Silk Typhoon Hackers Indicted

Lots of interesting details in the story: The US Department of Justice on Wednesday announced the indictment of 12 Chinese individuals accused of more than a decade of hacker intrusions around the world, including eight staffers for the contractor i-Soon, two officials at China's Ministry of Publ...

Iron Tiger APT Group Updates SysUpdate Malware to Target Linux Platforms

Threat Level Attack Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The Iron Tiger aka APT27 group updated their custom malware, SysUpdate, to target Linux platforms and evade security solutions. They specifically targeted a...

SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics

The threat actor known as Lucky Mouse has developed a Linux version of a malware toolkit called SysUpdate, expanding on its ability to target devices running the operating system. The oldest version of the updated artifact dates back to July 2022, with the malware incorporating new features...

Budworm Hackers Resurface with New Espionage Attacks Aimed at U.S. Organization

An advanced persistent threat APT actor known as Budworm targeted a U.S.-based entity for the first time in more than six years, according to latest research. The attack was aimed at an unnamed U.S. state legislature, the Symantec Threat Hunter team, part of Broadcom Software, said in a report...

Cyber Tools and Foreign Policy: A False Flag Chinese “APT” and Nancy Pelosi’s Visit to Taiwan

Cyber Tools and Foreign Policy: A False Flag Chinese “APT” and Nancy Pelosi’s Visit to Taiwan By Anne An · September 29, 2022 Preface U.S. House Speaker Nancy Pelosi’s visit to Taiwan led to an aftershock across the Taiwan Strait and through the Asia Pacific region. Immediately after Pelosi’s...

Chinese Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users

A pair of reports from cybersecurity firms SEKOIA and Trend Micro sheds light on a new campaign undertaken by a Chinese threat actor named Lucky Mouse that involves leveraging a trojanized version of a cross-platform messaging app to backdoor systems. Infection chains leverage a chat application...

[updated]Cyberattack on fuel supplier causes supply chain disruption

A cyberattack has disrupted the activities in Germany of fuel supplier Oiltanking Deutschland GmbH & Co. KG. The supplier is, among others, responsible for deliveries to the thousands of Shell and Aral gas stations in Germany. The Oiltanking division of Hamburg-based Marquard & Bahls owns and...

APT27 group uses the HyperBro remote access trojan to inject backdoors into victim’s network

...

UNC215: Spotlight on a Chinese Espionage Campaign in Israel

This blog post details the post-compromise tradecraft and operational tactics, techniques, and procedures TTPs of a Chinese espionage group we track as UNC215. While UNC215’s targets are located throughout the Middle East, Europe, Asia, and North America, this report focuses on intrusion activity...

LuckyMouse Hackers Target Banks, Companies and Governments in 2020

An adversary known for its watering hole attacks against government entities has been linked to a slew of newly detected intrusions targeting various organizations in Central Asia and the Middle East. The malicious activity, collectively named "EmissarySoldier," has been attributed to a threat...

Major Gaming Companies Hit with Ransomware Linked to APT27

A recent slew of related ransomware attacks on top videogame companies has been associated with the notorious Chinese-linked APT27 threat group, suggesting that the advanced persistent threat APT is swapping up its historically espionage centralized tactics to adopt ransomware, a new report says...

APT trends report Q1 2020

For more than two years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and...

LuckyMouse hits national data center to organize country-level waterholing campaign

What happened? In March 2018 we detected an ongoing campaign targeting a national data center in the Central Asia that we believe has been active since autumn 2017. The choice of target made this campaign especially significant – it meant the attackers gained access to a wide range of government...