Lucene search
K

50 matches found

The Hacker News
The Hacker News
added 2026/05/15 5:10 p.m.18 views

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer P2P botnet that's engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Agency CISA, is assess...

5.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/05/14 3:0 p.m.13 views

Kazuar: Anatomy of a nation-state botnet

In this article 1. Delivery 2. Module types 3. Botnet operations 4. Who is Secret Blizzard? 5. Mitigation and protection guidance 6. Microsoft Defender detections Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for...

6.1AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/05/14 3:0 p.m.13 views

Kazuar: Anatomy of a nation-state botnet

In this article 1. Delivery 2. Module types 3. Botnet operations 4. Who is Secret Blizzard? 5. Mitigation and protection guidance 6. Microsoft Defender detections Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/05 2:19 p.m.11 views

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

A sophisticated China-nexus advanced persistent threat APT group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under the moniker UAT-8302 ,...

6AI score
Exploits0
Talos Blog
Talos Blog
added 2026/05/05 10:0 a.m.10 views

UAT-8302 and its box full of malware

Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat APT group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. After successful compromises, UAT-8302 deploys multiple custom-made...

8.8CVSS7.4AI score0.27426EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/05/04 9:27 a.m.13 views

Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks

A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers MSPs and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting the recently disclosed...

9.8CVSS6.4AI score0.981EPSS
Exploits64
The Hacker News
The Hacker News
added 2026/04/16 6:20 a.m.8 views

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

The Computer Emergencies Response Team of Ukraine CERT-UA has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from Chromium-based web browsers and...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/04 8:14 a.m.9 views

APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2

Cybersecurity researchers have disclosed details of an advanced persistent threat APT group dubbed Silver Dragon that has been linked to cyber attacks targeting entities in Europe and Southeast Asia since at least mid-2024. "Silver Dragon gains its initial access by exploiting public-facing...

6.3AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/03 9:20 a.m.9 views

Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal of...

6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/02 7:29 p.m.10 views

OAuth redirection abuse enables phishing and malware delivery

Microsoft observed phishing-led exploitation of OAuth’s by-design redirection mechanisms. The activity targets government and public-sector organizations and uses silent OAuth authentication flows and intentionally invalid scopes to redirect victims to attacker-controlled infrastructure without...

6.2AI score
Exploits0
Securelist
Securelist
added 2026/01/27 8:0 a.m.7 views

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

Over the past few years, we've been observing and monitoring the espionage activities of HoneyMyte aka Mustang Panda or Bronze President within Asia and Europe, with the Southeast Asia region being the most affected. The primary targets of most of the group's campaigns were government entities. A...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/02 1:52 p.m.6 views

Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia

The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan RAT that grants them persistent control over compromised hosts. "The campaign employs deceptive delivery techniques...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/30 8:35 a.m.6 views

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

The Chinese hacking group known as Mustang Panda aka HoneyMyte has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new variant of backdoor dubbed TONESHELL in a cyber attack detected in mid-2025 targeting an unspecified entity in Asia. The findings come from Kaspersky,...

7.8AI score
Exploits0
Securelist
Securelist
added 2025/12/29 10:0 a.m.20 views

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Overview of the attacks In mid-2025, we identified a malicious driver file on computer systems in Asia. The driver file is signed with an old, stolen, or leaked digital certificate and registers as a mini-filter driver on infected machines. Its end-goal is to inject a backdoor Trojan into the...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/18 5:34 p.m.12 views

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting governmental entities in Southeast Asia and Japan. The end goal of these attacks is cyber espionage, Slovak cybersecurity company ESET said in a report publishe...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/17 11:12 a.m.13 views

China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America. Check Point Research is tracking the cluster under the name Ink Dragon. It's also referenced by t...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/05 8:14 a.m.18 views

CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China PRC to maintain long-term persistence on compromised systems. "BRICKSTORM is a...

9.8CVSS10AI score0.99999EPSS
Exploits52
The Hacker News
The Hacker News
added 2025/12/01 5:7 a.m.4 views

Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets

The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools. "These attacks highlight a notable shift in Tomiris's tactics, name...

7.4AI score
Exploits0
HackRead
HackRead
added 2025/10/22 6:38 p.m.7 views

Bitter APT Exploiting Old WinRAR Vulnerability in New Backdoor Attacks

South Asian hacking group Bitter APT-Q-37 is deploying a C backdoor using two new methods: a WinRAR flaw and malicious Office XLAM files, targeting government and military sectors...

7AI score
Exploits0
HackRead
HackRead
added 2025/09/23 11:9 a.m.4 views

Inc Ransomware Group Claims 5.7 TB Theft from Pennsylvania Attorney General’s Office

The Inc ransomware gang claims to have stolen 5.7 TB of data from the Pennsylvania Attorney General's office in an August 2025 attack. Find out how the breach unfolded, why government agencies are a top target, and what this means for citizens...

7AI score
Exploits0
Rows per page
Query Builder