Lucene search
K

76 matches found

ThreatPost
ThreatPost
added 2022/03/09 2:7 p.m.154 views

Russian APTs Furiously Phish Ukraine – Google

While Russia is fighting a physical war on the ground against Ukraine, advanced persistent threat APT groups affiliated with or backing Vladimir Putin’s government are ramping up phishing and other attacks against Ukrainian and European targets in cyberspace, Google is warning. Researchers from...

8.5AI score
Exploits0References9
ThreatPost
ThreatPost
added 2022/01/13 9:3 p.m.29 views

North Korean APTs Stole ~$400M in Crypto in 2021

Vast amounts of cash sloshing around in cryptocurrency markets are proving irresistible for cybercriminals and scammers of all kinds. From basic financial pump-and-dump schemes to straight-up nation-state cybertheft, nascent crypto markets, and their investors – often with dubious understanding o...

7.2AI score
Exploits0References13
ThreatPost
ThreatPost
added 2021/10/20 1:28 p.m.98 views

‘Lone Wolf’ APT Uses Commodity RATs

An APT described as a “lone wolf” is exploiting a decades-old Microsoft Office flaw to deliver a barrage of commodity RATs to organizations in India and Afghanistan, researchers have found. Attackers use political and government-themed malicious domains as lures in the campaign, which targets...

9.3CVSS8.7AI score0.99945EPSS
Exploits33References6
ThreatPost
ThreatPost
added 2021/09/29 11:10 p.m.42 views

Keep Attackers Out of VPNs: NSA, CISA Offer Guidance

Unsecured VPNs can be a hot mess: Just ask Colonial Pipeline which got pwned by the REvil ransomware crooks with an old VPN password or the 87,000 at least Fortinet customers whose credentials for unpatched SSL-VPNs were posted online earlier this month. Vulnerabilities in VPN servers are like...

7.6AI score
Exploits0References14
ThreatPost
ThreatPost
added 2021/09/16 9:9 p.m.131 views

CISA, FBI: State-Backed APTs Are Exploiting Critical Zoho Bug

The FBI, CISA and the U.S. Coast Guard Cyber Command CGCYBER warned today that state-backed advanced persistent threat APT actors are likely among those who’ve been actively exploiting a newly identified bug in a Zoho single sign-on and password management tool since early last month. At issue is...

9.8CVSS10AI score0.9896EPSS
Exploits8References10
Kitploit
Kitploit
added 2021/09/04 12:30 p.m.39 views

Zuthaka - An Open Source Application Designed To Assist Red-Teaming Efforts, By Simplifying The Task Of Managing Different APTs And Other Post-Exploitation Tools

A collaborative free open-source Command & Control integration framework that allows developers to concentrate on the core function and goal of their C2. Explore the docs » About the project Problem Statement The current C2s ecosystem has rapidly grown in order to adapt to modern red team...

7AI score
Exploits0References2
ThreatPost
ThreatPost
added 2021/07/01 1:0 p.m.45 views

Data Exfiltration: What You Should Know to Prevent It

In today’s digitally driven era, data is the most critical component of a business. Companies are collecting more data than ever before, and constantly enhancing their operations through data-driven decisions. As a result, data leaks are a serious concern for companies of all sizes; if one occurs...

7AI score
Exploits0References2
Talos Blog
Talos Blog
added 2021/05/27 11:0 a.m.35 views

Threat Source newsletter (May 27, 2021)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We're used to referring to attackers as either APTs or not APTs. And when something is an APT, it sounds a lot scarier and sexier. But it's our belief that that isn't going to cut it anymore. Therefore, we propose in a... This is...

2.6AI score
Exploits0
The Hacker News
The Hacker News
added 2021/05/07 8:58 a.m.106 views

New Stealthy Rootkit Infiltrated Networks of High-Profile Organizations

An unknown threat actor with the capabilities to evolve and tailor its toolset to target environments infiltrated high-profile organizations in Asia and Africa with an evasive Windows rootkit since at least 2018. Called 'Moriya,' the malware is a "passive backdoor which allows attackers to inspec...

1.1AI score
Exploits0
ThreatPost
ThreatPost
added 2021/03/17 3:8 p.m.53 views

State-sponsored Threat Groups Target Telcos, Steal 5G Secrets

Chinese-language APTs are targeting telecom companies in cyberespionage campaigns aimed at stealing sensitive data and trade secrets tied to 5G technology, according to researchers. The campaigns, dubbed “Operation Diànxùn”, target and lure victims working in the telecom industry. A typical ploy...

0.1AI score
Exploits0References8
FireEye
FireEye
added 2021/03/04 12:0 a.m.129 views

New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452

Executive Summary In August 2020, a U.S.-based entity uploaded a new backdoor that we have named SUNSHUTTLE to a public malware repository. SUNSHUTTLE is a second-stage backdoor written in GoLang that features some detection evasion capabilities. Mandiant observed SUNSHUTTLE at a victim compromis...

1AI score
Exploits0References2
Talos Blog
Talos Blog
added 2021/02/25 11:0 a.m.29 views

Threat Source newsletter (Feb. 25, 2021)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. We all think of APTs as these wide-reaching, silent threat groups who are backed by a nation-state. But our recent research into Gamaredon shows that not all APTs are created equal. We’ve spotted this actor carrying out several...

1.2AI score
Exploits0
ThreatPost
ThreatPost
added 2021/01/27 12:21 p.m.187 views

Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update

Apple continues to put out potential security fires by patching zero-day vulnerabilities, releasing an emergency update this week to patch three more recently discovered in iOS after a major software update in November already fixed three that were being actively exploited. The newly patched bugs...

0.1AI score0.07921EPSS
Exploits1References10
ThreatPost
ThreatPost
added 2020/12/21 7:38 p.m.61 views

Zero-Click Apple Zero-Day Uncovered in Pegasus Spy Attack

Four nation-state-backed advanced persistent threats APTs hacked Al Jazeera journalists, producers, anchors and executives, in an espionage attack leveraging a zero-day exploit for Apple iPhone, researchers said. The attack, carried out in July and August, compromised 36 personal phones belonging...

6.6AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/12/02 9:21 p.m.37 views

Think-Tanks Under Attack by Foreign APTs, CISA Warns

The Cybersecurity and Infrastructure Security Agency CISA and the FBI have issued a warning on what they say are persistent, continued cyberattacks by advanced persistent threat APT actors targeting U.S. think-tanks. The attackers are looking to steal sensitive information, acquire user credentia...

0.9AI score
Exploits0References7
FireEye
FireEye
added 2020/11/19 12:0 a.m.385 views

Purgalicious VBA: Macro Obfuscation With VBA Purging

Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss "VBA Purging", a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in Februa...

7.1AI score
Exploits0References16
ThreatPost
ThreatPost
added 2020/10/21 8:31 p.m.826 views

Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks

Chinese state-sponsored cyberattackers are actively compromising U.S. targets using a raft of known security vulnerabilities – with a Pulse VPN flaw claiming the dubious title of “most-favored bug” for these groups. That’s according to the National Security Agency NSA, which released a “top 25”...

10CVSS9.3AI score0.99999EPSS
Exploits451References21
ThreatPost
ThreatPost
added 2020/10/19 3:9 p.m.85 views

Microsoft Exchange, Outlook Under Siege By APTs

New, sophisticated adversaries are switching up their tactics in exploiting enterprise-friendly platforms — most notably Microsoft Exchange, Outlook Web Access OWA and Outlook on the Web – in order to steal business credentials and other sensitive data. Both Microsoft’s Exchange mail server and...

6.8CVSS0.59893EPSS
Exploits2References8
Securelist
Securelist
added 2020/09/29 2:0 p.m.28 views

Why master YARA: from routine to extreme threat hunting cases. Follow-up

On 3rd of September, we were hosting our "Experts Talk. Why master YARA: from routine to extreme threat hunting cases", in which several experts from our Global Research and Analysis Team and invited speakers shared their best practices on YARA usage. At the same time, we also presented our new...

6.8AI score
Exploits0
HackRead
HackRead
added 2020/08/24 9:19 p.m.43 views

Iranian hackers used RDP to hit businesses with Dharma ransomware

By Waqas The hackers using Dharma ransomware are "far behind the level of sophistication of big-league Iranian APTs." This is a post from HackRead.com Read the original post: Iranian hackers used RDP to hit businesses with Dharma ransomware...

6.9AI score
Exploits0
Rows per page
Query Builder