Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

The China-aligned advanced persistent threat APT actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia. That's according to findings from cybersecurity firm ESET based on multiple Linux samples...

APT trends report Q1 2024

For more than six years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published and...

Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations

Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. "This activity is believed to be part of a long-term espionage campaign," Palo Alto Networks Unit ...

New Report Uncovers 3 Distinct Clusters of China-Nexus Attacks on Southeast Asian Government

An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously on the same victims'...

Gelsemium APT Group Uses “Rare” Backdoor in Southeast Asian Attack

By Waqas Elusive APT Group Gelsemium Emerges in Rare Southeast Asian Attack, Unveils Unique Tactics. KEY FINDINGS Cybersecurity researchers at… This is a post from HackRead.com Read the original post: Gelsemium APT Group Uses "Rare" Backdoor in Southeast Asian Attack...

Malicious IIS Extensions Gaining Popularity Among Cyber Criminals for Persistent Access

Threat actors are increasingly abusing Internet Information Services IIS extensions to backdoor servers as a means of establishing a "durable persistence mechanism." That's according to a new warning from the Microsoft 365 Defender Research Team, which said that "IIS backdoors are also harder to...

New 'SessionManager' Backdoor Targeting Microsoft IIS Servers in the Wild

A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022. Dubbed SessionManager, the malicious tool masquerades as a...

NoxPlayer Supply-Chain Attack is Likely the Work of Gelsemium Hackers

A new cyber espionage group named Gelsemium has been linked to a supply chain attack targeting the NoxPlayer Android emulator that was disclosed earlier this year. The findings come from a systematic analysis of multiple campaigns undertaken by the APT crew, with evidence of the earliest attack...