APT Archives - Page 2 of 3 - Cyber Security Minute

Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability

Issued by: The Hacker News

The advanced persistent threat (APT) actor known as Winter Vivern is now targeting officials in Europe and the U.S. as part of an ongoing cyber espionage campaign. “TA473 since at least February 2023 has continuously leveraged an unpatched Zimbra vulnerability in publicly facing webmail portals that allows them to gain access to the email mailboxes…

Malware & Threats

Where Advanced Cyberttackers Are Heading Next: Disruptive Hits, New Tech

Issued by: Dark Reading

In November, Ukraine’s president revealed that the country’s IT defenses fended off more than 1,300 Russian cyberattacks, including attacks on satellite communications infrastructure. The onslaught of cyberattacks highlights one of the shifts in advanced persistent threat (APT) attacks seen in the past year: In 2022, geopolitical tensions ratcheted up, and along with them, cyber operations…

Malware & Threats

Transportation sector targeted by both ransomware and APTs

Issued by: Help Net Security

Trellix released The Threat Report: Fall 2022 from its Advanced Research Center, which analyzes cybersecurity trends from the third quarter (Q3) of 2022. The report includes evidence of malicious activity linked to ransomware and nation-state backed advanced persistent threat (APT) actors. It examines malicious cyberactivity including threats to email, the malicious use of legitimate third-party…

Malware & Threats

Seven ‘Creepy’ Backdoors Used by Lebanese Cyberspy Group in Israel Attacks

Issued by: Security Week

Polonium was initially detailed by Microsoft in June 2022, but evidence suggests that the group has been active since at least September 2021, mainly focusing on cyberespionage. Operating out of Lebanon, the APT is believed to be working with threat actors affiliated with Iran in the targeting of more than 20 communications, engineering, insurance, information…

Malware & Threats

Russian Cyberspies Targeting Ukraine Pose as Telecoms Providers

Issued by: Security Week

Newly identified staging infrastructure overlaps with tactics, techniques, and procedures (TTPs) previously attributed to the group and shows that the threat actor continues its attacks on Ukrainian targets likely in support of Russia’s military actions in Ukraine. UAC-0113 has been linked by the Computer Emergency Response Team of Ukraine (CERT-UA) to the advanced persistent threat…

Malware & Threats

The Advantages of Threat Intelligence for Combating Fraud

Issued by: Security Week

Leveraging threat intelligence to combat nation state espionage threats is a common practice for cybersecurity teams. However, outside of common types of fraud seen in darkweb or closed forums, the same threat intelligence often is not leveraged to combat enterprise fraud. If you are a target of APT threats by espionage actors, buying access to…

Malware & Threats

North Korean Hackers Use Fake Job Offers to Deliver New macOS Malware

Issued by: Security Week

Believed to be backed by the North Korean government, Lazarus has been active since at least 2009, orchestrating various high-profile attacks, including numerous assaults on cryptocurrency entities. Also referred to as Hidden Cobra, Lazarus is believed to comprise multiple subgroups, the activities of which often overlap, the same as their tools. Over the past couple…

Malware & Threats

Iranian Cyberspy Group Launching Ransomware Attacks Against US

Issued by: Security Week

Also referred to as APT35, Magic Hound, NewsBeef, Newscaster, Phosphorus, and TA453, the advanced persistent threat (APT) actor is known for the targeting of activists, government organizations, journalists, and various other entities. In November 2021, a joint advisory from government agencies in the US, UK, and Australia warned of Iranian state-sponsored attacks targeting critical infrastructure…

Malware & Threats

More Russian Attacks Against Ukraine Come to Light

Issued by: Security Week

For years, Russian advanced persistent threat (APT) actors have been observed launching various cyberattacks against Ukrainian targets, with some of these groups believed to be part of or under the direct supervision of Moscow’s secret service. Over the past months, at least two Russian state-sponsored groups have been observed launching cyberattacks against Ukraine, namely Gamaredon,…

Malware & Threats

Patchwork APT caught in its own web

Issued by: Blog Malwarebytes

Patchwork is an Indian threat actor that has been active since December 2015 and usually targets Pakistan via spear phishing attacks. In its most recent campaign from late November to early December 2021, Patchwork has used malicious RTF files to drop a variant of the BADNEWS (Ragnatela) Remote Administration Trojan (RAT). What is interesting among…