Advanced Persistent Threats
Advanced Persistent Threats | News, how-tos, features, reviews, and videos
![Praying mantis among green leaves [camouflage/stealth]](https://images.idgesg.net/images/article/2019/02/camouflage_stealth_praying_mantis_among_green_leaves_by_david_clode_cc0_via_unsplash_2400x1600-100788546-medium.3x2.jpg)
Biden administration, US allies condemn China's malicious hacking, espionage actions
Global coalition calls on China to curtail its cyber activities. For the first time, the US blames China directly for ransomware attacks.
US charges four suspected Chinese spies who coordinated APT40 hackers
The government outlines how APT40 conducted its Microsoft Exchange Server attack and offers advice to defend against nation-state threats.
Tips and tactics of today's cybersecurity threat hunters
Having internal threat hunting capability is becoming a necessity for many organizations. Here are the most common things they look for and how they respond to incidents.
Spy groups hack into companies using zero-day flaw in Pulse Secure VPN
Known and unknown groups are using VPN vulnerabilities to circumvent authentication and establish backdoors.
FBI cleans web shells from hacked Exchange servers in rare active defense move
The FBI has been deleting backdoors placed by cyberespionage group Hafnium on Microsoft Exchange servers. The court order allowing them to do so signals a more active defense approach.
US sanctions Russian government, security firms for SolarWinds breach, election interference
The Biden administration places economic sanctions on Russian government organizations, individuals, and companies including several security firms.
US government calls for better information sharing in wake of SolarWinds, Exchange attacks
The Biden administration seeks ways to better gather and share security intelligence from the private sector, but experts see barriers to success.
Chinese cyberespionage group hacks US organizations with Exchange zero-day flaws
Microsoft believes Chinese APT group Hafnium is using a set of previously unknown Exchange Server vulnerabilities to access mailbox contents and perform remote code execution.
How to prepare for and respond to a SolarWinds-type attack
If you can perform these tasks on your Windows network, then you are properly prepared to respond to a nation-state attack like SolarWinds.
SolarWinds hack is a wakeup call for taking cybersecurity action
Many questions are yet to be answered as the investigation and response continues, but one thing is clear: managing supply chain risks requires a level of sophistication similar to that of the attackers.
How to prepare for the next SolarWinds-like threat
It is possible to minimize the risk from nation-state attacks like SolarWinds. This is the best advice based on what experts have learned so far.
SolarWinds attack explained: And why it was so hard to detect
A group believed to be Russia's Cozy Bear gained access to government and other systems through a compromised update to SolarWinds' Orion software. Most organizations aren't prepared for this sort of software supply chain attack.
FireEye breach explained: How worried should you be?
The theft of red team tools, allegedly by Russia's Cozy Bear group, poses only a small threat to other organizations. The real lesson: Anyone can be hacked.
TrickBot gets new UEFI attack capability that makes recovery incredibly hard
Researchers discover a new TrickBot module that allows malware to persist even after reformatting or replacing a hard drive.
![A group of anonymous hooded figures exist amid raining streams of binary code. [security threats]](https://images.idgesg.net/images/article/2020/09/group_of_anonymous_hooded_figures_hackers_bad_actors_security_threats_by_leo_lintang_gettyimages-1135437442_2400x1600-100858240-small.3x2.jpg)
Mercenary APT group CostaRicto hits organizations worldwide
This hacker-for-hire advanced persistent threat group uses its own custom malware and takes great effort to hide its activity.
Evilnum group targets FinTech firms with new Python-based RAT
The attack hides in Windows systems by impersonating several legitimate programs.
APT-style mercenary groups challenge the threat models of many organizations
APT-for-hire services will broaden the scope of who is vulnerable to that type of attack. Small- and medium-sized companies in particular need to rethink their threat models.
