8 matches found
Kazuar: Anatomy of a nation-state botnet
In this article 1. Delivery 2. Module types 3. Botnet operations 4. Who is Secret Blizzard? 5. Mitigation and protection guidance 6. Microsoft Defender detections Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for...
SideWinder's Shifting Sands: Click Once for Espionage
SideWinder's Shifting Sands: Click Once for Espionage By Ernesto Fernández Provecho and Pham Duy Phuc · October 22, 2025 In September 2025, the Trellix Advanced Research Center ARC detected a campaign targeting a European embassy located in New Delhi, India. Further investigation led to the...
Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats
An Iran-nexus group has been linked to a "coordinated" and "multi-wave" spear-phishing campaign targeting the embassies and consulates in Europe and other regions across the world. The activity has been attributed by Israeli cybersecurity company Dream to Iranian-aligned operators connected to...
The Coordinated Embassy Hunt: Unmasking the DPRK-linked GitHub C2 Espionage Campaign
The Coordinated Embassy Hunt: Unmasking the DPRK-linked GitHub C2 Espionage Campaign By Pham Duy Phuc and Alex Lanstein · August 18, 2025 The Trellix Advanced Research Center uncovered a sophisticated espionage operation targeting diplomatic missions across several regions in South Korea during...
Chinese Hackers Use HTML Smuggling to Infiltrate European Ministries with PlugX
A Chinese nation-state group has been observed targeting Foreign Affairs ministries and embassies in Europe using HTML smuggling techniques to deliver the PlugX remote access trojan on compromised systems. Cybersecurity firm Check Point said the activity, dubbed SmugX, has been ongoing since at...
New China-based Group Expands Operations to Compromise Diplomatic Targets in South America
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The China-based cyber espionage group DEV-0147 has expanded its data exfiltration operations to include diplomatic targets in South America, in addition to targeting government agencies and think tanks in...
Turla APT Revamps One of Its Go-To Spy Tools
The Turla APT group has been spotted using an updated version of the ComRAT remote-access trojan RAT to attack governmental targets. Turla a.k.a. Snake, Venomous Bear, Waterbug or Uroboros, is a Russian-speaking threat actor known since 2014, but with roots that go back to 2004 and earlier,...
HTTP Status Codes Command This Malware How to Control Hacked Systems
A new version of COMpfun remote access trojan RAT has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe. The cyberespionage malware—traced to Turla APT with "medium-to-low level of confidence"...