Lucene search
K

25 matches found

Securelist
Securelist
added 2025/07/30 9:0 a.m.24 views

Cobalt Strike Beacon delivered via GitHub and social media

Introduction In the latter half of 2024, the Russian IT industry, alongside a number of entities in other countries, experienced a notable cyberattack. The attackers employed a range of malicious techniques to trick security systems and remain undetected. To bypass detection, they delivered...

7AI score
Exploits0
Securelist
Securelist
added 2025/02/21 10:0 a.m.18 views

Angry Likho: Old beasts in a new forest

Angry Likho referred to as Sticky Werewolf by some vendors is an APT group we've been monitoring since 2023. It bears a strong resemblance to Awaken Likho, which we've analyzed before, so we classified it within the Likho malicious activity cluster. However, Angry Likho's attacks tend to be...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/12/18 11:15 a.m.9 views

APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP

The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol RDP configuration files. The activity, which has targeted governments and armed forces, think tanks, academic...

7.5AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2024/12/17 12:0 a.m.10 views

Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks

APT group Earth Koshchei, suspected to be sponsored by the SVR, executed a large-scale rogue RDP campaign using spear-phishing emails, red team tools, and sophisticated anonymization techniques to target high-profile sectors...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/09/26 6:18 a.m.35 views

Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities

An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control C2. Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which ...

7.8CVSS8.1AI score0.97798EPSS
Exploits49
The Hacker News
The Hacker News
added 2024/06/07 7:13 a.m.15 views

SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign

The Computer Emergency Response Team of Ukraine CERT-UA has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync. The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020, whic...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/22 2:15 p.m.10 views

Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries

Cybersecurity researchers have disclosed details of a previously undocumented threat group called Unfading Sea Haze that's believed to have been active since 2018. The intrusion singled out high-level organizations in South China Sea countries, particularly military and government targets,...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/07 1:25 p.m.12 views

APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data

The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments. Targets of the attack include Western and Middle Eastern NGOs, media organizations, academia, legal services and activists, Google Cloud...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/16 6:16 p.m.31 views

Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries

The prolific SideWinder group has been attributed as the nation-state actor behind attempted attacks against 61 entities in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka between June and November 2021. Targets included government, military, law enforcement, banks, and other organizations,...

2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/08 1:40 p.m.16 views

New Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader

Cryptocurrency users are being targeted with a new clipper malware strain dubbed Laplas by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other commodity trojans like...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/29 12:0 p.m.40 views

Researchers Uncover Covert Attack Campaign Targeting Military Contractors

A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed STEEPMAVERICK by Securonix, also...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/03/25 1:17 p.m.32 views

U.S. Charges 4 Russian Govt. Employees Over Hacking Critical Infrastructure Worldwide

The U.S. government on Thursday released a cybersecurity advisory outlining multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted the energy sector in the U.S. and beyond. "The Federal Security Service conducted a multi-stage campaign in...

1AI score
Exploits0
ThreatPost
ThreatPost
added 2021/07/08 8:29 p.m.196 views

Oil & Gas Targeted in Year-Long Espionage Campaign

A sophisticated campaign targeting large international companies in the oil and gas sector has been underway for more than a year, researchers said, spreading common remote access trojans RATs for cyber-espionage purposes. According to Intezer analysis, spear-phishing emails with malicious...

7.1AI score
Exploits0References5
ThreatPost
ThreatPost
added 2021/02/17 4:31 p.m.192 views

Masslogger Swipes Outlook, Chrome Credentials

Cybercriminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims’ credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. Researchers uncovered the campaign targeting users in Italy, Latvia and...

0.3AI score
Exploits0References11
Securelist
Securelist
added 2020/12/03 10:0 a.m.93 views

What did DeathStalker hide between two ferns?

DeathStalker is a threat actor thats been active since at least 2012, and we exposed most of their past activities in a previous article, as well as during a GREAT Ideas conference in August 2020. The actor drew our attention in 2018 because of distinctive attack characteristics that didnt fit in...

0.3AI score
Exploits0
The Hacker News
The Hacker News
added 2020/12/01 8:54 a.m.42 views

Nation-State Hackers Caught Hiding Espionage Activities Behind Crypto Miners

A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research. Attributing the shift to a threat actor tracked as Bismuth, Microsoft's Microsoft 365 Defender...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2020/09/04 12:37 p.m.5 views

Evilnum hackers targeting financial firms with a new Python-based RAT

An adversary known for targeting the fintech sector at least since 2018 has switched up its tactics to include a new Python-based remote access Trojan RAT that can steal passwords, documents, browser cookies, email credentials, and other sensitive information. In an analysis published by Cybereas...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/04 8:32 a.m.50 views

US Government Warns of a New Strain of Chinese 'Taidoor' Virus

Intelligence agencies in the US have released information about a new variant of 12-year-old computer virus used by China's state-sponsored hackers targeting governments, corporations, and think tanks. Named "Taidoor," the malware has done an 'excellent' job of compromising systems as early as...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2020/05/21 8:11 a.m.85 views

Iranian APT Group Targets Governments in Kuwait and Saudi Arabia

Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. Bitdefender said the intelligence-gathering operations were conducted by Chafer APT also known as APT39 or Remix Kitten, a threat actor known fo...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2019/08/21 7:3 a.m.93 views

Russian Hacking Group Targeting Banks Worldwide With Evolving Tactics

Silence APT, a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now aggressively targeting banks in more than 30 countries across America, Europe, Africa, and Asia. Active since at least September 2016...

0.9AI score
Exploits0
Rows per page
Query Builder