Tag: LATERAL MOVEMENT

Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years
Summary: A major telecommunications company in Asia suffered a breach by Chinese state-sponsored hackers known as Weaver Ant, who maintained a prolonged presence in their systems for over four years. The attackers employed advanced techniques, including the use of web shells and a unique tool dubbed INMemory, to facilitate cyber espionage and maintain access to sensitive data.…
Read More
Summary: K7 Labs recently analyzed cyber tactics utilized by the North Korean APT group Kimsuky, shedding light on their use of malicious scripts and payloads in recent campaigns. The analysis reveals a sophisticated infection chain designed to exfiltrate sensitive information while evading detection. Key tactics include phishing, malware infections, and the use of dynamic obfuscation techniques to bypass security measures.…
Read More
Inside Hunters International Group: How a Retailer Became the Latest Ransomware Victim
Summary: In February 2025, the eSentire Threat Response Unit (TRU) uncovered a sophisticated ransomware campaign by the Hunters International group against a retail organization, utilizing vulnerabilities in FortiOS for initial access. The attack involved the creation of a super admin account, lateral movement within the network, and the deployment of a new variant of ransomware designed to evade detection and prevent data recovery.…
Read More
China Chopper & INMemory: Weaver Ant’s Arsenal of Advanced Web Shells
Summary: Sygnia reported on a sophisticated cyberattack by a China-nexus threat actor named Weaver Ant targeting a major telecommunications company in Asia. The group utilized complex methods, including web shell tunneling and advanced evasion techniques, to maintain persistent access for espionage purposes. Their persistent approach integrated multiple web shell types and various stealth techniques, demonstrating high adaptability and evasion from detection mechanisms.…
Read More
Chinese hackers spent four years inside Asian telco’s networks
Summary: A major Asian telecommunications company suffered a four-year-long breach by Chinese government-affiliated hackers known as “Weaver Ant.” The attackers compromised home routers from Zyxel to infiltrate the telco, utilizing various advanced tools and backdoors to maintain persistent access and extract sensitive information. Sygnia, the incident response firm, highlights the sophistication and stealthiness of the threat actors in their campaign targeting critical infrastructure.…
Read More
The Crazy Hunter ransomware attack exploited Active Directory misconfigurations and utilized Bring-Your-Own-Vulnerable-Driver (BYOVD) techniques to escalate privileges and distribute ransomware through Group Policy Objects. Despite claims of data exfiltration, forensic investigations found no supporting evidence. This attack resulted in significant operational disruptions and highlighted the importance of proactive threat intelligence in cybersecurity.…
Read More
Report: Rooted Devices 250 Times More Vulnerable to Compromise
Summary: A recent Zimperium analysis finds that rooted and jailbroken devices are 250 times more susceptible to system compromises and pose significant threats to corporate data security. The report identifies significant increases in malware attacks and filesystem breaches linked to these devices. Experts recommend improved threat detection techniques to manage security risks associated with rooted and jailbroken devices.…
Read More

🔴 RECONNAISSANCE:

RustScan ==https://github.com/bee-san/RustScanNmapAutomator ==https://github.com/21y4d/nmapAutomatorAutoRecon ==https://github.com/Tib3rius/AutoReconAmass ==https://github.com/OWASP/AmassCloudEnum ==https://github.com/initstring/cloud_enumRecon-NG ==https://github.com/lanmaster53/recon-ngAttackSurfaceMapper ==https://github.com/superhedgy/AttackSurfaceMapperDNSDumpster ==https://dnsdumpster.com/

🔴 INITIAL ACCESS:

SprayingToolKit ==https://github.com/byt3bl33d3r/SprayingToolkito365Recon ==https://github.com/nyxgeek/o365reconPsudohash ==https://github.com/t3l3machus/psudohashCredMaster ==https://github.com/knavesec/CredMasterDomainPasswordSpray ==https://github.com/dafthack/DomainPasswordSprayTheSprayer ==https://github.com/coj337/TheSprayer…
Read More
South Korean Organizations Targeted by Cobalt Strike Cat Delivered by a Rust Beacon
Hunt researchers exposed a web server hosting tools linked to an intrusion campaign against South Korean organizations. This server, available for less than 24 hours, encompassed a Rust-compiled Windows executable that deployed Cobalt Strike Cat along with several other open-source tools. The attacker appears to have focused on exploiting vulnerabilities in government and commercial entities.…
Read More
New Ransomware Operator Exploits Fortinet Vulnerability Duo
Forescout Research has identified a new ransomware strain, dubbed SuperBlack, linked to the threat actor “Mora_001”, exploiting vulnerabilities in Fortinet devices. This threat actor is connected to the LockBit ransomware ecosystem and demonstrates sophisticated tactics including rapid ransomware deployment, user account creation across victim networks, and the use of modified LockBit tools.…
Read More
Operation FishMedley
The US Department of Justice has indicted employees of the Chinese contractor I‑SOON for conducting espionage campaigns, particularly targeting governments, NGOs, and think tanks through the FishMonger APT group. The campaign, termed Operation FishMedley, involved complex techniques and tools typically used by China-aligned threat actors, leading to the compromise of several organizations across various continents.…
Read More
UAT-5918 Targets Taiwan’s Critical Infrastructure Using Web Shells and Open-Source Tools
Summary: A new advanced persistent threat (APT) group named UAT-5918 has been identified, targeting critical infrastructure and various sectors in Taiwan since 2023. Their tactics include gaining long-term access for information theft using web shells and open-source tools, leveraging known security flaws in outdated systems. Researchers associate their methods with other Chinese hacking groups and highlight a sophisticated approach to credential harvesting and data theft.…
Read More
10 Critical Network Pentest Findings IT Teams Overlook
Summary: After conducting over 10,000 automated internal network penetration tests, vPenTest identifies critical security gaps due to common misconfigurations, unpatched systems, and weak passwords. The analysis reveals that these vulnerabilities present significant risks that attackers can exploit easily, often resulting from simple oversights. The article outlines the ten most pressing internal network security risks and provides recommendations to mitigate them effectively.…
Read More
SideWinder Threat Group: Maritime and Nuclear Sectors at Risk with Updated Toolset
SideWinder, also known as Rattlesnake or T-APT-04, is an advanced persistent threat group from India that has expanded its operations to target maritime and nuclear sectors across Asia, the Middle East, and Africa since 2012. Known for quickly adapting to security measures, SideWinder employs various tactics, techniques, and procedures (TTPs) to execute sophisticated cyber-attacks, primarily through phishing and malware.…
Read More
Emulating the Sophisticated Chinese Adversary Salt Typhoon
Salt Typhoon, a Chinese APT group active since 2019, targets critical sectors, including Telecommunications and Government entities across multiple regions. Known for its advanced cyberespionage tactics, the group utilizes various tools and techniques to maintain access while evading detection. This includes exploiting Microsoft Exchange vulnerabilities and employing a range of persistence and privilege escalation techniques.…
Read More
5 Identity Threat Detection & Response Must-Haves for Super SaaS Security
Summary: Identity-based attacks are increasingly targeting organizations reliant on SaaS, with traditional threat detection methods often overlooking the unique risks present in these environments. Identity Threat Detection and Response (ITDR) offers a comprehensive solution, ensuring visibility and proactive measures to counteract potential breaches. Key strategies discussed include full coverage of SaaS applications, identity-centric monitoring, threat intelligence, and effective prioritization of alerts, alongside necessary integrations and posture management.…
Read More
HP Launches Printers with Quantum Resilient Cryptography 
Summary: HP has introduced the world’s first business printers designed to protect against quantum computer attacks by utilizing the Leighton-Micali Signature (LMS), a post-quantum cryptographic method approved by NIST. These printers are aimed at enhancing security for both private users and government sales while addressing the unique vulnerabilities of printers as edge devices.…
Read More