Lucene search
K

22 matches found

Microsoft Secure
Microsoft Secure
added 2026/05/14 3:0 p.m.13 views

Kazuar: Anatomy of a nation-state botnet

In this article 1. Delivery 2. Module types 3. Botnet operations 4. Who is Secret Blizzard? 5. Mitigation and protection guidance 6. Microsoft Defender detections Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/08 2:54 p.m.7 views

China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes

A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. The activity cluster, which has been active since at least 2022, primarily focuses on extensive technical reconnaissance of target organizations...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/27 11:51 a.m.27 views

Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages

Microsoft has shed light on a previously undocumented cluster of malicious activity originating from a Russia-affiliated threat actor dubbed Void Blizzard aka Laundry Bear that it said is attributed to "worldwide cloud abuse." Active since at least April 2024, the hacking group is linked to...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/03 9:33 a.m.68 views

Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware

An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure CNI entity in the Middle East that lasted nearly two years. The activity, which lasted from at least May 2023 to February 2025, entailed "extensive espionage...

9.8CVSS8.8AI score0.8488EPSS
Exploits3
The Hacker News
The Hacker News
added 2024/11/13 4:9 p.m.4 views

Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel

A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities. The activity, linked to a group called WIRTE , has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and...

7.2AI score
Exploits0
ICS
ICS
added 2024/09/05 12:0 p.m.89 views

Russian Military Cyber Actors Target US and Global Critical Infrastructure

Summary The Federal Bureau of Investigation FBI, Cybersecurity and Infrastructure Security Agency CISA, and National Security Agency NSA assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate GRU 161st Specialist Training Center Unit 29155 are responsible...

10CVSS9.3AI score0.99999EPSS
Exploits434References193
The Hacker News
The Hacker News
added 2024/07/19 7:24 a.m.27 views

APT41 Infiltrates Networks in Italy, Spain, Taiwan, Turkey, and the U.K.

Several organizations operating within global shipping and logistics, media and entertainment, technology, and automotive sectors in Italy, Spain, Taiwan, Thailand, Turkey, and the U.K. have become the target of a "sustained campaign" by the prolific China-based APT41 hacking group. "APT41...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/17 8:47 a.m.42 views

China-linked APT17 Targets Italian Companies with 9002 RAT Malware

A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis...

9.3CVSS7.3AI score0.8593EPSS
Exploits18
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/07/11 5:30 p.m.58 views

Storm-0978 attacks reveal financial and espionage motives

Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before disclosu...

6.8CVSS8AI score0.99083EPSS
Exploits3
The Hacker News
The Hacker News
added 2023/06/09 1:37 p.m.7 views

Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions

The threat actor known as Asylum Ambuscade has been observed straddling cybercrime and cyber espionage operations since at least early 2020. "It is a crimeware group that targets bank customers and cryptocurrency traders in various regions, including North America and Europe," ESET said in an...

9.3CVSS7AI score0.99374EPSS
Exploits62
The Hacker News
The Hacker News
added 2022/09/21 10:54 a.m.24 views

U.S. Adds 2 More Chinese Telecom Firms to National Security Threat List

The U.S. Federal Communications Commission FCC has added Pacific Network Corp, along with its subsidiary ComNet USA LLC, and China Unicom Americas Operations Limited, to the list of communications equipment and services that have been deemed a threat to national security. The agency said the...

0.6AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/08 12:1 p.m.58 views

Lazarus and the tale of three RATs

By Jung soo An, Asheer Malhotra and Vitor Ventura. Cisco Talos has been tracking a new campaign operated by the Lazarus APT group, attributed to North Korea by the United States government. This campaign involved the exploitation of vulnerabilities in VMWare Horizon to gain an initial foothold in...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2022/05/02 1:39 p.m.26 views

Chinese "Override Panda" Hackers Resurface With New Espionage Attacks

A Chinese state-sponsored espionage group known as Override Panda has resurfaced in recent weeks with a new phishing attack with the goal of stealing sensitive information. "The Chinese APT used a spear-phishing email to deliver a beacon of a Red Team framework known as 'Viper,'" Cluster25 said i...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/07/28 10:6 a.m.61 views

Hackers Posed as Aerobics Instructors for Years to Target Aerospace Employees

An Iranian cyberespionage group masqueraded as an aerobics instructor on Facebook in an attempt to infect the machine of an employee of an aerospace defense contractor with malware as part of a years-long social engineering and targeted malware campaign. Enterprise security firm Proofpoint...

1.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/06/01 1:0 p.m.195 views

Kimsuky APT continues to target South Korean government using AppleSeed backdoor

This blog post was authored by Hossein Jazi. The Kimsuky APT—also known as Thallium, Black Banshee, and Velvet Chollima—is a North Korean threat actor that has been active since 2012. The group conducts cyber espionage operations to target government entities mainly in South Korea. On December...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/08 11:23 a.m.50 views

Detailed: Here's How Iran Spies on Dissidents with the Help of Hackers

Twin cyber operations conducted by state-sponsored Iranian threat actors demonstrate their continued focus on compiling detailed dossiers on Iranian citizens that could threaten the stability of the Islamic Republic, including dissidents, opposition forces, and ISIS supporters, and Kurdish native...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2017/11/07 5:15 a.m.15 views

Newly Uncovered 'SowBug' Cyber-Espionage Group Stealing Diplomatic Secrets Since 2015

A previously unknown hacking and cyber-espionage group that has been in operation since at least 2015 have conducted a series of highly targeted attacks against a host of government organizations in South America and Southeast Asia to steal their sensitive data. Codenamed Sowbug, the hacking grou...

7.6AI score
Exploits0
FireEye
FireEye
added 2017/09/20 10:0 a.m.20 views

Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware

When discussing suspected Middle Eastern hacker groups with destructive capabilities, many automatically think of the suspected Iranian group that previously used SHAMOON – aka Disttrack – to target organizations in the Persian Gulf. However, over the past few years, we have been tracking a...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2017/06/05 10:17 p.m.21 views

FBI Arrests NSA Contractor for Leaking Secrets – Here's How they Caught Her

The FBI arrested a 25-year-old NSA contractor on Saturday 3rd June for leaking classified information to an online news outlet which published its report yesterday 5th June — meaning the arrest was made two days before the actual disclosure went online. Reality Leigh Winner, who held a top-secret...

6.1AI score
Exploits0
FireEye
FireEye
added 2016/01/07 8:56 p.m.230 views

Sandworm Team and the Ukrainian Power Authority Attacks

Update 1.11.16 - SANS ICS Team Connects Dots Updating the blog entry to bring attention to the recent analysis published by Mike Assante from the SANS ICS team. "After analyzing the information that has been made available by affected power companies, researchers, and the media it is clear that...

9.3CVSS7.9AI score0.81628EPSS
Exploits22
Rows per page
Query Builder