What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in apt

TA416 APT Rebounds With New PlugX Malware Variant

The TA416 APT has returned in spear phishing attacks against a range of victims – from the Vatican to diplomats in Africa – with a new Golang version of its PlugX malware loader.

APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies

Threat actors mount year-long campaign of espionage, exfiltrating data, stealing credentials and installing backdoors on victims’ networks. China-backed APT Cicada joins the list of threat actors leveraging the Microsoft Zerologon bug to stage attacks against their targets. In this case, victims are large and well-known Japanese organizations and their subsidiaries, . . . Read more

Hacked Security Software Used in Novel South Korean Supply-Chain Attack

Lazarus Group is believed to be behind a spate of attacks that leverage stolen digital certificates tied to browser software that secures communication with government and financial websites in South Korea. The Lazarus cybercriminal group is using a novel supply-chain attack against visitors to websites operated by the South Korean . . . Read more

APT Groups Finding Success with Mix of Old and New Tools

The APT threat landscape is a mixed bag of tried-and-true tactics and cutting-edge techniques, largely supercharged by geo-politics, a report finds. Advanced persistent threat (APT) groups continue to use the fog of intense geopolitics to supercharge their campaigns, but beyond these themes, actors are developing individual signature tactics for success. . . . Read more

Firestarter Android Malware Abuses Google Firebase Cloud Messaging

The DoNot APT threat group is leveraging the legitimate Google Firebase Cloud Messaging server as a command-and-control (C2) communication mechanism. An APT group is starting fires with a new Android malware loader, which uses a legitimate Google messaging service to bypass detection. The malware, dubbed “Firestarter,” is used by an APT . . . Read more

Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug

Tech giant and feds this week renewed their urge to organizations to update Active Directory domain controllers. Threat attackers continue to exploit the Microsoft Zerologon vulnerability, a situation that’s been a persistent worry to both the company and the U.S. government over the last few months. Both on Thursday renewed . . . Read more

U.S. Levies Sanctions Against Russian Research Institution Linked to Triton Malware

The latest in a flurry of actions this week, tied to foreign threats against U.S. computer systems, includes sanctions by the Department of the Treasury. The Trump administration sanctioned a Russia government research institution on Friday claiming it was behind a series of cyberattacks using the highly destructive Triton malware. . . . Read more

Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

DOJ Charges 6 Sandworm APT Members in NotPetya Cyberattacks

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Microsoft Exchange, Outlook Under Siege By APTs

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.