Tag: APT

Shifting the sands of RansomHub’s EDRKillShifter
ESET researchers examine the ransomware landscape in 2024, highlighting the emergence of RansomHub, a prominent ransomware-as-a-service (RaaS) group linked to established gangs like Play, Medusa, and BianLian. The article discusses the rise of EDR killers, particularly EDRKillShifter, developed by RansomHub, and reflects on the shifting dynamics of ransomware payments and victim statistics.…
Read More
Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks
Summary: Google has released urgent fixes for a high-severity vulnerability in Chrome for Windows, known as CVE-2025-2783, which has been actively exploited to target organizations in Russia. The flaw involves an incorrect handle in Mojo, allowing attackers to bypass browser protections through phishing emails. This marks the first actively exploited Chrome zero-day of the year, with attacks linked to a sophisticated APT campaign called Operation ForumTroll.…
Read More
Operation ForumTroll: APT attack with Google Chrome zero-day exploit chain
Kaspersky technologies identified a sophisticated wave of malware infections targeting various organizations through phishing emails leading to malicious links. A critical zero-day vulnerability in Google Chrome, identified as CVE-2025-2783, allowed attackers to bypass the browser’s sandbox. The malware campaign, dubbed Operation ForumTroll, aimed at espionage targeting media outlets and government entities in Russia.…
Read More
Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years
Summary: A major telecommunications company in Asia suffered a breach by Chinese state-sponsored hackers known as Weaver Ant, who maintained a prolonged presence in their systems for over four years. The attackers employed advanced techniques, including the use of web shells and a unique tool dubbed INMemory, to facilitate cyber espionage and maintain access to sensitive data.…
Read More
CVE-2025-2783: Chrome Zero-Day Exploited in State-Sponsored Espionage Campaign
Summary: Kaspersky Labs has identified a complex cyber-espionage campaign named Operation ForumTroll, utilizing a new Google Chrome zero-day exploit (CVE-2025-2783) initiated through spear-phishing emails. The attack required no additional action from victims once they accessed the malicious link, with the exploit bypassing Chrome’s sandbox protections. This operation is believed to be conducted by a state-sponsored APT group targeting Russian media, educational institutions, and government organizations.…
Read More
Summary: K7 Labs recently analyzed cyber tactics utilized by the North Korean APT group Kimsuky, shedding light on their use of malicious scripts and payloads in recent campaigns. The analysis reveals a sophisticated infection chain designed to exfiltrate sensitive information while evading detection. Key tactics include phishing, malware infections, and the use of dynamic obfuscation techniques to bypass security measures.…
Read More
Google Patches Chrome Sandbox Escape Zero-Day Caught by Kaspersky
Summary: Google has released a patch for a critical vulnerability (CVE-2025-2783) in its Chrome browser that was exploited in a state-sponsored cyberespionage campaign. Kaspersky identified this vulnerability as part of a sophisticated attack targeting Russian organizations, utilizing drive-by downloads through phishing techniques. The patch was expedited following the discovery of a sandbox escape flaw that compromised Chrome’s security measures.…
Read More
Unveiled the Threat Actors
This article explores various threat actors known for their significant cyber attacks, detailing their origins, techniques, and famous hacks. It categorizes these actors by their affiliations, such as state-sponsored and financially motivated groups, providing insight into their behaviors and methodologies. Affected: Government networks, financial institutions, healthcare, energy sector, retail, hospitality, media, technology, and more.…
Read More
Tempted to Classifying APT Actors: Practical Challenges of Attribution in the Case of Lazarus’s Subgroup
The article discusses the evolution of the Lazarus group, indicating that it has now transformed into a collection of subgroups rather than a single entity. It emphasizes the importance of understanding these subgroups, their tactics, and their individual characteristics for effective cyber defense strategies. Affected: Japan, cryptocurrency sector, defense industry, aviation industry

Keypoints :

The term “Lazarus” has evolved from a singular APT group to multiple subgroups.…
Read More
China Chopper & INMemory: Weaver Ant’s Arsenal of Advanced Web Shells
Summary: Sygnia reported on a sophisticated cyberattack by a China-nexus threat actor named Weaver Ant targeting a major telecommunications company in Asia. The group utilized complex methods, including web shell tunneling and advanced evasion techniques, to maintain persistent access for espionage purposes. Their persistent approach integrated multiple web shell types and various stealth techniques, demonstrating high adaptability and evasion from detection mechanisms.…
Read More
Detailed Analysis of DocSwap Malware Disguised as Security Document Viewer
A newly identified malware named “문서열람 인증 앱” (Document Viewing Authentication App), linked to a North Korean-backed APT group, has been detected. This malicious application poses as a legitimate document viewing tool but is designed to perform keylogging and information theft through various malicious functions. Users in South Korea are the primary targets, and the malware has connections to a phishing page that impersonates CoinSwap.…
Read More
Operation FishMedley
The US Department of Justice has indicted employees of the Chinese contractor I‑SOON for conducting espionage campaigns, particularly targeting governments, NGOs, and think tanks through the FishMonger APT group. The campaign, termed Operation FishMedley, involved complex techniques and tools typically used by China-aligned threat actors, leading to the compromise of several organizations across various continents.…
Read More
UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools
Summary: A new advanced persistent threat (APT) group named UAT-5918 has been identified, targeting critical infrastructure and various sectors in Taiwan since 2023. Their tactics include gaining long-term access for information theft using web shells and open-source tools, leveraging known security flaws in outdated systems. Researchers associate their methods with other Chinese hacking groups and highlight a sophisticated approach to credential harvesting and data theft.…
Read More
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families
Summary: The China-linked APT group Aquatic Panda has been implicated in a global espionage campaign targeting various organizations across multiple countries in 2022. This operation, codenamed “Operation FishMedley,” involved sophisticated malware tools and is attributed to a collective recognized for reusing well-known hacking mechanisms. The campaign underscores ongoing cybersecurity threats posed by state-sponsored actors using advanced techniques for espionage.…
Read More
SideWinder Threat Group: Maritime and Nuclear Sectors at Risk with Updated Toolset
SideWinder, also known as Rattlesnake or T-APT-04, is an advanced persistent threat group from India that has expanded its operations to target maritime and nuclear sectors across Asia, the Middle East, and Africa since 2012. Known for quickly adapting to security measures, SideWinder employs various tactics, techniques, and procedures (TTPs) to execute sophisticated cyber-attacks, primarily through phishing and malware.…
Read More
The Art of Evasion: How Attackers Use VBScript and PowerShell in the Obfuscation Game
This article discusses a malware that skillfully employs obfuscated VBScript and PowerShell to evade detection and complicate analysis. The attacker uses various obfuscation techniques, including irrelevant comments, time-based delays, and string manipulation, to confuse security analysts. The malware demonstrates a combination of traditional methods with new approaches, highlighting the need for continuous vigilance in cybersecurity.…
Read More
GrassCall Campaign: The Hackers Behind Job Recruitment Cyber Scams
The “GrassCall” malware campaign is an advanced social engineering attack targeting job seekers in the cryptocurrency and Web3 sectors, orchestrated by the Russian cybercriminal organization “Crazy Evil.” Utilizing fake job interviews, the attackers compromise systems to steal cryptocurrency assets, resulting in hundreds of victims. Affected: cryptocurrency sector, job seekers

Keypoints :

The GrassCall malware campaign is led by the Russian-speaking cyber-criminal organization “Crazy Evil.”…
Read More