VulnHub

Kaspersky's GReAT team has released findings on a sophisticated attack by a group known as Evasive Panda APT. This group employs a technique that poisons DNS requests to deploy a malicious implant called MgBot. The attack chain includes the use of shellcode that is encrypted with DPAPI and RC5, making it harder to detect. This method poses a significant risk as it can compromise systems and networks by redirecting legitimate traffic to malicious sites. Organizations need to be aware of these tactics to prevent potential breaches and protect their infrastructure.

A new advanced persistent threat (APT) group, identified as LongNosedGoblin, has been observed targeting government networks across Southeast Asia and Japan. This group, which appears to have links to China, is using Group Policy to infiltrate these networks, allowing them to gather sensitive information. The attack is particularly concerning because it affects national security and could lead to the compromise of confidential government communications. Researchers believe that this activity underscores the ongoing cyber espionage efforts aimed at government entities in the region, raising alarms about the security posture of these nations. The implications of such breaches could be significant, potentially impacting diplomatic relations and national security strategies.

The hacking group known as LongNosedGoblin has been targeting Asian governments by deploying cyberespionage tools on their networks using Group Policy. This method allows them to effectively infiltrate and operate within government systems, raising concerns about national security and data integrity. Researchers have identified this group as a persistent threat, which could compromise sensitive information and disrupt governmental operations. The implications are significant, as such attacks could weaken trust in governmental digital infrastructures and potentially expose critical data to adversaries. As this activity continues, it emphasizes the need for robust cybersecurity measures in governmental organizations to protect against such sophisticated attacks.

Kaspersky researchers have reported on the recent activities of the Cloud Atlas advanced persistent threat (APT) group in early 2025. This group has updated their arsenal with new malicious tools, including backdoors known as VBShower, VBCloud, PowerShower, and CloudAtlas. These implants are designed to infiltrate and control targeted systems, which typically include government and corporate networks. The evolving tactics of Cloud Atlas highlight the ongoing risks to organizations, particularly those in sensitive sectors. Companies need to remain vigilant and enhance their cybersecurity measures to defend against these sophisticated threats.

Cisco has disclosed a critical zero-day vulnerability, tracked as CVE-2025-20393, affecting its Secure Email Gateway and Secure Email/Web Manager products. This vulnerability is currently being exploited by a China-linked advanced persistent threat group known as UAT-9686. The attack campaign began on December 10 and targets specific systems, raising significant concerns for organizations relying on these Cisco products. Users and administrators should be particularly vigilant, as this active exploitation could lead to unauthorized access and data breaches. The urgency of addressing this vulnerability cannot be overstated, given its potential impact on email security and the sensitive information handled by these systems.

Kaspersky's GReAT team has reported an increase in cyberattacks from the ForumTroll APT group, which is specifically targeting Russian political scientists. The attackers are using a tool known as the Tuoni framework to infiltrate their devices. This situation is concerning as it shows a focused attempt to compromise the devices of individuals involved in political research, potentially to gather sensitive information or disrupt their work. The targeting of political scientists indicates a strategic move to influence or monitor political discourse in Russia. These incidents serve as a reminder of the ongoing risks faced by academics and researchers in politically sensitive environments.

The article reports on a joint investigation revealing a remote IT worker infiltration scheme linked to North Korea's Lazarus Group. This scheme highlights the persistent threat posed by state-sponsored cyber actors, emphasizing the need for heightened awareness and security measures against such infiltration tactics.

China's state-sponsored hackers, known as 'PlushDaemon', have developed a method to infect routers and hijack software updates, primarily targeting Chinese organizations. This sophisticated approach allows them to operate under the radar, posing a significant threat to cybersecurity within the region.