/vx/APTs/2023/

309 directories 0 files
List Grid
Name
Size Modified
Up
2023.01.03 - Poland warns of attacks by Russia-linked Ghostwriter hacking group/
2023.01.05 - BlindEagle Targeting Ecuador With Sharpened Tools/
2023.01.05 - Bluebottle Campaign Hits Banks in French-speaking Countries in Africa/
2023.01.05 - The Cyber Threat from Pyongyang/
2023.01.05 - Turla A Galaxy of Opportunity/
2023.01.06 - Exclusive Russian hackers targeted US nuclear scientists/
2023.01.06 - Nisos Research Coldriver/
2023.01.07 - STISC - BEWARE - the wave of scam and phishing cyberattacks continues/
2023.01.10 - Be vigilant The modified CIA attack kit Hive enters the field of black and gray production/
2023.01.10 - StrongPity espionage campaign targeting Android users/
2023.01.11 - Dark Pink/
2023.01.17 - Earth Bogle - Campaigns Target the Middle East with Geopolitical Lures/
2023.01.17 - Kasablanka Group Probably Conducted Compaigns Targeting Russia/
2023.01.18 - Chinese Playful Taurus Activity in Iran/
2023.01.18 - Qihoo 360 - APT Annual Research Report/
2023.01.19 - Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd/
2023.01.19 - Following the LNK metadata trail/
2023.01.19 - Gamaredon Abuses Telegram to Target Ukrainian Organizations/
2023.01.24 - DragonSpark Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation/
2023.01.26 - SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest/
2023.01.27 - CERT GOV UA - Cyber attack on the Ukrinform information and communication system/
2023.01.27 - ESET - SwiftSlicer/
2023.01.31 - Dalbit m00nlight Chinese hacker groups APT attack campaign/
2023.02.01 - Operation Ice Breaker Targets The Gambling Industry Right Before Its Biggest Gathering/
2023.02.01 - UAC-0114 aka Winter Vivern to target Ukrainian and Polish GOV/
2023.02.02 - Mustang Panda APT Group Uses European Commission-Themed Lure to Deliver PlugX Malware/
2023.02.02 - New APT34 Malware Targets The Middle East/
2023.02.02 - No Pineapple! - DPRK Targeting of Medical Research and Technology Sector/
2023.02.02 - Update to the REF2924 intrusion set and related campaigns/
2023.02.06 - CERT GOV UA-5926/
2023.02.08 - Graphiron New Russian Information Stealing Malware Deployed Against Ukraine/
2023.02.09 - NewsPenguin a Previously Unknown Threat Actor Targets Pakistan with Advanced Espionage Tool/
2023.02.09 - Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities/
2023.02.10 - Uncle Sow - Dark Caracal in Latin America/
2023.02.13 - Nice Try Tonto Team/
2023.02.14 - Hangeul HWP malware using steganography RedEyes ScarCruft/
2023.02.15 - Distributed Malware Exploiting Vulnerable Innorix Andariel/
2023.02.15 - Sustained activity by specific threat actors/
2023.02.16 - Frebniis New Malware Abuses Microsoft IIS Feature to Establish Backdoor/
2023.02.16 - Invitation to a Secret Event Uncovering Earth Yakos Campaigns/
2023.02.17 - Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack/
2023.02.22 - Hydrochasma Previously Unknown Group Targets Medical and Shipping Organizations in Asia/
2023.02.23 - Anti-Forensic Techniques Used By Lazarus Group/
2023.02.23 - WinorDLL64 A backdoor from the vast Lazarus arsenal/
2023.02.24 - A year of wiper attacks in Ukraine/
2023.02.24 - Investigating the PlugX Trojan Disguised as a Legitimate Windows Debugger Tool/
2023.02.27 - Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombias Judiciary Financial Public and Law Enforcement Entities/
2023.02.28 - Blackfly Espionage Group Targets Materials Technology/
2023.03.01 - BlackLotus UEFI bootkit Myth confirmed/
2023.03.01 - Iron Tigers SysUpdate Reappears Adds Linux Targeting/
2023.03.02 - MQsTTang Mustang Pandas latest backdoor treads new ground with Qt and MQTT/
2023.03.07 - Pandas with a Soul Chinese Espionage Attacks Against Southeast Asian Government Entities/
2023.03.08 - Suspected Chinese Campaign to Persist on SonicWall Devices, Highlights Importance of Monitoring Edge Devices/
2023.03.09 - A border-hopping PlugX USB worm takes its act on the road/
2023.03.09 - PlugX Malware Being Distributed via Vulnerability Exploitation/
2023.03.09 - Stealing the LIGHTSHOW Part One North Koreas UNC2970/
2023.03.10 - Dark Pink APT Group Strikes Government Entities in South Asian Countries/
2023.03.13 - CHM Malware Disguised as North Korea-related Questionnaire Kimsuky/
2023.03.14 - NOBELIUM Uses Polands Ambassadors Visit to the US to Target EU Governments Assisting Ukraine/
2023.03.14 - Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency/
2023.03.16 - Peeking at Reaper's surveillance operations/
2023.03.20 - Korean Security Advisory/
2023.03.21 - Bad magic new APT found in the area of Russo-Ukrainian conflict/
2023.03.21 - Notorious SideCopy APT group sets sights on Indias DRDO/
2023.03.21 - The Unintentional Leak - A glimpse into the attack vectors of APT37/
2023.03.23 - Operation Tainted Love Chinese APTs Target Telcos in New Attacks/
2023.03.23 - Pack it Secretly - Earth Preta’s Updated Stealthy Strategies/
2023.03.23 - UNC961 in the Multiverse of Mandiant Three Encounters with a Financially Motivated Threat Actor/
2023.03.24 - APT attacks on industrial organizations in H2 2022/
2023.03.24 - Phishing Campaign Targets Chinese Nuclear Energy Industry/
2023.03.28 - APT43 - North Korean Group Uses Cybercrime to Fund Espionage Operations/
2023.03.28 - Mélofée a new alien malware in the Pandas toolset targeting Linux hosts/
2023.03.29 - CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers/
2023.03.29 - Ironing out (the macOS details) of a Smooth Operator/
2023.03.29 - SmoothOperator Ongoing Campaign Trojanizes 3CXDesktopApp in Supply Chain Attack/
2023.03.30 - Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan/
2023.03.30 - Exploitation is a Dish Best Served Cold Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe/
2023.03.30 - SEKOIAIO analysis of the VulkanFiles leak/
2023.03.30 - The Vulkan Files A Look Inside Putins Secret Plans for Cyber-Warfare/
2023.03.30 - With KEYPLUG, China’s RedGolf Spies On, Steals From Wide Field of Targets/
2023.03.30 -New TACTICALOCTOPUS Attack Campaign Targets US Entities with Malware Bundled in Tax-Themed Documents/
2023.03.30- 3CX Supply Chain Compromise Leads to ICONIC Incident/
2023.04.04 - Not just an infostealer Gopuram backdoor deployed through 3CX supply chain attack/
2023.04.05 - How were protecting users from government-backed attacks from North Korea/
2023.04.07 - MERCURY and DEV-1084 Destructive attack on hybrid environment/
2023.04.11 - APT-C-28 (Scarcruft)/
2023.04.12 - Following the Lazarus group by tracking DeathNote campaign/
2023.04.13 - Espionage campaign linked to Russian intelligence services/
2023.04.13 - Transparent Tribe APT36 Pakistan-Aligned Threat Actor Expands Interest in Indian Education Sector/
2023.04.17 - Additional Activities of the Tick Group That Attacks with a Modified Q-Dir and Their Ties with Operation Triple Tiang/
2023.04.17 - April 2023 Threat Horizons Report/
2023.04.17 - Cyber Espionage in India Decoding APT-36s New Linux Malware Campaign/
2023.04.17 - Exposed Web Panel Reveals Gamaredon Groups Automated Spear Phishing Campaigns/
2023.04.17 - The Bitter Group Targets Chinese Agencies with CHM Malware via Email Attachments/
2023.04.18 - APT28 Advisory/
2023.04.18 - Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets/
2023.04.18 - SimpleHarm Tracking MuddyWaters infrastructure/
2023.04.19 - AllaKored the SideCopy Train/
2023.04.20 - Advanced Threat Tracking APT Patchwork organization update technology makes a comeback launching anot/
2023.04.20 - APT43 - An investigation into the North Korean group’s cybercrime operations/
2023.04.20 - Daggerfly APT Actor Targets Telecoms Company in Africa/
2023.04.20 - Linux malware strengthens links between Lazarus and the 3CX supplychain attack/
2023.04.20 - UCID902 - Uncovering nation state watering hole credential harvesting campaigns/
2023.04.20 - Xiaoqiying Genesis Day Threat Actor Group Targets South Korea, Taiwan/
2023.04.21 - BlueNoroff APT group targets macOS with RustBucket Malware/
2023.04.21 - X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in US and Europe/
2023.04.24 - Tomiris called they want their Turla malware back/
2023.04.25 - Educated Manticore Iran Aligned Threat Actor Targeting Israel via Improved Arsenal of Tools/
2023.04.26 - Chinese Alloy Taurus Updates PingPull Malware/
2023.04.26 - Evasive Panda APT group delivers malware via updates for popular Chinese software/
2023.04.26 - RokRAT Malware Distributed Through LNK Files lnk RedEyes ScarCruft/
2023.04.26 - Tonto Team Using Anti-Malware Related Files for DLL Side-Loading/
2023.04.26 - Unpacking BellaCiao A Closer Look at Irans Latest Malware/
2023.04.27 - Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities - BouldSpy/
2023.04.27 - Nomadic Octopus Paperbug Campaign/
2023.05.01 - Chain Reaction ROKRATs Missing Link/
2023.05.02 - Attack on Security Titans Earth Longzhi Returns With New Tricks/
2023.05.03 - A doubled Dragon Breath adds new air to DLL sideloading attacks/
2023.05.04 - Clean Rooms Nuclear Missiles and SideCopy Oh My/
2023.05.08 - SideWinder Uses Server-side Polymorphism to Attack Pakistan Government Officials and Is Now Targeting Turkey/
2023.05.10 - Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020/
2023.05.12 - Attack Trends Related to DangerousPassword/
2023.05.12 - The Five Bears Russias Offensive Cyber Capabilities/
2023.05.12 - The Illustrious Graduates of Wuhan Kerui/
2023.05.13 - All roads lead back to Wuhan Xiaoruizhi Science and Technology Company/
2023.05.15 - Lancefly Group Uses Custom Backdoor to Target Orgs in Government Aviation Other Sectors/
2023.05.16 - Introducing Cheng Feng/
2023.05.17 - MiSSing links/
2023.05.17 - The distinctive rattle of APT SideWinder/
2023.05.19 - CloudWizard APT the bad magic story goes on/
2023.05.22 - Bluenoroffs RustBucket campaign/
2023.05.22 - WINTAPIX A New Kernel Driver Targeting Countries in The Middle East/
2023.05.23 - Kimsuky Ongoing Campaign Using Tailored Reconnaissance Toolkit/
2023.05.23 - Meet the GoldenJackal APT group Dont expect any howls/
2023.05.25 - COSMICENERGY New OT Malware Possibly Related To Russian Emergency Response Exercises/
2023.05.31 - Dark Pink Episode 2/
2023.06.01 - Malware Spotlight Camaro Dragons TinyNote Backdoor/
2023.06.01 - Operation Triangulation iOS devices targeted with previously unknown malware/
2023.06.01 - SharpPanda APT Campaign Expands its Arsenal Targeting G20 Nations/
2023.06.02 - Chinese Threat Actor Used Modified Cobalt Strike Variant to Attack Taiwanese Critical Infrastructure/
2023.06.05 - Operation Clairvoyance - How APT Groups Spy on the Media Industry/
2023.06.06 - Kimsuky Strikes Again New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic/
2023.06.07 - RomCom Resurfaces Targeting Politicians in Ukraine and US-Based Healthcare Providing Aid to Refugees/
2023.06.08 - Asylum Ambuscade crimeware or cyberespionage/
2023.06.08 - Stealth Soldier used in Targeted Espionage Attacks in North Africa/
2023.06.13 - VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compro/
2023.06.14 - Cadet Blizzard emerges as a novel and distinct Russian threat actor/
2023.06.15 - Barracuda ESG Zero-Day Vulnerability CVE-2023-2868 Exploited Globally/
2023.06.15 - Lazarus Threat Group Exploiting Vulnerability of Korean Finance Security Solution/
2023.06.15 - Shuckworm Inside Russias Relentless Cyber Campaign Against Ukraine/
2023.06.20 - BlueDelta Exploits Ukrainian Government Roundcube Mail Servers to Support Espionage Activities/
2023.06.21 - Dissecting TriangleDB a Triangulation spyware implant/
2023.06.21 - Graphican Flea Uses New Backdoor in Attacks Targeting Foreign Ministries/
2023.06.23 - Why is it so rare to hear about Western cyber-attacks/
2023.06.28 - Andariels silly mistakes and a new malware family/
2023.06.28 - Charming Kitten Updates POWERSTAR with an InterPlanetary Twist/
2023.06.29 - PhonyC2 Revealing a New Malicious Command Control Framework by MuddyWater/
2023.06.29 - The DPRK strikes using a new variant of RUSTBUCKET/
2023.07.03 - Chinese Threat Actors Targeting Europe in SmugX Campaign/
2023.07.04 - Vulkan - Unveiled Tools of The Trade/
2023.07.04 - Wuhan Xiaoruizhi Class of 19 - APT31/
2023.07.08 - RomCom Threat Actor Suspected of Targeting Ukraines NATO Membership Talks at the NATO Summit/
2023.07.11 - The Spies Who Loved You - Infected USB Drives to Steal Secrets/
2023.07.12 - Diplomats Beware - Cloaked Ursa Phishing With a Twist/
2023.07.12 - The GRUs Disruptive Playbook/
2023.07.13 - APT Exploit Targeting Rockwell Automation Flaws Threatens Critical Infrastructure/
2023.07.13 - Malicious campaigns target government, military and civilian entities in Ukraine, Poland/
2023.07.13 - Possible Supply-Chain Attack Targeting Pakistani Government Delivers Shadowpad/
2023.07.18 - Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection/
2023.07.18 - Targeted Turla attacks (UAC-0024, UAC-0003) using CAPIBAR and KAZUAR malware/
2023.07.19 - Lookout Attributes Advanced Android Surveillanceware to Chinese Espionage Group APT41/
2023.07.20 - JumpCloud Intrusion Attacker Infrastructure Links Compromise to North Korean APT Activity/
2023.07.21 - Exploitation of Citrix Zero-Day by Possible Espionage Actors (CVE-2023-3519)/
2023.07.24 - North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack/
2023.07.25 - Decoding RomCom: Behaviors and Opportunities for Detection/
2023.07.26 - PatchWork’s new assault Weapons report — EyeShell Weapons Disclosure/
2023.07.27 - Bitter’s new assault weapon analysis - ORPCBackdoor weapon/
2023.07.28 - APT Bahamut Targets Individuals with Android Malware Using Spear Messaging/
2023.07.28 - Detecting Ongoing STARK#MULE Attack Campaign Targeting Victims Using US Military Document Lures/
2023.07.28 - Detecting Ongoing STARKMULE Attack Campaign Targeting Victims Using US Military Document Lures/
2023.08.02 - BlueCharlie, Previously Tracked as TAG-53, Continues to Deploy New Infrastructure in 2023/
2023.08.07 - Comrades in Arms - North Korea Compromises Sanctioned Russian Missile Engineering Company/
2023.08.08 - CISA Malware Analysis Report - Barracuda ESG Seaspy and Whirlpool/
2023.08.08 - RedHotel - A Prolific, Chinese State-Sponsored Group Operating at a Global Scale/
2023.08.10 - German Embassy Lure - Likely Part of Campaign Against NATO Aligned Ministries of Foreign Affairs/
2023.08.10 - Iranian cyber spies are targeting dissidents in Germany, warns intelligence service/
2023.08.10 - MoustachedBouncer - Espionage against foreign diplomats in Belarus/
2023.08.12 - Sophisticated, Highly-Targeted Attacks Continue to Plague npm/
2023.08.16 - APT-K-47 “Mysterious Elephant”, a new APT organization in South Asia/
2023.08.17 - Cuba Ransomware Deploys New Tools - Targets Critical Infrastructure Sector in the U.S. and IT Integrator in Latin America/
2023.08.22 - Analysis of APT Attack Cases Targeting Web Services of Korean Corporations/
2023.08.22 - Carderbee APT Group use Legit Software in Supply Chain Attack Targeting Orgs in Hong Kong/
2023.08.22 - GroundPeony Crawling with Malice/
2023.08.24 - Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT/
2023.08.25 - Suspected APT37 New Attack Weapon Fakecheck Analysis Report/
2023.08.30 - Empire Dragon Accelerates Covert Information Operations, Converges with Russian Narratives/
2023.08.31 - Analysis of Andariels New Attack Activities/
2023.09.04 - APT28 uses msedge as a bootloader, TOR and mockbin websitehook services as a control center (CERT-UA#7469)/
2023.09.04 - APT28 uses msedge as a bootloader, TOR and mockbin websitehook services as a control center (CERT-UA7469)/
2023.09.07 - From Russia with a 71 - Uncovering Gamaredons fast flux infrastructure/
2023.09.08 - RedEyes (ScarCruft) CHM Malware Using the Topic of Fukushima Wastewater Release/
2023.09.11 - BlueShell Used in APT Attacks Against Korean and Thai Targets/
2023.09.12 - Redfly Espionage Actors Continue to Target Critical Infrastructure/
2023.09.14 - Operation Rusty Flag – A Malicious Campaign Against Azerbaijanian Targets/
2023.09.15 - Threat Group Assessment - Turla/
2023.09.18 - Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement/
2023.09.19 - Multi-year Chinese APT Campaign Targets South Korean Academic, Government, and Political Entities/
2023.09.19 - New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants/
2023.09.21 - Backchannel Diplomacy - APT29s Rapidly Evolving Diplomatic Phishing Operations/
2023.09.21 - OilRigs Outer Space and Juicy Mix: Same ol rig, new drill pipes/
2023.09.21 - Sandman APT - A Mystery Group Targeting Telcos with a LuaJIT Toolkit/
2023.09.22 - Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions/
2023.09.22 - Cyberespionage Attacks Against Southeast Asian Government Linked to Stately Taurus, Aka Mustang Panda/
2023.09.22 - EvilBamboo Targets Mobile Devices in Multi-year Campaign/
2023.09.22 - Persistent Attempts at Cyberespionage Against Southeast Asian Government Target Have Links to Alloy Taurus/
2023.09.22 - Rare Backdoors Suspected to be Tied to Gelsemium APT Found in Targeted Attack in Southeast Asian Government/
2023.09.22 - Stealth Falcon preying over Middle Eastern skies with Deadglyph/
2023.09.22 - Unit 42 Researchers Discover Multiple Espionage Operations Targeting Southeast Asian Government/
2023.09.25 - APT and financial attacks on industrial organizations in H1 2023/
2023.09.25 - New STARK#VORTEX Attack Campaign - Threat Actors Use Drone Manual Lures to Deliver MerlinAgent Payloads/
2023.09.25 - New STARKVORTEX Attack Campaign - Threat Actors Use Drone Manual Lures to Deliver MerlinAgent Payloads/
2023.09.25 - Newly Discovered APT Attacker AtlasCross Exploits Red Cross Blood Drive Phishing for Cyberattack/
2023.09.25 - SSSCIP RUSSIA'S CYBER TACTICS H1'2023/
2023.09.28 - Budworm - APT Group Uses Updated Custom Tool in Attacks on Government and Telecoms Org/
2023.09.29 - APT34 Deploys Phishing Attack With New Malware/
2023.09.29 - Lazarus luring employees with trojanized coding challenges - The case of a Spanish aerospace company/
2023.10.02 - LightSpy mAPT Mobile Payment System Attack/
2023.10.04 - Introducing the REF5961 intrusion set/
2023.10.04 - Operation King Tut – The universe of threats in LATAM/
2023.10.10 - Assessed Cyber Structure and Alignments of North Korea in 2023/
2023.10.10 - Grayling - Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan/
2023.10.11 - Stayin Alive – Targeted Attacks Against Telecoms and Government Ministries in Asia/
2023.10.12 - CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations/
2023.10.12 - ToddyCat - Keep calm and check logs/
2023.10.13 - Analysis Report on Lazarus Threat Groups Volgmer and Scout Malware/
2023.10.13 - Analysis Report on Lazarus Threat Group’s Volgmer and Scout Malwares/
2023.10.13 - APT Group DarkPink Exploits WinRAR 0-Day to Target Multiple Entities in Vietnam and Malaysia/
2023.10.13 - Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant/
2023.10.14 - Disclosing the BLOODALCHEMY backdoor/
2023.10.15 - Features of destructive Sandworm cyber attacks in relation to Ukrainian providers (CERT-UA-7627)/
2023.10.17 - APT trends report Q3 2023/
2023.10.18 - Updated MATA attacks industrial companies in Eastern Europe/
2023.10.23 - The outstanding stealth of Operation Triangulation/
2023.10.24 - The Israel-Hamas War - Cyber Domain State-Sponsored Activity of Interest/
2023.10.25 - Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan/
2023.10.25 - Winter Vivern exploits zero-day vulnerability in Roundcube Webmail servers/
2023.10.26 - AridViper, an intrusion set allegedly associated with Hamas/
2023.10.27 - A cascade of compromise - unveiling Lazarus new campaign/
2023.10.30 - FastViewer Variant Merged with FastSpy and disguised as a Legitimate Mobile Application/
2023.10.31 - Analysis of activities of suspected APT-C-36 (Blind Eagle) organization launching Amadey botnet Trojan (CN)/
2023.10.31 - Arid Viper disguising mobile spyware as updates for non-malicious Android applications/
2023.10.31 - From Albania to the Middle East - The Scarred Manticore is Listening/
2023.10.31 - Over the Kazuars Nest - Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)/
2023.11.01 - MuddyWater eN-Able spear-phishing with new TTPs/
2023.11.06 - Agonizing Serpens (Aka Agrius) Targeting the Israeli Higher Education and Tech Sectors/
2023.11.06 - Arid Viper - APTs Nest of SpyC23 Malware Continues to Target Android Devices/
2023.11.06 - BlueNoroff strikes again with new macOS malware/
2023.11.06 - SideCopys Multi-platform Onslaught - Leveraging WinRAR Zero-Day and Linux Variant of Ares RAT/
2023.11.07 - Chinese APT Targeting Cambodian Government/
2023.11.08 - MuddyC2Go - Latest C2 Framework Used by Iranian APT MuddyWater Spotted in Israel/
2023.11.09 - IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations/
2023.11.09 - Modern Asian APT groups tactics, techniques and procedures/
2023.11.10 - The New APT Group DarkCasino and the Global Surge in WinRAR 0-Day Exploits/
2023.11.12 - ELECTRUM Targeted Ukrainian Electric Entity Using Custom Tools and CaddyWiper Malware (Oct 22)/
2023.11.13 - The attack against Danish critical infrastructure/
2023.11.14 - APT29 attacks Embassies using CVE-2023-38831/
2023.11.14 - TA402 Uses Complex IronWind Infection Chains to Target Middle East-Based Government Entities/
2023.11.16 - Elephant Hunting - Inside an Indian Hack-For-Hire Group/
2023.11.16 - Zimbra 0-day used to target international government organizations/
2023.11.17 - Into the Trash - Analyzing LitterDrifter/
2023.11.17 - Stately Taurus Targets the Philippines As Tensions Flare in the South Pacific/
2023.11.21 - Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors/
2023.11.22 - Diamond Sleet supply chain compromise distributes a modified CyberLink installer/
2023.11.22 - HrServ - Previously unknown web shell used in APT attack/
2023.11.23 - Cyber spies from XDSpy attack Russian metallurgists and military-industrial complex enterprises/
2023.11.23 - Defence Intelligence of Ukraine conducted a cyber operation against Rosaviatsia/
2023.11.23 - Israel-Hamas War Spotlight - Shaking the Rust Off SysJoker/
2023.11.27 - DPRK Crypto Theft - macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads/
2023.11.27 - DPRK state-linked cyber actors conduct software supply chain attacks/
2023.11.27 - WildCard - The APT Behind SysJoker Targets Critical Sectors in Israel/
2023.11.30 - Analysis of OceanLotus APT organization's imitating APT29 attack activities/
2023.11.30 - Hellhounds - Operation Lahat/
2023.11.30 - Kimsuky Targets South Korean Research Institutes with Fake Import Declaration/
2023.11.30 - New SugarGh0st RAT targets Uzbekistan government and South Korea/
2023.12.01 - CL-STA-0002 - New Tool Set Found Used Against Organizations in the Middle East, Africa and the US/
2023.12.04 - Detecting malicious activity against Microsoft Exchange servers (APT28)/
2023.12.07 - Fighting Ursa Aka APT28 - Illuminating a Covert Campaign/
2023.12.07 - Star Blizzard increases sophistication and evasion in ongoing attacks/
2023.12.08 - Analysis of attack samples suspected of Lazarus (APT-Q-1) involving npm package supply chain/
2023.12.08 - ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware/
2023.12.08 - Kimsuky Group Uses AutoIt to Create Malware (RftRAT, Amadey)/
2023.12.11 - Operation Blacksmith - Lazarus using novel Telegram-based malware written in DLang/
2023.12.11 - Sandman APT - China-Based Adversaries Embrace Lua/
2023.12.12 - UTG-Q-003 - Supply Chain Poisoning of 7ZIP on the Microsoft App Store/
2023.12.13 - Routers Roasting on an Open Firewall: the KV-botnet Investigation/
2023.12.13 - Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally/
2023.12.13 - TeamCity Intrusion Saga - APT29 Suspected Among the Attackers Exploiting CVE-2023-42793/
2023.12.14 - Gaza Cybergang - Unified Front Targeting Hamas Opposition/
2023.12.14 - OilRigs persistent attacks using cloud service-powered downloaders/
2023.12.19 - Fog of cyber war: spies from Cloud Atlas attack Russian companies under the guise of supporting SVO participants/
2023.12.19 - Seedworm - Iranian Hackers Target Telecoms Orgs in North and East Africa/
2023.12.20 - Nim-based Campaign Using Microsoft Word Docs to Impersonate the Nepali Government/
2023.12.21 - Iranian nation-state actor Peach Sandstorm delivering FalseFont backdoor/
2023.12.21 - Operation RusticWeb targets Indian Govt: From Rust-based malware to Web-service exfiltration/
2023.12.21 - Threat Actor UAC-0099 Continues to Target Ukraine/
2023.12.24 - Barracuda Email Security Gateway Appliance (ESG) Vulnerability CVE-2023-7102/
2023.12.27 - Operation Triangulation: The last (hardware) mystery/
2023.12.28 - APT28 - From initial attack to creating threats to a domain controller in an hour (CERT-UA 8399)/
2023.12.28 - Trend Analysis on Kimsuky Group's Attacks Using AppleSeed/