Advanced Persistent Threats
Advanced Persistent Threats | News, how-tos, features, reviews, and videos
White House releases an ambitious National Cybersecurity Strategy
The Biden administration's National Cybersecurity Strategy calls for more regulation on critical infrastructure providers and holds software providers accountable for their insecure products.
Cybersecurity in wartime: how Ukraine's infosec community is coping
A year into the war, resilience and adaptation, risk and sacrifice are the hallmarks of being a cybersecurity professional in Ukraine.
China-based cyberespionage actor seen targeting South America
Cyberthreat group DEV-0147 is deploying the ShadowPad RAT to hit diplomatic targets in South America, expanding from its traditional attack turf in Asia and Europe, Microsoft says.
Threat group targets over 1,000 companies with screenshotting and infostealing malware
Tactics and malware suggest financial motivation, but espionage might also be the goal.
APT groups use ransomware TTPs as cover for intelligence gathering and sabotage
Changing tactics by North Korean, Russian, and Chinese APT groups suggest that Western companies are at greater risk.
Chinese hackers targeted Iranian government entities for months: Report
The networks of four Iranian government organizations including Iran’s Ministry of Foreign Affairs, have likely been compromised.
US Maritime Administrator to study port crane cybersecurity concerns
Recently passed legislation might have been spurred by supply chain disruption and surveillance concerns enabled by Chinese-made cranes.
Meta’s new kill chain model tackles online threats
Meta researchers say their Online Operations Kill Chain framework offers a common taxonomy to understand the threat landscape and spot vulnerabilities.
Researchers show techniques for malware persistence on F5 and Citrix load balancers
Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers.
New Chinese attack framework Alchimist serves Windows, Linux, and macOS implants
Alchimist is easy to deploy and gives attackers a large suite of functionalities with which they can wreak havoc.
China’s attack motivations, tactics, and how CISOs can mitigate threats
A Booz Allen Hamilton report outlines global cyberthreats posed by the People’s Republic of China and gives some guidance on how to counter them.
North Korea’s Lazarus group uses vulnerable Dell driver to blind security solutions
This first known exploit of the Dell vulnerability might inspire other malware developers who want to avoid detection of their code.
Cyberespionage group developed backdoors tailored for VMware ESXi hypervisors
A possibly new threat actor packaged and deployed backdoors as vSphere Installation Bundles, gaining remote code execution and persistence capabilities.
UK organizations, Ukraine's allies warned of potential "massive" cyberattacks by Russia
UK National Cyber Security Centre CEO Lindy Cameron reflects on Russia’s recent cyber activity as Ukraine warns its allies to prepare for cyberattacks targeting critical infrastructure.
International cooperation is key to fighting threat actors and cybercrime
Western intelligence and national security leaders emphasize the importance of collaborating to better prepare and respond to cybersecurity threats.
US government indicts Iranian nationals for ransomware and other cybercrimes
The Department of Justice and FBI claim three Iranian citizens conducted a global cybercrime operation while separately the US Treasury sanctions Iran.
Iranian cyberspies use multi-persona impersonation in phishing threads
Iran-sponsored groups use fake personas of real people to add credibility to phishing emails designed to deliver malware through remote template injection.
North Korean state-sponsored hacker group Lazarus adds new RAT to its malware toolset
Lazarus has used the new remote access Trojan in campaigns that exploit the Log4Shell vulnerability and target energy companies.