Lucene search
K

50 matches found

The Hacker News
The Hacker News
added 2024/12/11 6:2 p.m.11 views

Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service

The Russian nation-state actor tracked as Secret Blizzard has been observed leveraging malware associated with other threat actors to deploy a known backdoor called Kazuar on target devices located in Ukraine. The new findings come from the Microsoft threat intelligence team, which said it observ...

6.9AI score
Exploits0
hivepro
hivepro
added 2024/03/12 6:27 a.m.26 views

Evasive Panda China-Linked Cyberespionage Targeting Tibetans

Summary: Evasive Panda, a threat actor associated with China, has masterminded an intricate cyberespionage campaign targeting Tibetan users since at least September 2023. This operation employs both watering hole and supply chain attacks to achieve its objectives. Threat Level - Red | Attack Repo...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/03/07 1:22 p.m.25 views

Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks

The China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since September 2023. The end goal of the attacks is to deliver malicious downloaders for Windows and macOS that deploy a known backdoor called MgBot and ...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/12/06 12:0 a.m.6 views

The vulnerability of the MagicLine 4 authentication software lies in the possibility of data being written outside of the buffer in memory. This allows a malicious actor to gain unauthorized access to protected information and carry out a “Watering Hole” attack.

The vulnerability of the MagicLine 4 authentication software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information and carry out a “Watering Hole” attack...

10CVSS8.2AI score0.00821EPSS
Exploits0References5Affected Software1
The Hacker News
The Hacker News
added 2023/10/26 7:24 a.m.40 views

Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks

The Iranian threat actor known as Tortoiseshell has been attributed to a new wave of watering hole attacks that are designed to deploy a malware dubbed IMAPLoader. "IMAPLoader is a .NET malware that has the ability to fingerprint victim systems using native Windows utilities and acts as a...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2023/09/25 10:34 a.m.46 views

From Watering Hole to Spyware: EvilBamboo Targets Tibetans, Uyghurs, and Taiwanese

Tibetan, Uyghur, and Taiwanese individuals and organizations are the targets of a persistent campaign orchestrated by a threat actor codenamed EvilBamboo to gather sensitive information. "The attacker has created fake Tibetan websites, along with social media profiles, likely used to deploy...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/09/19 11:10 a.m.47 views

Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities

The China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS. Earth Lusca was first documented by Trend Micro in January 2022, detailing the adversary's attacks against public and private sector entiti...

10CVSS8.8AI score0.99986EPSS
Exploits89
The Hacker News
The Hacker News
added 2023/01/10 4:40 p.m.3 views

StrongPity Hackers Distribute Trojanized Telegram App to Target Android Users

The advanced persistent threat APT group known as StrongPity has targeted Android users with a trojanized version of the Telegram app through a fake website that impersonates a video chat service called Shagle. "A copycat website, mimicking the Shagle service, is used to distribute StrongPity's...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2022/08/30 4:0 p.m.65 views

Watering Hole Attacks Push ScanBox Keylogger

A China-based threat actor has ramped up efforts to distribute the ScanBox reconnaissance framework to victims that include domestic Australian organizations and offshore energy firms in the South China Sea. The bait used by the advanced threat group APT is targeted messages that supposedly link...

7.3AI score
Exploits0References8
The Hacker News
The Hacker News
added 2022/01/18 8:2 a.m.21 views

Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors

An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. "The list of its victims includes high-value targets such as government and educational...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2021/11/17 11:10 a.m.49 views

Israel's Candiru Spyware Found Linked to Watering Hole Attacks in U.K and Middle East

Israeli spyware vendor Candiru, which was added to an economic blocklist by the U.S. government this month, is said to have reportedly waged "watering hole" attacks against high-profile entities in the U.K. and the Middle East, new findings reveal. "The victimized websites belong to media outlets...

7.5AI score
Exploits0
ThreatPost
ThreatPost
added 2021/11/08 7:42 p.m.32 views

Zebra2104 Initial Access Broker Supports Rival Malware Gangs, APTs

Three separate threat groups are all using a common initial access broker IAB to enable their cyberattacks, according to researchers – a finding that has revealed a tangled web of related attack infrastructure underpinning disparate and in some cases rival malware campaigns. The BlackBerry Resear...

6.9AI score
Exploits0References14
ThreatPost
ThreatPost
added 2021/08/19 8:19 p.m.108 views

InkySquid State Actor Exploiting Known IE Bugs

The InkySquid advanced persistent threat APT group, which researchers have linked to the North Korean government, was caught launching watering hole attacks against a South Korean newspaper using known Internet Explorer vulnerabilities. New analysis from Volexity reported its team of researchers...

8.8CVSS8.9AI score0.81103EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2021/04/29 2:46 p.m.36 views

LuckyMouse Hackers Target Banks, Companies and Governments in 2020

An adversary known for its watering hole attacks against government entities has been linked to a slew of newly detected intrusions targeting various organizations in Central Asia and the Middle East. The malicious activity, collectively named "EmissarySoldier," has been attributed to a threat...

0.3AI score
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2021/03/18 12:0 a.m.174 views

In-the-Wild Series: October 2020 0-day discovery

Posted by Maddie Stone, Project Zero In October 2020, Google Project Zero discovered seven 0-day exploits being actively used in-the-wild. These exploits were delivered via "watering hole" attacks in a handful of websites pointing to two exploit servers that hosted exploit chains for Android,...

9.6CVSS8.5AI score0.5063EPSS
Exploits8
The Hacker News
The Hacker News
added 2020/06/30 7:45 a.m.63 views

Advanced StrongPity Hackers Target Syria and Turkey with Retooled Spyware

Cybersecurity researchers today uncovered new details of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes. The advanced persistent threat behind the operation, called StrongPity, has retooled with new tactics to contro...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2020/06/30 7:45 a.m.5 views

Advanced StrongPity Hackers Target Syria and Turkey with Retooled Spyware

Cybersecurity researchers today uncovered new details of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes. The advanced persistent threat behind the operation, called StrongPity, has retooled with new tactics to contro...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/05/15 9:43 a.m.63 views

HTTP Status Codes Command This Malware How to Control Hacked Systems

A new version of COMpfun remote access trojan RAT has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe. The cyberespionage malware—traced to Turla APT with "medium-to-low level of confidence"...

0.3AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/11/13 6:0 p.m.61 views

What Makes Island Hopping a Formidable Threat?

Island hopping is a technique used by cybercriminals to exploit less sophisticated organizations in order to breach their larger affiliates. Attackers use vulnerabilities in the first company’s defenses as a point of entry to the second. This is no small threat. In fact, half of cyber attacks tod...

1.6AI score
Exploits0
Securelist
Securelist
added 2019/10/16 10:0 a.m.244 views

APT trends report Q3 2019

For more than two years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and...

5CVSS8AI score0.99993EPSS
Exploits45
Rows per page
Query Builder