Lucene search
K

34 matches found

The Hacker News
The Hacker News
added 2025/06/05 10:59 a.m.24 views

Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware

An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024. The activity is tied to a threat group ESET tracks as BladedFeline , which is assessed with medium confidence to be a sub-cluster within OilRig, a known...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/30 6:11 a.m.34 views

ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach

ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. "ConnectWise recently learned of suspicious activity within our environment that we believe wa...

9.3CVSS9AI score0.99959EPSS
Exploits20
The Hacker News
The Hacker News
added 2024/01/20 10:23 a.m.104 views

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been attributed to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021. "UNC3886 has a track record of utilizing...

9.8CVSS6.2AI score0.99428EPSS
Exploits1
Microsoft Secure
Microsoft Secure
added 2023/12/07 12:1 p.m.24 views

Star Blizzard increases sophistication and evasion in ongoing attacks

Microsoft Threat Intelligence continues to track and disrupt malicious activity attributed to a Russian state-sponsored actor we track as Star Blizzard formerly SEABORGIUM, also known as COLDRIVER and Callisto Group. Star Blizzard has improved their detection evasion capabilities since 2022 while...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/10/23 11:34 a.m.63 views

DoNot Team's New Firebird Backdoor Hits Pakistan and Afghanistan

The threat actor known as DoNot Team has been linked to the use of a novel .NET-based backdoor called Firebird targeting a handful of victims in Pakistan and Afghanistan. Cybersecurity company Kaspersky, which disclosed the findings in its APT trends report Q3 2023, said the attack chains are als...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/10/12 4:0 a.m.89 views

Update now! Atlassian Confluence vulnerability is being actively exploited

Microsoft Threat Intelligence has revealed that it has been tracking the active exploitation of a vulnerability in Atlassian Confluence software since September 14, 2023. At the time the attacks were first observed the vulnerability was a zero-day, meaning that no update was available, so defende...

7.5CVSS9.7AI score0.99999EPSS
Exploits84
The Hacker News
The Hacker News
added 2023/10/11 4:12 a.m.98 views

Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability

Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 aka DarkShadow or Oro0lxy. The tech giant's threat intelligence team said it observed in-the-wild abuse of the vulnerability...

10CVSS9.1AI score0.99156EPSS
Exploits39
The Hacker News
The Hacker News
added 2023/07/28 12:57 p.m.29 views

STARK#MULE Targets Koreans with U.S. Military-themed Document Lures

An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems. Cybersecurity firm Securonix is tracking the activity under the name STARKMULE. The scale of the attacks i...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/21 3:14 p.m.55 views

Azure AD Token Forging Technique in Microsoft Attack Extends Beyond Outlook, Wiz Reports

The recent attack against Microsoft's email infrastructure by a Chinese nation-state actor referred to as Storm-0558 is said to have a broader scope than previously thought. According to cloud security company Wiz, the inactive Microsoft account MSA consumer signing key used to forge Azure Active...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/18 3:26 a.m.36 views

JumpCloud Blames 'Sophisticated Nation-State' Actor for Security Breach

A little over a week after JumpCloud reset API keys of customers impacted by a security incident, the company said the intrusion was the work of a sophisticated nation-state actor. The adversary "gained unauthorized access to our systems to target a small and specific set of our customers," Bob...

7.5AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2023/04/18 3:0 p.m.53 views

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

Over the past several months, Microsoft has observed a mature subgroup of Mint Sandstorm, an Iranian nation-state actor previously tracked as PHOSPHORUS, refining its tactics, techniques, and procedures TTPs. Specifically, this subset has rapidly weaponized N-day vulnerabilities in common...

9.3CVSS9.9AI score0.99999EPSS
Exploits372
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/04/07 4:0 p.m.211 views

MERCURY and DEV-1084: Destructive attack on hybrid environment

April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. MERCURY is now tracked as Mango Sandstorm and DEV-1084 is now tracked as Storm-1084. To learn more about the new taxonomy represents the origin, unique traits,...

9.3CVSS10.2AI score0.99999EPSS
Exploits350
Microsoft Secure
Microsoft Secure
added 2023/04/07 4:0 p.m.81 views

MERCURY and DEV-1084: Destructive attack on hybrid environment

April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. MERCURY is now tracked as Mango Sandstorm and DEV-1084 is now tracked as Storm-1084. To learn more about the new taxonomy represents the origin, unique traits,...

9.3CVSS10.2AI score0.99999EPSS
Exploits350
HackRead
HackRead
added 2023/03/30 12:56 p.m.22 views

Popular PABX platform, 3CX Desktop App suffers supply chain attack

By Deeba Ahmed According to cybersecurity researchers, a nation-state actor, LABYRINTH CHOLLIMA, is suspected to be behind the multi-stage attack on 3CXDesktopApp. This is a post from HackRead.com Read the original post: Popular PABX platform, 3CX Desktop App suffers supply chain attack...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/16 6:16 p.m.31 views

Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries

The prolific SideWinder group has been attributed as the nation-state actor behind attempted attacks against 61 entities in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka between June and November 2021. Targets included government, military, law enforcement, banks, and other organizations,...

2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/16 6:16 p.m.2 views

Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries

The prolific SideWinder group has been attributed as the nation-state actor behind attempted attacks against 61 entities in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka between June and November 2021. Targets included government, military, law enforcement, banks, and other organizations,...

6.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2022/11/10 5:0 p.m.21 views

Microsoft threat intelligence presented at CyberWarCon 2022

At CyberWarCon 2022, Microsoft and LinkedIn analysts presented several sessions detailing analysis across multiple sets of actors and related activity. This blog is intended to summarize the content of the research covered in these presentations and demonstrates Microsoft Threat Intelligence...

0.1AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/09/29 4:0 p.m.39 views

ZINC weaponizing open-source software

In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center MSTIC observed activity targeting employees in organizations across multiple industries includi...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/20 12:56 p.m.188 views

Russian Sandworm Hackers Impersonate Ukrainian Telecoms to Distribute Malware

A threat cluster linked to the Russian nation-state actor tracked as Sandworm has continued its targeting of Ukraine with commodity malware by masquerading as telecom providers, new findings show. Recorded Future said it discovered new infrastructure belonging to UAC-0113 that mimics operators li...

9.3CVSS0.4AI score0.99374EPSS
Exploits62
Microsoft Secure
Microsoft Secure
added 2022/09/07 9:0 p.m.114 views

Profiling DEV-0270: PHOSPHORUS’ ransomware operations

Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS. Microsoft assesses with moderate confidence that DEV-0270 conducts malicious network operations,...

9.3CVSS0.7AI score0.99999EPSS
Exploits435
Rows per page
Query Builder