Advanced Persistent Threats
Advanced Persistent Threats | News, how-tos, features, reviews, and videos
Threat hunters expose novel IceApple attack framework
Suspected state-sponsored threat actor uses IceApple to target technology, academic and government sectors with deceptive software.
Stealthy Linux implant BPFdoor compromised organizations globally for years
The China-linked backdoor takes advantage of the Berkeley Packet Filter on Unix systems to hide its presence.
Chinese APT group Mustang Panda targets European and Russian organizations
Latest campaigns by Mustang Panda highlight the threat actor's versatility in terms of the tools and techniques it is able to use.
Chinese APT group Winnti stole trade secrets in years-long undetected campaign
The Operation CuckooBees campaign used zero-day exploits to compromise networks and leveraged Windows' Common Log File System to avoid detection.
New Five Eyes alert warns of Russian threats targeting critical infrastructure
The alert provides detailed information on Russian government and state-sponsored cybercriminal groups as well as guidance for reducing risk.
Spyware was used against Catalan targets and UK prime minister and Foreign Office
Researchers at the Citizen Lab says dozens of officials' phones were compromised by spyware sold by NSO Group or Candiru.
What is the cyber kill chain? A model for tracing cyberattacks
The cyber kill chain describes the phases of a targeted cyberattack where defenders can identify and stop it.
FBI active defense measure removes malware from privately owned firewalls
The action targeted devices infected by the Cyclops Blink malware, believed to have been developed by Russia's Sandworm group.
New threat group underscores mounting concerns over Russian cyber threats
Crowdstrike says Ember Bear is likely responsible for the wiper attack against Ukrainian networks and that future Russian cyberattacks might target the West.
US charges Russian government agents for cyberattacks on critical infrastructure
Two sets of attacks used Triton and Havex malware to infiltrate industrial control systems at energy organizations in the US and abroad.
ShadowPad has become the RAT of choice for several state-sponsored Chinese APTs
New research links the ShadowPad remote-access Trojan to China's Ministry of State Security and the People's Liberation Army.
Russia’s offensive cyber actions should be a cause for concern for CISOs
Recent cyber attacks against Western entities operating in Ukraine aim to disrupt or conduct espionage. CISOs should be wary of such attacks expanding beyond the Ukrainian border.
Savvy cryptomining malware campaign targets Asian cloud service providers
Sophisticated techniques deployed by CoinStomp gang use cloud service providers to mine cryptocurrency.
Iranian APT group uses previously undocumented Trojan for destructive access to organizations
The Moses Staff group's main target is Israel, but has recently launched attacks on organizations in other countries including India, Germany and the U.S.
MoonBounce UEFI implant used by spy group brings firmware security into spotlight
The MoonBounce rootkit implants a malicious driver in the Windows kernel to provide persistence and stealthiness.
Cybercrime group Elephant Beetle lurks inside networks for months
Elephant Beetle specializes in stealing money from financial and commerce firms over an extended period of time while remaining undetected.
Malware variability explained: Changing behavior for stealth and persistence
More malware is designed to be variable, choosing which computers to infect or even the type of attack to execute.
Void Balaur explained—a stealthy cyber mercenary group that spies on thousands
Unlike other groups, Void Balaur will target individuals and organizations in Russian-speaking countries and seems to have intimate knowledge of telecom systems.