Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

A China-aligned threat group is exploiting unpatched Microsoft Exchange vulnerabilities to conduct cyberespionage against government and critical infrastructure targets across Asia and beyond...

Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been targeting embassies located in Moscow using an adversary-in-the-middle AiTM position to deploy their custom ApolloShadow malware. ApolloShadow has the...

The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware

The FSB cyberespionage group known as Turla seems to have used its control of Russia’s network infrastructure to meddle with web traffic and trick diplomats into infecting their computers...

The SOC files: Rumble in the jungle or APT41’s new target in Africa

Introduction Some time ago, Kaspersky MDR analysts detected a targeted attack against government IT services in the African region. The attackers used hardcoded names of internal services, IP addresses, and proxy servers embedded within their malware. One of the C2s was a captive SharePoint serve...

New Russia-affiliated actor Void Blizzard targets critical sectors for espionage

Executive summary: Void Blizzard is a new threat actor Microsoft Threat Intelligence has observed conducting espionage operations primarily targeting organizations that are important to Russian government objectives. These include organizations in government, defense, transportation, media, NGOs,...

Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors

An APT group dubbed Earth Kurma is actively targeting government and telecommunications organizations in Southeast Asia using advanced malware, rootkits, and trusted cloud services to conduct cyberespionage...

China’s FamousSparrow APT Hits Americas with SparrowDoor Malware

China-linked APT group FamousSparrow hits targets in the Americas using upgraded SparrowDoor malware in new cyberespionage campaign, ESET reports...

The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques

The cyberespionage techniques of Earth Alux, a China-linked APT group, are putting critical industries at risk. The attacks, aimed at the APAC and Latin American regions, leverage powerful tools and techniques to remain hidden while stealing sensitive data...

Russian UAC-0063 Targets Europe and Central Asia with Advanced Malware

UAC-0063: A Russian-linked threat actor targeting Central Asia and Europe with sophisticated cyberespionage campaigns, including weaponized documents, data…...

CISA and FBI: Chinese Hackers Compromised US Telecom Networks

The CISA and FBI have issued an advisory detailing a sophisticated cyberespionage campaign by state-sponsored Chinese hackers that…...

Censys Uncovers Hidden Infrastructure of Iranian Fox Kitten Group

Censys uncovers the hidden infrastructure of Fox Kitten, an Iranian cyberespionage group. It reveals unique patterns, potential new…...

Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome Site

The remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users. These infections stem from a fake website "chrome-web.com" serving malicious installer packages...

US Charges North Korean Hacker for Ransomware Attacks on Hospitals

The North Korean hacker, Rim Jong Hyok, is accused of being part of the government-backed cyberespionage group Andariel,…...

Chinese Espionage Group “ChamelGang” Uses Attacks for Disruption and Data Theft

Beware! Chinese cyberespionage group ChamelGang targets critical infrastructure like aviation and government systems. SentinelOne report reveals potential attacks across Asia. Learn more about ChamelGang's cyberespionage activities...

Crimson Palace: Chinese Hackers Steal Military Secrets Over 2 Years

Sophos uncovers "Operation Crimson Palace, a long-term cyberespionage effort targeting a Southeast Asian government. Learn how attackers used…...

Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks

Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet formerly Storm-1789, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for its financial and...

Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024

This report describes how Waterbear and Deuterbear — two of the tools in Earth Hundun's arsenal — operate, based on a campaign from 2024...

Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic Missions

An unnamed European Ministry of Foreign Affairs MFA and its three diplomatic missions in the Middle East were targeted by two previously undocumented backdoors tracked as LunarWeb and LunarMail. ESET, which identified the activity, attributed it with medium confidence to the Russia-aligned...

Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear

Our blog entry provides an in-depth analysis of Earth Hundun's Waterbear and Deuterbear malware...

Attacks, Vulnerabilities and Actors 11 to 17 March 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, HiveForce Labs discovered eight executed attacks, uncovered ten vulnerabilities, and identified two active...