Latest APT news

Evasive Gelsemium hackers spotted in attack against Asian govt

A stealthy advanced persistent threat (APT) tracked as Gelsemium was observed in attacks targeting a Southeast Asian government that spanned six months between 2022 and 2023.
- Bill Toulas
- September 23, 2023
- 11:09 AM
- 0
Carderbee hacking group hits Hong Kong orgs in supply chain attack

A previously unidentified APT hacking group named 'Carderbee' was observed attacking organizations in Hong Kong and other regions in Asia, using legitimate software to infect targets' computers with the PlugX malware.
- Bill Toulas
- August 22, 2023
- 06:00 AM
- 0
JumpCloud breach traced back to North Korean state hackers

US-based enterprise software company JumpCloud was breached by North Korean Lazarus Group hackers, according to security researchers at SentinelOne, CrowdStrike, and Mandiant.
- Sergiu Gatlan
- July 20, 2023
- 08:25 AM
- 0
JumpCloud discloses breach by state-backed APT hacking group

US-based enterprise software firm JumpCloud says a state-backed hacking group breached its systems almost one month ago as part of a highly targeted attack focused on a limited set of customers.
- Sergiu Gatlan
- July 17, 2023
- 09:20 AM
- 0
Rockwell warns of new APT RCE exploit targeting critical infrastructure

Rockwell Automation says a new remote code execution (RCE) exploit linked to an unnamed Advanced Persistent Threat (APT) group could be used to target unpatched ControlLogix communications modules commonly used in manufacturing, electric, oil and gas, and liquified natural gas industries.
- Sergiu Gatlan
- July 14, 2023
- 02:52 PM
- 0
Dark Pink hackers continue to target govt and military organizations

The Dark Pink APT hacking group continues to be very active in 2023, observed targeting government, military, and education organizations in Indonesia, Brunei, and Vietnam.
- Bill Toulas
- May 31, 2023
- 04:00 AM
- 0
GoldenJackal state hackers silently attacking govts since 2019

A relatively unknown advanced persistent threat (APT) group named 'GoldenJackal' has been targeting government and diplomatic entities in Asia since 2019 for espionage.
- Bill Toulas
- May 23, 2023
- 06:53 PM
- 0
Hackers infect TP-Link router firmware to attack EU entities

A Chinese state-sponsored hacking group named "Camaro Dragon" infects residential TP-Link routers with a custom "Horse Shell" malware used to attack European foreign affairs organizations.
- Bill Toulas
- May 16, 2023
- 12:25 PM
- 5
Stealthy MerDoor malware uncovered after five years of attacks

A new APT hacking group dubbed Lancefly uses a custom 'Merdoor' backdoor malware to target government, aviation, and telecommunication organizations in South and Southeast Asia.
- Bill Toulas
- May 15, 2023
- 01:28 PM
- 0
Hackers start using double DLL sideloading to evade detection

An APT hacking group known as "Dragon Breath," "Golden Eye Dog," or "APT-Q-27" is demonstrating a new trend of using several complex variations of the classic DLL sideloading technique to evade detection.
- Bill Toulas
- May 03, 2023
- 05:21 PM
- 0
Tencent QQ users hacked in mysterious malware attack, says ESET

The Chinese APT hacking group known as 'Evasive Panda' are behind a mysterious attack that distributed the MsgBot malware as part of an automatic update for the Tencent QQ messaging app.
- Bill Toulas
- April 26, 2023
- 02:16 PM
- 0
Newly exposed APT43 hacking group targeting US orgs since 2018

A new North Korean hacking group has been revealed to be targeting government organizations, academics, and think tanks in the United States, Europe, Japan, and South Korea for the past five years.
- Bill Toulas
- March 28, 2023
- 11:00 AM
- 0
'Bitter' espionage hackers target Chinese nuclear energy orgs

A cyberespionage hacking group tracked as 'Bitter APT' was recently seen targeting the Chinese nuclear energy industry using phishing emails to infect devices with malware downloaders.
- Bill Toulas
- March 24, 2023
- 10:47 AM
- 0
Winter Vivern APT hackers use fake antivirus scans to install malware

An advanced hacking group named 'Winter Vivern' targets European government organizations and telecommunication service providers to conduct espionage.
- Bill Toulas
- March 16, 2023
- 06:00 AM
- 0
New malware variant has “radio silence” mode to evade detection

The Sharp Panda cyber-espionage hacking group was observed targeting high-profile government entities in Vietnam, Thailand, and Indonesia, using a new version of the 'Soul' malware framework.
- Bill Toulas
- March 07, 2023
- 05:49 PM
- 2
Chinese hackers use new custom backdoor to evade detection

The Chinese cyber espionage hacking group Mustang Panda was seen deploying a new custom backdoor named 'MQsTTang' in attacks starting this year.
- Bill Toulas
- March 02, 2023
- 03:09 PM
- 0
Iron Tiger hackers create Linux version of their custom malware

The APT27 hacking group, aka "Iron Tiger," has prepared a new Linux version of its SysUpdate custom remote access malware, allowing the Chinese cyberespionage group to target more services used in the enterprise.
- Bill Toulas
- March 01, 2023
- 01:44 PM
- 0
North Korean hackers stole research data in two-month-long breach

A new cyber espionage campaign dubbed 'No Pineapple!' has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal 100GB of data from the victim without causing any destruction.
- Bill Toulas
- February 02, 2023
- 12:56 PM
- 0
Scattered Spider hackers use old Intel driver to bypass security

A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a BYOVD (Bring Your Own Vulnerable Driver) attack to evade detection from EDR (Endpoint Detection and Response) security products.
- Bill Toulas
- January 11, 2023
- 04:55 PM
- 6
New Dark Pink APT group targets govt and military with custom malware

Attacks targeting government agencies and military bodies in multiple countries in the APAC region have been attributed to what appears to be a new advanced threat actor that leverages custom malware to steal confidential information.
- Bill Toulas
- January 11, 2023
- 02:00 AM
- 0