/vx/APTs/2024/

199 directories 0 files
List Grid
Name
Size Modified
Up
2024.01.05 - Turkish espionage campaigns in the Netherlands/
2024.01.10 - Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN/
2024.01.11 - Clearing the Fog of War – A critical analysis of recent energy sector cyberattacks in Denmark and Ukraine/
2024.01.11 - Volt Typhoon Compromises 30 percent of Cisco RV320 and 325 Devices in 37 Days/
2024.01.12 - Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation/
2024.01.15 - Ivanti Connect Secure VPN Exploitation Goes Global/
2024.01.17 - New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs/
2024.01.18 - Ivanti Connect Secure VPN Exploitation: New Observations/
2024.01.18 - Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware/
2024.01.19 - Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021/
2024.01.19 - Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard/
2024.01.22 - ScarCruft - Attackers Gather Strategic Intelligence and Target Cybersecurity Professionals/
2024.01.29 - Analysis of FalseFont Backdoor used by Peach-Sandstorm Threat Actor/
2024.01.29 - Blackwood APT Group Has a New DLL Loader/
2024.01.29 - Compromised routers are still leveraged as malicious infrastructure to target government organizations in Europe and Caucasus/
2024.01.29 - KrustyLoader - Rust malware linked to Ivanti ConnectSecure compromises/
2024.01.30 - The Bear and The Shell: New Campaign Against Russian Opposition/
2024.01.31 - Cutting Edge, Part 2: Investigating Ivanti Connect Secure VPN Zero-Day Exploitation/
2024.02.01 - Qianxin 2023 APT Report/
2024.02.01 - VajraSpy: A Patchwork of espionage apps/
2024.02.05 - Annual Threat Assessment of the US Intelligence Community 2024/
2024.02.06 - BSI - Active APT groups in Germany/
2024.02.06 - German Federal Office for Information Security - Active APT groups in Germany/
2024.02.06 - Iran accelerates cyber ops against Israel from chaotic start/
2024.02.07 - Iran surges cyber-enabled influence operations in support of Hamas/
2024.02.07 - PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure/
2024.02.08 - New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization/
2024.02.09 - Ministry of Defence of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT/
2024.02.09 - SugarGh0st RAT attacks Kazakhstan – State Technical Service/
2024.02.12 - China’s Cyber Revenge - Why the PRC Fails to Back Its Claims of Western Espionage/
2024.02.13 - CharmingCypress - Innovating Persistence/
2024.02.14 - CVE-2024-21412 -Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day/
2024.02.14 - Hamas-linked SameCoin campaign malware analysis/
2024.02.14 - Staying ahead of threat actors in the age of AI/
2024.02.15 - Lithuania National Threat Assessment 2024/
2024.02.15 - TinyTurla Next Generation - Turla APT spies on Polish NGOs/
2024.02.16 - Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign/
2024.02.18 - I-S00N GitHub leaks/
2024.02.19 - BfV and NIS warning of North Korean cyber threats targeting the Defense Sector/
2024.02.19 - Pelmeni Wrapper - New Wrapper of Kazuar (Turla Backdoor)/
2024.02.19 - VOLTZITE Espionage Operations Targeting U.S. Critical Systems/
2024.02.20 - Earth Preta Campaign Uses DOPLUGS to Target Asia/
2024.02.21 - Operation Texonto - Information operation targeting Ukrainian speakers in the context of the war/
2024.02.22 - Doppelgänger - Russia-Aligned Influence Operation Targets Germany/
2024.02.22 - Lessons from the iSOON Leaks/
2024.02.22 - New Leak Shows Business Side of China’s APT Menace/
2024.02.22 - To Russia With Love - Assessing a KONNI-Backdoored Suspected Russian Consular Software Installer/
2024.02.23 - Data From Chinese Security Services Company i-Soon Linked to Previous Chinese APT Campaigns/
2024.02.23 - SVR cyber actors adapt tactics for initial cloud access/
2024.02.23 - TrollAgent That Infects Systems Upon Security Program Installation Process (Kimsuky Group)/
2024.02.26 - Earth Lusca Uses Geopolitical Lure to Target Taiwan Before Elections/
2024.02.27 - European diplomats targeted by SPIKEDWINE with WINELOADER/
2024.02.27 - Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations/
2024.02.27 - When Cats Fly - Suspected Iranian Threat Actor UNC1549 Targets Israeli and Middle East Aerospace and Defense Sectors/
2024.02.28 - GTPDOOR - A novel backdoor tailored for covert access over the roaming exchange/
2024.02.28 - New Malicious PyPI Packages used by Lazarus/
2024.03.01 - APT37's ROKRAT HWP Object Linking and Embedding/
2024.03.04 - NIS Press Release - cyber attacks targeting domestic semiconductor equipment companies/
2024.03.05 - TODDLERSHARK - ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant/
2024.03.07 - Evasive Panda leverages Monlam Festival to target Tibetans/
2024.03.08 - Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard/
2024.03.20 - Blind Eagle's North American Journey/
2024.03.20 - Review of the Summer 2023 Microsoft Exchange Online Intrusion/
2024.03.21 - AcidPour - New Embedded Wiper Variant of AcidRain Appears in Ukraine/
2024.03.21 - Analysis of New DEEP#GOSU Attack Campaign Likely Associated with North Korean Kimsuky Targeting Victims with Stealthy Malware/
2024.03.21 - China-linked Threats to Operational Technology/
2024.03.21 - New details on TinyTurla’s post-compromise activity reveal full kill chain/
2024.03.21 - TA450 (MuddyWater) uses embedded links in PDF attachments in latest campaign/
2024.03.22 - APT29 Uses WINELOADER to Target German Political Parties/
2024.03.24 - DinodasRAT Linux implant targeting entities worldwide/
2024.03.25 - Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians/
2024.03.25 - Treasury Sanctions China-Linked Hackers for Targeting U.S. Critical Infrastructure/
2024.03.25 - UK holds China state-affiliated organisations and individuals (APT31) responsible for malicious cyber activity/
2024.03.26 - Investigation into hacking of Finnish Parliament's information systems has been ongoing/
2024.03.26 - Malware Disguised as Installer from Korean Public Institution (Kimsuky Group)/
2024.03.26 - New Zealand accuses China of hacking parliament, condemns activity/
2024.03.28 - BITTER APT Targets Chinese Government Agency/
2024.03.29 - New MuddyWater Campaigns After Operation Swords of Iron/
2024.03.31 - Malware Spotlight - Linodas aka DinodasRAT for Linux/
2024.04.02 - APT and financial attacks on industrial organizations in H2 2023/
2024.04.02 - Earth Freybug Uses UNAPIMON for Unhooking Critical APIs/
2024.04.10 - eXotic Visit campaign - Tracing the footprints of Virtual Invaders/
2024.04.10 - Turla APT Targets Albania With Backdooor in Ongoing Campaign to Breach European Organizations/
2024.04.11 - Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear/
2024.04.11 - LightSpy Returns - Renewed Espionage Campaign Targets Southern Asia, Possibly India/
2024.04.12 - Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400/
2024.04.12 - XZ backdoor story - Initial analysis/
2024.04.12 - Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)/
2024.04.15 - Volt Typhoon false narrative a collusion among US politicians, intelligence community and companies to cheat funding, defame China/
2024.04.16 - Analysis of the APT31 indictment/
2024.04.18 - Annual report MIVD 2023/
2024.04.18 - DuneQuixote campaign targets Middle Eastern entities with CR4T malware/
2024.04.19 - UAC-0133 (Sandworm) plans for cyber sabotage on almost 20 objects of critical infrastructure of Ukraine/
2024.04.20 - APT44 - Unearthing Sandworm/
2024.04.22 - Analyzing Forest Blizzard's custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials/
2024.04.22 - MuddyWater campaign abusing Atera Agents/
2024.04.22 - ToddyCat is making holes in your infrastructure/
2024.04.24 - ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices/
2024.04.24 - Assessing the Y, and How, of the XZ Utils incident/
2024.04.24 - Pakistani APTs Escalate Attacks on Indian Government/
2024.04.25 - LightSpy Malware Variant Targeting macOS/
2024.04.29 - A Cunning Operator - Muddling Meerkat and China's Great Firewall/
2024.05.01 - Analysis of ArcaneDoor Threat Infrastructure Suggests Potential Ties to Chinese-based Actor/
2024.05.01 - Router Roulette - Cybercriminals and Nation-States Sharing Compromised Networks/
2024.05.02 - North Korean Actors Exploit Weak DMARC Security Policies to Mask Spearphishing Efforts/
2024.05.03 - Expanding APT42 Intelligence/
2024.05.03 - German Government - Attribution of a Russian cyber campaign/
2024.05.03 - SSSCIP Russian Cyber Operations H2 2023/
2024.05.03 - Statement by the North Atlantic Council concerning malicious cyber activities against Germany and Czechia/
2024.05.03 - Statement of the MFA on the Cyberattacks Carried by Russian Actor APT28 on Czechia/
2024.05.04 - Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign/
2024.05.06 - Six Australian MPs Confirm They were Targeted by China's APT31 Hackers/
2024.05.07 - LNK File Disguised as Certificate Distributing RokRAT Malware/
2024.05.08 - APT28 campaign targeting Polish government institutions/
2024.05.08 - Iran-Aligned Emerald Divide Influence Campaign Evolves to Exploit Israel-Hamas Conflict/
2024.05.09 - Kaspersky Securelist APT trends report Q1 2024/
2024.05.10 - Recruitment Trap for Blockchain Practitioners - Analysis of Suspected Lazarus (APT-Q-1) Secret Stealing Operation/
2024.05.14 - ESET APT Activity Report Q4 2023 - Q1 2024/
2024.05.15 - To the Moon and back(doors) - Lunar landing in diplomatic missions/
2024.05.16 - Springtail (Kimsuky) - New Linux Backdoor Added to Toolkit/
2024.05.16 - Tracking the Progression of Earth Hundun's Cyberespionage Campaign in 2024/
2024.05.20 - Bad Karma, No Justice - Void Manticore Destructive Activities in Israel/
2024.05.22 - Deep Dive into the Unfading Sea Haze/
2024.05.22 - Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages/
2024.05.23 - Hellhounds - Operation Lahat. Part 2/
2024.05.23 - Malware Transmutation! - Unveiling the Hidden Traces of BloodAlchemy/
2024.05.23 - Operation Diplomatic Specter - An Active Chinese Cyberespionage Campaign targeting Governmental Entities in the Middle East, Africa and Asia/
2024.05.23 - Tracking APT SideWinder Domains/
2024.05.24 - Unraveling the snake tangle - following the attacks of Shedding Zmiy/
2024.05.28 - Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks/
2024.05.29 - APT41's Reconnaissance Techniques and Toolkit/
2024.05.29 - LightSpy Implant for macOS/
2024.05.29 - Putin's hackers gained full access to Hungary's foreign ministry networks/
2024.05.29 - Tracking Threat Actors Using Images and Artifacts/
2024.05.30 - Analysis of APT Attack Cases Using Dora RAT Against Korean Companies (Andariel Group)/
2024.05.30 - Disrupting FlyingYeti's (UAC-0149) campaign targeting Ukraine/
2024.05.30 - GRU's BlueDelta (APT28) Targets Key Networks in Europe with Multi-Phase Espionage Campaigns/
2024.05.30 - LilacSquid - The stealthy trilogy of PurpleInk, InkBox and InkLoader/
2024.06.01 - From Vegas to Chengdu - Hacking Contests, Bug Bounties,and China's Offensive Cyber Ecosystem/
2024.06.04 - Hurdling Over Hazards - Multifaceted Threats to the Paris Olympics/
2024.06.04 - Operation Veles - Decade-Long Espionage Targeting the Global Research and Education Sector/
2024.06.05 - Operation Crimson Palace - Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government/
2024.06.05 - Phishing for Gold - Cyber Threats Facing the 2024 Paris Olympics/
2024.06.05 - UAC-0020 (Vermin) attacks the Defense Forces of Ukraine using the SPECTR WPS in tandem with a legitimate SyncThing/
2024.06.06 - Howling at the Inbox - Sticky Werewolf's Latest Malicious Aviation Attacks/
2024.06.10 - Another battlefield - Telegram as a digital front in Russia’s war against Ukraine/
2024.06.10 - APT and financial attacks on industrial organizations in Q1 2024/
2024.06.10 - MIVD Ongoing state cyber espionage campaign via vulnerable edge devices/
2024.06.11 - APT Attacks Using Cloud Storage/
2024.06.11 - Noodle RAT - Reviewing the Backdoor Used by Chinese-Speaking Groups/
2024.06.11 - SmallTiger Malware Used in Attacks Against South Korean Businesses (Kimsuky and Andariel)/
2024.06.13 - Arid Viper poisons Android apps with AridSpy/
2024.06.13 - DISGOMOJI Malware Used to Target Indian Government/
2024.06.13 - Operation Celestial Force employs mobile and desktop malware to target Indian entities/
2024.06.16 - China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence/
2024.06.18 - Cloaked and Covert - Uncovering UNC3886 Espionage Operations/
2024.06.19 - CERT-FR Malicious activities linked to the Nobelium intrusion set/
2024.06.19 - New North-Korean based backdoor packs a punch/
2024.06.20 - Sustained Campaign Using Chinese Espionage Tools Targets Telcos/
2024.06.21 - Analysis of PHANTOM#SPIKE - Attackers Leveraging CHM Files to Run Custom CSharp Backdoors Likely Targeting Victims Associated with Pakistan/
2024.06.21 - SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques/
2024.06.21 - Unveiling SpiceRAT - SneakyChef's latest tool targeting EMEA and Asia/
2024.06.24 - Armageddon is more than a Grammy-nominated album/
2024.06.24 - Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation/
2024.06.24 - Russia-Linked CopyCop Expands to Cover US Elections, Target Political Leaders/
2024.06.26 - ChamelGang & Friends - Cyberespionage Groups Attacking Critical Infrastructure with Ransomware/
2024.06.26 - Russian National (Amin Timovich Stigal) Charged for Conspiring with Russian Military Intelligence to Destroy Ukrainian Government Computer Systems and Data/
2024.06.27 - Kimsuky deploys TRANSLATEXT to target South Korean academia/
2024.06.28 - TeamViewer links corporate cyberattack to Russian state hackers/
2024.07.01 - CapraTube Remix - Transparent Tribe’s Android Spyware Targeting Gamers, Weapons Enthusiasts/
2024.07.01 - Xctdoor Malware Used in Attacks Against Korean Companies (Andariel)/
2024.07.05 - Turla - A Master’s Art of Evasion/
2024.07.08 - CloudSorcerer – A new APT targeting Russian government entities/
2024.07.09 - APT40 Advisory - PRC MSS tradecraft in action/
2024.07.09 - Italian government agencies and companies in the target of a Chinese APT17/
2024.07.09 - OceanLotus uses social security topics as bait to conduct APT attacks/
2024.07.10 - DodgeBox - A deep dive into the updated arsenal of APT41 Part 1/
2024.07.11 - MoonWalk - A deep dive into the updated arsenal of APT41 Part 2/
2024.07.15 - New BugSleep Backdoor Deployed in Recent MuddyWater Campaigns/
2024.07.16 - AG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies/
2024.07.18 - APT41 Has Arisen From the DUST/
2024.07.18 - The Patchwork group has updated its arsenal, launching attacks for the first time using Brute Ratel C4 and an enhanced version of PGoShell/
2024.07.23 - Daggerfly - Espionage Group Makes Major Update to Toolset/
2024.07.23 - KnowBe4 - How a North Korean Fake IT Worker Tried to Infiltrate Us/
2024.07.23 - Transparent Tribe targets recent Election Results/
2024.07.24 - FrostyGoop Intel Brief/
2024.07.24 - Russia-nexus actor targets Ukraine/
2024.07.24 - Spot burst of activity UAC-0057 (CERT-UA#10340)/
2024.07.25 - APT45 - North Korea’s Digital Military Machine/
2024.07.25 - How APT groups operate in Southeast Asia/
2024.07.25 - Mid-year Doppelgänger information operations in Europe and the US/
2024.07.25 - Onyx Sleet uses array of malware to gather intelligence for North Korea/
2024.07.25 - SideWinder Utilizes New Infrastructure to Target Ports and Maritime Facilities in the Mediterranean Sea/
2024.07.31 - Cyberattack on the Federal Office of Cartography and Geodesy can be attributed to Chinese state attackers/
2024.08.01 - APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike/
2024.08.01 - BfV CYBER INSIGHT - The i-Soon-Leaks - Industrialization of Cyber Espionage - Part 1 Organization and methods/
2024.08.01 - BITS and Bytes - Analyzing BITSLOTH, a newly identified backdoor/
2024.08.02 - Fighting Ursa Luring Targets With Car for Sale/
2024.08.02 - StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms/