6 matches found
Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks
The threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft SharePoint Server is using a bespoke command-and-control C2 framework called AK47 C2 also spelled ak47c2 in its operations. The framework includes at least two different types of clients, HTTP-based...
Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia
A suspected China-based threat actor has been linked to a series of cyber attacks targeting high-profile organizations in Southeast Asia since at least October 2023. The espionage campaign targeted organizations in various sectors spanning government ministries in two different countries, an air...
Researchers Unmask Sandman APT's Hidden Link to China-Based KEYPLUG Backdoor
Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat APT called Sandman and a China-based threat cluster that's known to use a backdoor referred to as KEYPLUG. The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligenc...
Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email
UPDATE: Microsoft performed a comprehensive technical investigation into the acquisition of the Microsoft account consumer signing key, including how it was used to access enterprise email. Our technical investigation has concluded, and on September 6, 2023, we published our investigation finding...
Watering Hole Attacks Push ScanBox Keylogger
A China-based threat actor has ramped up efforts to distribute the ScanBox reconnaissance framework to victims that include domestic Australian organizations and offshore energy firms in the South China Sea. The bait used by the advanced threat group APT is targeted messages that supposedly link...
NICKEL targeting government organizations across Latin America and Europe
The Microsoft Threat Intelligence Center MSTIC has observed NICKEL, a China-based threat actor, targeting governments, diplomatic entities, and non-governmental organizations NGOs across Central and South America, the Caribbean, Europe, and North America. MSTIC has been tracking NICKEL since 2016...