
added 2024/12/23 10:0 a.m.41 views

Cloud Atlas seen using a new tool in its attacks

Introduction Known since 2014, Cloud Atlas targets Eastern Europe and Central Asia. We're shedding light on a previously undocumented toolset, which the group used heavily in 2024. Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formul...

7.8CVSS8.4AI score0.93289EPSS
Exploits7
The Hacker News
The Hacker News
added 2024/11/22 4:59 p.m.8 views

Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia

Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe. Recorded Future's Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer...

6.9AI score
Exploits0
HackRead
HackRead
added 2024/09/13 3:58 p.m.13 views

New Android Malware Ajina.Banker Steals 2FA Codes, Spreads via Telegram

A new Android malware called Trojan Ajina.Banker is targeting Central Asia - Discover how this malicious malware disguises…...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/09/12 4:12 p.m.13 views

New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram

Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2023 with the goal of harvesting financial information and intercepting two-factor authentication 2FA messages. Singapore-headquartered Group-IB, which...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/03/18 5:59 a.m.104 views

APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme

The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations NGOs in Europe, the South Caucasus, Central Asia, and North and South America. "The uncovered lures include a...

9.8CVSS9.3AI score0.97408EPSS
Exploits18
The Hacker News
The Hacker News
added 2023/06/15 9:0 a.m.3 views

Microsoft Warns of New Russian State-Sponsored Hacker Group with Destructive Intent

Microsoft on Wednesday took the lid off a "novel and distinct Russian threat actor," which it said is linked to the General Staff Main Intelligence Directorate GRU and has a "relatively low success rate." The tech giant's Threat Intelligence team, which was previously tracking the group under its...

6.5AI score
Exploits0
hivepro
hivepro
added 2023/05/11 1:23 p.m.14 views

New DownEx Malware Campaign Targets Foreign Government Institutions in Central Asia

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The DownEx malware was discovered in a cyberattack on government institutions in Kazakhstan and Afghanistan in 2022, likely with state sponsorship. The attackers used spear-phishing emails to infiltrate...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/10 1:5 p.m.36 views

Sophisticated DownEx Malware Campaign Targeting Central Asian Governments

Government organizations in Central Asia are the target of a sophisticated espionage campaign that leverages a previously undocumented strain of malware dubbed DownEx. Bitdefender, in a report shared with The Hacker News, said the activity remains active, with evidence likely pointing to the...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/10 1:5 p.m.2 views

Sophisticated DownEx Malware Campaign Targeting Central Asian Governments

Government organizations in Central Asia are the target of a sophisticated espionage campaign that leverages a previously undocumented strain of malware dubbed DownEx. Bitdefender, in a report shared with The Hacker News, said the activity remains active, with evidence likely pointing to the...

6.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/04/25 5:44 p.m.11 views

central-asia.lt Cross Site Scripting vulnerability OBB-3275051

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/24 2:0 p.m.28 views

Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering

The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. "Tomiris's endgame consistently appears to be the regular theft of internal documents," security researchers Pierre Delcher an...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/24 2:0 p.m.3 views

Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering

The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. "Tomiris's endgame consistently appears to be the regular theft of internal documents," security researchers Pierre Delcher an...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/12 11:58 a.m.2 views

Israel-based Spyware Firm QuaDream Targets High-Risk iPhones with Zero-Click Exploit

Threat actors using hacking tools from an Israeli surveillanceware vendor named QuaDream targeted at least five members of civil society in North America, Central Asia, Southeast Asia, Europe, and the Middle East. According to findings from a group of researchers from the Citizen Lab, the spyware...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/23 7:46 a.m.40 views

Meta Takes Down Fake Facebook and Instagram Accounts Linked to Pro-U.S. Influence Operation

Meta Platforms on Tuesday said it took down a network of accounts and pages across Facebook and Instagram that were operated by people associated with the U.S. military to spread narratives that depicted the country in a favorable light in the Middle East and Central Asia. The network, which...

0.9AI score
Exploits0
Rows per page
Query Builder