Poland's Internal Security Agency (ABW) has reported that hackers have successfully breached industrial control systems at five water treatment plants across the country. The attackers, believed to be linked to Russian advanced persistent threat (APT) groups, managed to gain access to systems that control vital equipment. This incident is part of a broader campaign that raises concerns about cybersecurity in critical infrastructure. The ability to alter equipment settings poses significant risks not only to the water supply but also to public safety. As these types of cyberattacks become more common, it is crucial for nations to bolster their defenses against potential hybrid warfare tactics.
Articles tagged "APT"
Found 63 articles
Securelist
The report for Q1 2026 details a range of newly discovered vulnerabilities and exploits in various software and systems. Researchers have identified several Command and Control (C2) frameworks utilized in Advanced Persistent Threat (APT) attacks, which indicates a concerning trend in cybercrime tactics. This information is crucial for organizations to understand the evolving threat landscape and to take proactive measures to protect their networks. By keeping track of these vulnerabilities, companies can better defend against potential attacks that exploit these weaknesses. It’s essential for IT teams to stay updated on these findings to ensure their systems are secure.
Help Net Security
A new advanced persistent threat group, identified as GopherWhisper, has been linked to cyberattacks targeting a Mongolian government entity. This group, which appears to be aligned with China, is utilizing popular collaboration tools like Slack and Discord to conceal its command and control communications. By embedding malicious traffic within normal enterprise activities, they are making detection more difficult. This trend of leveraging widely used platforms for malicious purposes raises concerns for organizations that rely on these tools for communication and collaboration. As attackers continue to innovate in their methods, it is crucial for companies to remain vigilant and enhance their security measures to protect against such tactics.
The Lazarus Group, a hacking group linked to North Korea, successfully stole $290 million from Kelp DAO, a decentralized finance protocol on the Ethereum network. The theft was facilitated by exploiting vulnerabilities in LayerZero, a cross-chain messaging protocol. A subsequent attempt to steal an additional $95 million was thwarted by security measures. This incident raises significant concerns about the security of DeFi protocols and highlights the ongoing risks posed by state-sponsored cybercriminals in the cryptocurrency space. The implications are serious for investors and users of decentralized finance, as such breaches can undermine trust in these platforms.
Chinese state-sponsored hackers are reportedly targeting Indian banks and South Korean policy circles, raising concerns about espionage in the financial sector. Researchers noted that the tactics, techniques, and procedures (TTPs) used by these attackers appear outdated, suggesting a lack of sophistication in their approach. While the exact motivations behind these attacks remain unclear, the implications are significant as they could undermine the security of sensitive financial data and impact international relations. This situation highlights the ongoing cybersecurity challenges faced by nations in a highly interconnected world. Banks and governmental organizations are urged to bolster their defenses against potential intrusions.
Researchers at Censys have identified 5,219 devices that are vulnerable to attacks from Iranian Advanced Persistent Threat (APT) groups, with a significant number located in the United States. This exposure raises concerns about the potential for targeted cyber operations against various sectors, especially given the geopolitical tensions involving Iran. The findings suggest that organizations should assess their security postures and take proactive measures to mitigate risks associated with these vulnerabilities. The presence of such a large number of exposed devices indicates a broader issue of inadequate cybersecurity practices that could lead to severe consequences if exploited. Companies and users need to be vigilant and enhance their defenses against these potential threats.
The Russian cyber espionage group known as Fancy Bear is reportedly continuing its global attacks, targeting various organizations around the world. Experts warn that while victims may not possess the same level of technical sophistication as the attackers, they must take proactive steps to protect themselves. Essential measures include regularly patching software vulnerabilities and implementing zero trust security models to enhance defenses. The ongoing activity of Fancy Bear underscores the need for organizations, regardless of size or technical expertise, to prioritize cybersecurity practices to mitigate risks. As these attacks evolve, awareness and preparedness are crucial for safeguarding sensitive data and systems.
Hackread – Cybersecurity News, Data Breaches, AI and More
A dark web marketplace called Threat Market is advertising a massive haul of Lockheed Martin data, claiming to have 375 terabytes of sensitive information. The alleged source of this leak is a group identifying itself as 'APT Iran.' If true, this could pose serious risks not only to Lockheed Martin but also to national security, given the company's role in defense contracts. The asking price for this data is a staggering $600 million, raising concerns about the potential for misuse. This incident underscores the ongoing threat posed by malicious actors targeting major corporations and government contractors, highlighting the need for enhanced cybersecurity measures across the industry.
Security Affairs
A Russian-linked hacking group known as TA446 is actively targeting iPhone users through a new phishing campaign that employs the DarkSword iOS exploit kit. These attacks involve sending malicious emails designed to compromise iOS devices, putting users' personal information at risk. The group, also referred to as SEABORGIUM and ColdRiver, has been noted for its sophisticated tactics in the past. This wave of phishing emphasizes the increasing dangers that smartphone users face, especially as attackers refine their methods to bypass security measures. As these campaigns evolve, it’s crucial for iPhone users to remain vigilant about suspicious emails and links.
Security Affairs
A Russian advanced persistent threat (APT) group has been exploiting a critical cross-site scripting (XSS) vulnerability in Zimbra, identified as CVE-2025-66376, with a severity score of 7.2. The attackers are sending HTML emails that contain insufficiently sanitized scripts, which execute when opened by users. This campaign specifically targets individuals in Ukraine, highlighting the ongoing cyber conflict in the region. The exploitation of this vulnerability could allow attackers to compromise user accounts and access sensitive information. Organizations using Zimbra should be particularly vigilant and take immediate action to secure their systems.
Since 2020, a Chinese-linked hacking group known as CL-STA-1087 has been targeting military organizations in Southeast Asia. This group has utilized two types of malware, named AppleChris and MemFun, to carry out its espionage activities. The group's operations show a calculated approach, focusing on gathering specific intelligence rather than conducting widespread attacks. This ongoing campaign raises concerns about the security of military data in the region and highlights the risks posed by state-sponsored cyber espionage. The implications of such targeted attacks could undermine national security and diplomatic relations in Southeast Asia.
Iranian state-sponsored hackers are reportedly collaborating with real cybercriminal groups to enhance their cyberattacks. This partnership marks a shift from the previous strategy where Iranian advanced persistent threat (APT) groups masqueraded as criminal entities. By aligning with actual criminals, these APTs aim to bolster their capabilities and expand their reach in the cyber realm. This development raises concerns about the potential for more sophisticated and damaging attacks on various targets, including businesses and government entities. The implications of this collaboration could lead to an increase in cybercrime and state-sponsored attacks, posing a significant risk to cybersecurity efforts globally.
North Korean advanced persistent threats (APTs) are increasingly using artificial intelligence to enhance their scams targeting IT workers. These scams, which have been around for a while, are now more sophisticated thanks to AI tools that assist in tasks like creating convincing fake identities and automating email communications. By employing these technologies, attackers can effectively impersonate legitimate contacts and manipulate potential victims into providing sensitive information or financial resources. This evolution in tactics raises concerns for companies and individuals in the tech sector, as it becomes harder to distinguish between real and fraudulent communications. Organizations should be vigilant and implement stronger verification processes to protect against these AI-driven scams.
Securelist
The report details the vulnerabilities and exploits identified during the fourth quarter of 2025, with a focus on their impact on various systems and the rising use of command-and-control (C2) frameworks in advanced persistent threat (APT) attacks. Researchers noted an increase in published vulnerabilities, which could affect numerous organizations and users relying on these systems. The report emphasizes the importance of timely patching and updating to mitigate risks associated with these vulnerabilities. As APT groups increasingly employ sophisticated C2 frameworks, organizations must enhance their security measures to protect against potential breaches. This summary of findings is crucial for cybersecurity professionals aiming to stay ahead of evolving threats and safeguard their networks.
A newly identified hacking group, suspected to be linked to Russian intelligence, has launched attacks against various Ukrainian sectors, including defense, government, and energy. This group is using a malware called CANFAIL, which was uncovered by researchers from Google Threat Intelligence Group. The targeting of critical infrastructure and military entities raises significant concerns about national security and the ongoing conflict in the region. As these attacks could disrupt essential services and information systems, the situation highlights the need for enhanced cybersecurity measures among the affected organizations. This incident is part of a broader pattern of cyber warfare tactics being employed against Ukraine.