Security researchers have warned about a new cyberespionage campaign that targets artificial intelligence experts working in private industry, government and academia. The attackers, likely of Chinese origin, are using a remote access trojan (RAT) called SugarGh0st. “The timing of the recent campaign coincides with an 8 May 2024 report from Reuters, revealing that the US…

A note from Redmond linked the ongoing attacks to an APT group tracked as Storm-0062 and warned that malicious activity dates back to September 14, a full three weeks before Atlassian’s public disclosure of the issue. “Microsoft has observed nation-state threat actor Storm-0062 exploiting CVE-2023-22515 in the wild since September 14, 2023. CVE-2023-22515 was disclosed…

Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. The campaign, codenamed STARK#VORTEX by Securonix, targets Ukrainian military entities and CERT-UA attributed it to a threat actor tracked as UAC-0154. The MerlinAgent is an open-source C2 toolkit written in Go, it…

The cyberespionage operation, tagged with the moniker Flax Typhoon, hacks into organizations by exploiting known vulnerabilities in public-facing servers and then using legitimate tools built into the Windows operating system and otherwise benign software to quietly remain in these networks. “Because this activity relies on valid accounts and living-off-the-land binaries (LOLBins), detecting and mitigating this…

In the first quarter of 2023, SentinelLabs researchers spotted the initial phases of attacks against telecommunication providers in the Middle East. According to the researchers, the activity is part of the Operation Soft Cell that was first reported in June 2019 by Cybereason. At the time, researchers at Cybereason uncovered the long-running espionage campaign tracked…

Active since at least 2007 and also tracked as APT41, Barium, Blackfly, Double Dragon, Wicked Panda, and Wicked Spider, the Winnti Group is believed to be formed of multiple subgroups engaging in both cyberespionage and financially motivated operations. As part of a campaign ongoing since early August, the threat actor has been deploying various payloads…

Also referred to as APT27, Bronze Union, Emissary Panda, Lucky Mouse, and TG-3390 (Threat Group 3390), Iron Tiger has been active since at least 2010, targeting hundreds of organizations worldwide for cyberespionage purposes. As part of recent attacks, the advanced persistent threat (APT) group abused the compromised servers of MiMi – an instant messaging application…

The Biden administration said the requirements made public Thursday are part of a broader effort at protecting the nation’s critical infrastructure from ongoing cyberespionage and a surge in disruptive ransomware attacks. “These new cybersecurity requirements and recommendations will help keep the traveling public safe,” Homeland Security Secretary Alejandro Mayorkas said in a statement. He had…