Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-10-18 14:15:09 |
China-linked APT41 group targets Hong Kong with Spyder Loader (lien direct) |
>China-linked threat actors APT41 (a.k.a. Winnti) targeted organizations in Hong Kong, in some cases remaining undetected for a year. Symantec researchers reported that cyberespionage group APT41 targeted organizations in Hong Kong in a campaign that is a likely continuation of the Operation CuckooBees activity detailed by Cybereason in May. Winnti (aka APT41, Axiom, Barium, Blackfly) is a cyberespionage […]
|
Threat
Guideline
|
APT 41
APT 17
|
|
|
2022-05-13 06:52:53 |
Iran-linked COBALT MIRAGE group uses ransomware in its operations (lien direct) |
Iranian group used Bitlocker and DiskCryptor in a series of attacks targeting organizations in Israel, the US, Europe, and Australia. Researchers at Secureworks Counter Threat Unit (CTU) are investigating a series of attacks conducted by the Iran-linked COBALT MIRAGE APT group. The threat actors have been active since at least June 2020 and are linked […]
|
Ransomware
Threat
|
APT 15
APT 15
|
★★★★
|
|
2022-04-09 12:06:00 |
China-linked threat actors target Indian Power Grid organizations (lien direct) |
China-linked threat actors continue to target Indian power grid organizations, most of the attacks involved the ShadowPad backdoor. Recorded Future’s Insikt Group researchers uncovered a campaign conducted by a China-linked threat actor targeting Indian power grid organizations. The security firm is tracking this cluster of malicious activities under the moniker Threat Activity Group 38 aka […]
|
Threat
|
APT 1
|
|
|
2020-11-18 20:27:53 |
China-linked APT10 leverages ZeroLogon exploits in recent attacks (lien direct) |
Researchers uncovered a large-scale campaign conducted by China-linked APT10 targeting businesses using the recently-disclosed ZeroLogon vulnerability. Symantec’s Threat Hunter Team, a Broadcom division, uncovered a global campaign conducted by a China-linked APT10 cyber-espionage group targeting businesses using the recently-disclosed ZeroLogon vulnerability. The group, also known as Cicada, Stone Panda, and Cloud Hopper, has been active at […]
|
Threat
|
APT 10
|
|
|
2019-07-24 03:07:00 |
(Déjà vu) China-Linked APT15 group is using a previously undocumented backdoor (lien direct) |
ESET researchers reported that China-linked cyberespionage group APT15 has been using a previously undocumented backdoor for more than two years. Security researchers at ESET reported that China-linked threat actor APT15 (aka Ke3chang, Mirage, Vixen Panda, Royal APT and Playful Dragon) has been using a previously undocumented backdoor for more than two years. APT15 has been active […]
|
Threat
|
APT 15
APT 25
|
|
|
2018-10-19 07:06:03 |
Attackers behind Operation Oceansalt reuse code from Chinese Comment Crew (lien direct) |
Security researchers from McAfee have recently uncovered a cyber espionage campaign, tracked as Operation Oceansalt, targeting South Korea, the United States, and Canada. The threat actors behind Operation Oceansalt are reusing malware previously associated with China-linked cyberespionage group APT1. “McAfee Advanced Threat Research and Anti-Malware Operations teams have discovered another unknown data reconnaissance implant targeting Korean-speaking users.” reads the report. “We […]
|
Malware
Threat
|
APT 32
APT 1
|
|
|
2018-09-10 18:59:03 |
Chinese LuckyMouse APT has been using a digitally signed network filtering driver in recent attacks (lien direct) |
Security experts observed the LuckyMouse APT group using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks. Security experts from Kaspersky have observed the LuckyMouse APT group (aka Emissary Panda, APT27 and Threat Group 3390) using a digitally signed 32- and 64-bit network filtering driver NDISProxy in recent attacks. The APT group […]
|
Threat
|
APT 27
APT 1
|
★★★
|