Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain

In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers' website was opened using the Google Chrome web...

Angry Likho: Old beasts in a new forest

Angry Likho referred to as Sticky Werewolf by some vendors is an APT group we've been monitoring since 2023. It bears a strong resemblance to Awaken Likho, which we've analyzed before, so we classified it within the Likho malicious activity cluster. However, Angry Likho's attacks tend to be...

New 'HrServ.dll' Web Shell Detected in APT Attack Targeting Afghan Government

An unspecified government entity in Afghanistan was targeted by a previously undocumented web shell called HrServ in what's suspected to be an advanced persistent threat APT attack. The web shell, a dynamic-link library DLL named "hrserv.dll," exhibits "sophisticated features such as custom...

HrServ – Previously unknown web shell used in APT attack

Introduction In the course of our routine investigation, we discovered a DLL file, identified as hrserv.dll, which is a previously unknown web shell exhibiting sophisticated features such as custom encoding methods for client communication and in-memory execution. Our analysis of the sample led t...

Unauthorized Access Vulnerability in Mingguo APT Attack (Cyber Warfare) Warning Platform

Hangzhou ACE Information Technology Co., Ltd. is a company that has been focusing on the research, development, production and sales of products in the field of network information security, such as Fortress, Remote Monitoring, Cloud Saas Service, Cloud WAF, Industrial Control, Online Remote Offi...

Microsoft Exchange Servers Face APT Attack Tsunami

Recently patched Microsoft Exchange vulnerabilities are under fire from at least 10 different advanced persistent threat APT groups, all bent on compromising email servers around the world. Overall exploitation activity is snowballing, according to researchers. Microsoft said in early March that ...

A week in security (October 12 – October 18)

Last week on Malwarebytes Labs, we looked at journalism’s role in cybersecurity on our Lock and Code podcast, gave tips for safer shopping on Amazon Prime day, and discussed an APT attack springing into life as Academia returned to the real and virtual campus environment. We also dug into potenti...

APT Attack Injects Malware into Windows Error Reporting

A campaign that injects malware into the Windows Error Reporting WER service to evade detection is potentially the work of a Vietnamese APT group, researchers said. The attack, discovered on Sept. 17 by researchers at Malwarebytes Threat Intelligence Team, lures its victims with a phishing campai...

Coronavirus-Themed APT Attack Spreads Malware

An advanced persistent threat APT group is leveraging the coronavirus pandemic to infect victims with a previously unknown malware, in a recently discovered campaign that researchers call “Vicious Panda.” Researchers identified two suspicious Rich Text Format files RTF — a text file format used b...

Iran Targets Mideast Oil with ZeroCleare Wiper Malware

A freshly-discovered wiper malware dubbed “ZeroCleare” has been deployed to target the energy and industrial sectors in the Middle East. According to IBM’s X-Force Incident Response and Intelligence Services IRIS, ZeroCleare so-named because of the program database pathname of its binary file was...

Details of the Cloud Hopper Attacks

Reuters has a long article on the Chinese government APT attack called Cloud Hopper. It was much bigger than originally reported. The hacking campaign, known as "Cloud Hopper," was the subject of a U.S. indictment in December that accused two Chinese nationals of identity theft and fraud...

Yet Another Bypass: Is 2FA Broken? Authentication Experts Weigh In

A penetration testing tool published by Polish security researcher Piotr Duszyński can bypass login protections for accounts protected by two-factor authentication 2FA. In his write-up on the tool, which is dubbed Modlishka, meaning “mantis” in English, he asked, “is 2FA broken?” It’s a question...

Hacking Team to make a comeback it? CVE-2018-5002 Flash 0day vulnerability APT attack analysis and Association-bug warning-the black bar safety net

60 Enterprise Security Threat Intelligence Center recently captured an example of the use of the Flash 0day vulnerability with Microsoft Office documents initiated by the APT attack case, the attack of the samples used for the first time using the non-Flash file built-in technologies, the Office...

Wages table actually into hacking weapons Flash emergency patch-bug warning-the black bar safety net

6 month 7 day night, the official Adobe announcement, announced the emergency release security patches fix latest be found the Flash of high-risk vulnerabilities, and the discovery of this vulnerability using the 360 core security advanced Threat Response Team public Acknowledgements. As the...

Zero-Day Flash Exploit Targeting Middle East

A zero-day vulnerability is being exploited in the wild in targeted attacks against Windows users in the Middle East, researchers warned Thursday. The Flash Player vulnerability CVE-2018-5002, a stack-based buffer overflow bug that could enable arbitrary code execution, was patched earlier today ...

WHP - Microsoft Windows Hacking Pack

M$ Windows Hacking Pack =========== Tools here are from different sources. The repo is generally licensed with WTFPL, but some content may be not eg. sysinternals. "pes" means "PE Scambled". It's useful sometimes. Remote Exploits =========== Windows 2000 / XP SP1 MS05-039 Microsoft Plug and Play...

Spread banking Trojan the Office 0day Vulnerability(CVE-2017-0199)technical analysis-vulnerability warning-the black bar safety net

Vulnerability overview Microsoft in 4 months of routine patch of 4 on 12, the A Office remote command execution vulnerability, CVE-2017-0199 for the repair, but in fact in the patch before the release there has been more use of this vulnerability in the wild is found, which contains the...

【Warning Notice】IOS remote jailbreak APT attack security a threat-vulnerability warning-the black bar safety net

! IOS remote jailbreak APT attacks Apple yesterday for IOS released a security update that relates to three 0 day vulnerability, this vulnerability discovery process from the primary APT attack begins. We need to note that, the hacker through the loopholes for remote control and get for IOS users...

Windows Zero Day Selling for $90,000

Hackers claim to have unearthed a zero-day vulnerability giving attackers admin rights to any Windows machine from Windows 2000 to a fully patched version of Windows 10. The zero day is for sale on the black market for $90,000. Security experts say the zero-day exploit looks legitimate and in the...

Microsoft Windows - Local Privilege Escalation (MS15-051)

Source: https://github.com/hfiref0x/CVE-2015-1701 Win32k LPE vulnerability used in APT attack Original info: https://www.fireeye.com/blog/threat-research/2015/04/probableapt28useo.html Credits R136a1 / hfiref0x Compiled EXE: x86 +...