Revisiting UNC3886 Tactics to Defend Against Present Risk

We examine the past tactics used by UNC3886 to gain insight on how to best strengthen defenses against the ongoing and emerging threats of this APT group...

Sleep with one eye open: how Librarian Ghouls steal data by night

Introduction Librarian Ghouls, also known as "Rare Werewolf" and "Rezet", is an APT group that targets entities in Russia and the CIS. Other security vendors are also monitoring this APT and releasing analyses of its campaigns. The group has remained active through May 2025, consistently targetin...

Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors

An APT group dubbed Earth Kurma is actively targeting government and telecommunications organizations in Southeast Asia using advanced malware, rootkits, and trusted cloud services to conduct cyberespionage...

Russia’s Storm-2372 Hits Orgs with MFA Bypass via Device Code Phishing

Russian APT group Storm-2372 employs device code phishing to bypass Multi-Factor Authentication MFA. Targets include government, technology, finance,…...

China’s FamousSparrow APT Hits Americas with SparrowDoor Malware

China-linked APT group FamousSparrow hits targets in the Americas using upgraded SparrowDoor malware in new cyberespionage campaign, ESET reports...

APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware

An advanced persistent threat APT group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India's public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has...

SideWinder targets the maritime and nuclear sectors with an updated toolset

Last year, we published an article about SideWinder, a highly prolific APT group whose primary targets have been military and government entities in Pakistan, Sri Lanka, China, and Nepal. In it, we described activities that had mostly happened in the first half of the year. We tried to draw...

Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection

Our Threat Hunting team discusses Earth Preta’s latest technique, in which the APT group leverages MAVInject and Setup Factory to deploy payloads, bypass ESET antivirus, and maintain control over compromised systems...

Microsoft Patch Tuesday, February 2025 Edition

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. All supported Windows operating systems will receive an update this month for a buffer overflow...

Chinese PlushDaemon APT Targets S. Korean IPany VPN with Backdoor

Cybersecurity firm ESET uncovers PlushDaemon, a previously unknown APT group targeting South Korea, deploying a SlowStepper backdoor. This…...

PT-2025-15185

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description A DLL Search Order Hijacking issue potentially allowed an attacker with administrator privileges to load a malicious dynamic-link library and execute its code. Recommendations At the moment,...

Americans urged to use encrypted messaging after large, ongoing cyberattack

A years-long infiltration into the systems of eight telecom giants, including AT&T and Verizon, allowed a state sponsored actor to steal vast amounts of data on where, when and who individuals have been communicating with. Speaking to Reuters, a senior US official said the attack telecommunicatio...

What is known about the Spoofing – Windows MSHTML Platform (CVE-2024-43573) vulnerability from the October Microsoft Patch Tuesday?

What is known about the Spoofing - Windows MSHTML Platform CVE-2024-43573 vulnerability from the October Microsoft Patch Tuesday? In fact, just that it is being exploited in the wild. There are no write-ups or public exploits yet. The Acknowledgements section in the Microsoft bulletin is empty. I...

MacOS Malware Surges as Corporate Usage Grows

MacOS Malware Surges as Corporate Usage Grows By Ilya Kolmanovich, Prashant Kadam and Duy-Phuc Pham · October 30, 2024 This blog was also written by Joe Malenfant and Max Kersten An apple a day keeps the doctor away, While the age-old expression does have its merits, the malware landscape on...

Beyond the Surface: the evolution and expansion of the SideWinder APT group

SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups that began its activities in 2012 and was first publicly mentioned by us in 2018. Over the years, the group has launched attacks against high-profile entities in South and Southeast Asia. Its primary targets have been...

Earth Simnavaz Levies Advanced Cyberattacks Against UAE and Gulf Regions

Trend Micro's investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to critical sectors in the UAE...

Awaken Likho is awake: new techniques of an APT group

Introduction In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, we began tracking it, and published three reports in August and September 2024 through our threat research subscription on the threat...

Tropic Trooper spies on government entities in the Middle East

Executive summary Tropic Trooper also known as KeyBoy and Pirate Panda is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Our recent investigation has...

Andariel Hackers Target South Korean Institutes with New Dora RAT Malware

The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea. "Keylogger, Infostealer, and proxy tools on top of the backdo...

Inside Operation Diplomatic Specter: Chinese APT Group's Stealthy Tactics Exposed

Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat APT group as part of an ongoing cyber espionage campaign dubbed Operation Diplomatic Specter since at least late 2022. "An analysis of this threat actor's activity reveals long-term...