Lucene search
K

6 matches found

The Hacker News
The Hacker News
added 2025/08/01 8:44 a.m.17 views

Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks

The threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft SharePoint Server is using a bespoke command-and-control C2 framework called AK47 C2 also spelled ak47c2 in its operations. The framework includes at least two different types of clients, HTTP-based...

8.8CVSS7.9AI score0.99907EPSS
Exploits9
The Hacker News
The Hacker News
added 2024/12/11 11:0 a.m.6 views

Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia

A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/12/11 1:59 p.m.24 views

Researchers Unmask Sandman APT's Hidden Link to China-Based KEYPLUG Backdoor

Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat APT called Sandman and a China-based threat cluster that's known to use a backdoor referred to as KEYPLUG. The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligenc...

7.1AI score
Exploits0
MSRC
MSRC
added 2023/07/11 7:0 a.m.29 views

Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email

UPDATE: Microsoft performed a comprehensive technical investigation into the acquisition of the Microsoft account consumer signing key, including how it was used to access enterprise email. Our technical investigation has concluded, and on September 6, 2023, we published our investigation finding...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2022/08/30 4:0 p.m.65 views

Watering Hole Attacks Push ScanBox Keylogger

A China-based threat actor has ramped up efforts to distribute the ScanBox reconnaissance framework to victims that include domestic Australian organizations and offshore energy firms in the South China Sea. The bait used by the advanced threat group APT is targeted messages that supposedly link...

7.3AI score
Exploits0References8
Microsoft Secure
Microsoft Secure
added 2021/12/06 9:0 p.m.25 views

NICKEL targeting government organizations across Latin America and Europe

The Microsoft Threat Intelligence Center MSTIC has observed NICKEL, a China-based threat actor, targeting governments, diplomatic entities, and non-governmental organizations NGOs across Central and South America, the Caribbean, Europe, and North America. MSTIC has been tracking NICKEL since 2016...

0.7AI score
Exploits0
Rows per page
Query Builder