Lucene search
K

19 matches found

Microsoft Secure
Microsoft Secure
added 2025/07/31 4:0 p.m.37 views

Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been targeting embassies located in Moscow using an adversary-in-the-middle AiTM position to deploy their custom ApolloShadow malware. ApolloShadow has the...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/03/11 7:0 a.m.35 views

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa

Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat APT group dubbed SideWinder. The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates,...

7.8CVSS8AI score0.99945EPSS
Exploits33
The Hacker News
The Hacker News
added 2024/06/20 2:0 p.m.22 views

French Diplomatic Entities Targeted in Russian-Linked Cyber Attacks

State-sponsored actors with ties to Russia have been linked to targeted cyber attacks aimed at French diplomatic entities, the country's information security agency ANSSI said in an advisory. The attacks have been attributed to a cluster tracked by Microsoft under the name Midnight Blizzard...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/28 8:54 a.m.33 views

BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities

The Russian nation-state actor known as BlueBravo has been observed targeting diplomatic entities throughout Eastern Europe with the goal of delivering a new backdoor called GraphicalProton, exemplifying the continuous evolution of the threat. The phishing campaign is characterized by the use of...

6.6AI score
Exploits0
hivepro
hivepro
added 2023/05/24 1:25 p.m.20 views

Unveiling the Stealthy Operations of GoldenJackal APT Group

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary GoldenJackal is an APT group targeting government and diplomatic entities in the Middle East and South Asia. Their advanced capabilities include a range of .NET malware tools for gaining control, stealing...

6.9AI score
Exploits0
Securelist
Securelist
added 2023/05/23 8:0 a.m.41 views

Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. Despite the fact that they began their activities years ago, this group is generally unknown and, as far as we know, has not been publicly described. We...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/14 12:57 p.m.23 views

Russia-Linked Hackers Launches Espionage Attacks on Foreign Diplomatic Entities

The Russia-linked APT29 aka Cozy Bear threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa. According to Poland's Military Counterintelligence Service and the CERT...

6.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/14 9:39 a.m.128 views

Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad

Microsoft on Monday attributed a China-based cyber espionage actor to a set of attacks targeting diplomatic entities in South America. The tech giant's Security Intelligence team is tracking the cluster under the emerging moniker DEV-0147, describing the activity as an "expansion of the group's...

10CVSS0.8AI score0.99999EPSS
Exploits22
The Hacker News
The Hacker News
added 2023/01/18 11:5 a.m.1 views

Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks

The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022. Palo Alto Networks Unit 42, which is tracking the activity under its constellation-themed moniker Playful Taurus , said it observed the...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2022/04/27 12:24 p.m.23 views

Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware

A China-linked government-sponsored threat actor observed striking European diplomatic entities in March may have been targeting Russian government officials with an updated version of a remote access trojan called PlugX. Secureworks attributed the attempted intrusions to a threat actor it tracks...

0.5AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/12/06 9:0 p.m.25 views

NICKEL targeting government organizations across Latin America and Europe

The Microsoft Threat Intelligence Center MSTIC has observed NICKEL, a China-based threat actor, targeting governments, diplomatic entities, and non-governmental organizations NGOs across Central and South America, the Caribbean, Europe, and North America. MSTIC has been tracking NICKEL since 2016...

0.7AI score
Exploits0
Securelist
Securelist
added 2021/07/29 10:0 a.m.1534 views

APT trends report Q2 2021

For more than four years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and...

9.3CVSS9.3AI score0.99933EPSS
Exploits64
The Hacker News
The Hacker News
added 2021/06/11 7:1 a.m.295 views

New Cyber Espionage Group Targeting Ministries of Foreign Affairs

Cybersecurity researchers on Thursday took the wraps off a new cyber espionage group that has been behind a series of targeted attacks against diplomatic entities and telecommunication companies in Africa and the Middle East since at least 2017. Dubbed "BackdoorDiplomacy," the campaign involves...

10CVSS0.8AI score0.99999EPSS
Exploits60
The Hacker News
The Hacker News
added 2020/05/15 9:43 a.m.63 views

HTTP Status Codes Command This Malware How to Control Hacked Systems

A new version of COMpfun remote access trojan RAT has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe. The cyberespionage malware—traced to Turla APT with "medium-to-low level of confidence"...

0.3AI score
Exploits0
Securelist
Securelist
added 2020/05/14 10:0 a.m.74 views

COMpfun authors spoof visa application with HTTP status-based Trojan

You may remember that in autumn 2019 we published a story about how a COMpfun successor known as Reductor infected files on the fly to compromise TLS traffic. If you're wondering whether the actor behind the malware is still developing new features, the answer is yes. Later in November 2019 our...

7.2AI score
Exploits0
Securelist
Securelist
added 2019/01/30 10:0 a.m.105 views

Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities

Executive Summary Throughout the autumn of 2018 we analyzed a long-standing and still active at that time cyber-espionage campaign that was primarily targeting foreign diplomatic entities based in Iran. The attackers were using an improved version of Remexi in what the victimology suggests might ...

7.3AI score
Exploits0
Securelist
Securelist
added 2018/10/15 10:0 a.m.68 views

Octopus-infested seas of Central Asia

For the last two years we have been monitoring a Russian-language cyberespionage actor that focuses on Central Asian users and diplomatic entities. We named the actor DustSquad and have provided private intelligence reports to our customers on four of their campaigns involving custom Android and...

0.5AI score
Exploits0
FireEye
FireEye
added 2018/03/23 3:0 p.m.14 views

SANNY Malware Delivery Method Updated in Recently Observed Attacks

Introduction In the third week of March 2018, through FireEye’s Dynamic Threat Intelligence, FireEye discovered malicious macro-based Microsoft Word documents distributing SANNY malware to multiple governments worldwide. Each malicious document lure was crafted in regard to relevant regional...

7.7AI score
Exploits0References1
ThreatPost
ThreatPost
added 2017/02/21 4:8 p.m.10 views

Data Stealing Malware TeamSpy Resurfaces in Spam Campaign

After almost a four-year respite, the data-stealing TeamSpy malware has resurfaced, or at least that’s what a spam campaign detected over the weekend suggests, researchers say. Researchers at the CrySyS Lab in Hungary originally identified the malware back in March 2013 when they traced it back t...

1.1AI score
Exploits0References3
Rows per page
Query Builder