Researchers at Microsoft have identified a North Korean threat group carrying out espionage and financial cyberattacks concurrently, using a grab bag of different attack techniques against aerospace, education, and software organizations and developers. In the beginning, Microsoft explained in a blog post, Moonstone Sleet heavily overlapped with the known DPRK advanced persistent threat (APT) Diamond…

The infamous North Korean advanced persistent threat (APT) group Lazarus has developed a form of macOS malware called “KandyKorn,” which it is using to target blockchain engineers connected to cryptocurrency exchanges. According to a report from Elastic Security Labs, KandyKorn has a full-featured set of capabilities to detect, access, and steal any data from the…

A note from Redmond linked the ongoing attacks to an APT group tracked as Storm-0062 and warned that malicious activity dates back to September 14, a full three weeks before Atlassian’s public disclosure of the issue. “Microsoft has observed nation-state threat actor Storm-0062 exploiting CVE-2023-22515 in the wild since September 14, 2023. CVE-2023-22515 was disclosed…

Hackers aligned with Chinese interests are targeting Android users with fake encrypted chat apps Trojanized with espionage capabilities in separate and ongoing campaigns, one active since July 2020 and the other for more than 12 months. Researchers at Eset on Wednesday attributed the campaigns to a threat group tracked as Gref, which overlaps with activity…

The cyberespionage operation, tagged with the moniker Flax Typhoon, hacks into organizations by exploiting known vulnerabilities in public-facing servers and then using legitimate tools built into the Windows operating system and otherwise benign software to quietly remain in these networks. “Because this activity relies on valid accounts and living-off-the-land binaries (LOLBins), detecting and mitigating this…

An apparently innocuous cloud hosting provider may be fronting for an Iran-based company that provides command-and-control services to ransomware attackers, according to a report published this week by security consultant and anti-ransomware vendor Halcyon. Cloudzy, the report said, is primarily a virtual private server provider, which accepts cryptocurrency as payment for its services. Halcyon said…

Teams running the Zimbra Collaboration Suite version 8.8.15 are urged to apply a manual fix against a recently discovered zero-day vulnerability that’s being actively exploited in the wild. The Zimbra cloud suite offers email, calendar functions, and other enterprise collaboration tools. The vulnerability compromises the security of data on Zimbra servers, the company said in…

The Iran-linked threat group known as APT35 (aka Charming Kitten, Imperial Kitten, or Tortoiseshell) has updated its cyberattack arsenal with improved abilities to hide its actions, as well as an upgraded custom backdoor that it’s distributing via a spear-phishing campaign. The advanced persistent threat (APT) has been alleged to be operating out of Iran and…