Kimsuky targets South Korean entities with phishing campaign

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary As of 2010, Kimsuky has targeted the governments, think tanks, media, and education entities of the United States and South Korea. Early in 2022, a new attack cluster GoldDragon was observed targeting med...

New UAC-0056 activity: There’s a Go Elephant in the room

This blog post was authored by Ankur Saini, Roberto Santos and Hossein Jazi. UAC-0056 also known as SaintBear, UNC2589 and TA471 is a cyber espionage actor that has been active since early 2021 and has mainly targeted Ukraine and Georgia. The group is known to have performed a wiper attack in...

New Backdoor Targets French Entities via Open-Source Package Installer

Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors that leverages the Chocolatey Windows package manager to deliver a backdoor called Serpent on compromised systems. Enterprise security firm Proofpoint attribute...

North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign

This blog was authored by Ankur Saini and Hossein Jazi Lazarus Group is one of the most sophisticated North Korean APTs that has been active since 2009. The group is responsible for many high profile attacks in the past and has gained worldwide attention. The Malwarebytes Threat Intelligence team...

A Cyber Revolution: Advanced Attacks Increasing in EMEA Reflect Political Tension

Financial, geopolitical and economical changes made 2015 a very busy year for the Europe, Middle East and Africa EMEA region, particularly in the cyber realm. FireEye has been monitoring these shifting cyber trends and has identified considerable evolutions to the EMEA threat landscape when...