Articles tagged "APT"

Found 63 articles

The Armored Likho APT group is reportedly using a sophisticated toolkit that includes AI-generated malware alongside existing threats like the BusySnake Stealer, a Python-based tool designed to siphon off sensitive information. This group is known for its modular approach, which allows them to adapt their methods and tools quickly, making it difficult for organizations to defend against their attacks. The use of obfuscated remote access trojans (RATs) and network tunneling tools like Go2Tunnel adds another layer of complexity to their operations. As a result, businesses and individuals need to be vigilant about their cybersecurity measures to protect against these evolving threats. Given the capabilities of this APT group, the potential for data breaches and unauthorized access remains high, raising concerns for organizations that store sensitive information.

Read Original
Actively Exploited

Cisco Talos has reported that a Chinese cyber espionage group, identified as APT UAT-7810, is expanding its proxy relay network by deploying new malware. This development raises concerns about the group's capabilities to conduct more extensive surveillance and data exfiltration activities. The increased use of proxies can help attackers mask their origin while facilitating access to targeted networks. Organizations should be vigilant, as this activity suggests that the group is actively seeking new methods to bypass security measures. The implications of this malware expansion could impact various sectors, especially those involving sensitive information or critical infrastructure.

Read Original
Critical
Armored Likho Hits Government, Energy Sectors With BusySnake Stealer

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

Kaspersky has reported that the Armored Likho group, a previously identified advanced persistent threat (APT), is actively targeting government and energy sectors using a combination of techniques. They employ BusySnake Stealer, a type of malware designed to extract sensitive information, alongside AI-generated loaders and phishing methods to infiltrate systems. This campaign poses significant risks to organizations in these critical sectors, as the stolen data could lead to further exploitation or security breaches. The use of sophisticated tools and tactics highlights the evolving nature of cyber threats and the need for enhanced security measures within these industries. Organizations should remain vigilant and strengthen their defenses against such targeted attacks.

Read Original

A new cyber espionage group known as Armored Likho is reportedly targeting government and electric power sectors. This advanced persistent threat (APT) uses modular remote access tools (RATs) and information stealers to conduct its operations, which appear to be financially motivated as well as aimed at gathering intelligence. The implications of these attacks are significant, as they could compromise sensitive government data and disrupt critical infrastructure, potentially leading to broader security risks. Organizations in these sectors should remain vigilant and improve their cyber defenses to protect against such targeted campaigns.

Read Original

A Chinese cyber espionage group known as CL-STA-1062 is targeting organizations in Southeast Asia using a new backdoor called TinyRCT. This group employs a mix of open-source tools, including SoftEther VPN and Mimikatz, alongside their custom malware. The use of such a hybrid toolkit suggests a sophisticated approach to infiltrating networks and exfiltrating sensitive information. Organizations in Southeast Asia should be especially vigilant, as this attack could compromise critical data and disrupt operations. The ongoing activity of this threat actor raises concerns about the security posture of companies in the region.

Read Original

Researchers from Palo Alto Networks Unit 42 have reported that a Chinese-speaking advanced persistent threat group, tracked as CL-STA-1062, has been targeting government and energy networks in Southeast Asia. This group has been active since at least March 2022 and has recently intensified its operations in the region, employing custom malware known as TinyRCT to exploit vulnerabilities in critical infrastructure. The focus on Southeast Asia raises concerns about the security of essential services and the potential for significant disruptions. As these attacks target vital sectors, governments and organizations in the region need to bolster their cybersecurity defenses to mitigate risks posed by such sophisticated threats.

Read Original

A Russian advanced persistent threat (APT) group known as Turla has been using a new backdoor called 'StockStay' to target Ukrainian government and military organizations. This espionage campaign aims to gather sensitive information amidst the ongoing conflict in Ukraine. The backdoor allows attackers to maintain persistent access to compromised systems, facilitating data theft and surveillance. The situation raises significant concerns about the security of vital governmental infrastructure and the potential for further cyberattacks as tensions in the region continue to escalate. Ukrainian authorities and cybersecurity experts are urged to enhance their defenses against this ongoing threat.

Read Original

According to ESET's 2026 APT Activity Report, Chinese-backed advanced persistent threats (APTs) are capitalizing on the instability caused by ongoing conflicts in Iran to target maritime and energy companies. This surge in cyber-attacks indicates that attackers are exploiting geopolitical tensions to carry out their operations. The report highlights that these APTs are not only focusing on regional targets but are also continuing their activities against organizations globally. This situation raises concerns for companies in the maritime and energy sectors, as they may face increased risks of data breaches and operational disruptions due to these cyber threats. Understanding these tactics is crucial for organizations to bolster their cybersecurity defenses and protect sensitive information.

Read Original

Nimbus Manticore, an Iranian advanced persistent threat (APT) group, has been actively targeting aviation and software companies using updated tools. This activity has persisted during and after the recent US military actions against Iran, indicating a sustained effort by the group to exploit vulnerabilities within these sectors. The attacks raise concerns about the security of critical infrastructure and sensitive data in industries that are vital to national security and economic stability. Companies in the aviation and software fields should be on high alert and enhance their security measures to defend against these sophisticated threats. The ongoing nature of these operations suggests that the APT is evolving its tactics and tools, which could lead to more significant breaches if not addressed promptly.

Read Original

Recent reports indicate that Chinese advanced persistent threat (APT) groups are using a Linux backdoor called 'Showboat' to target telecommunications providers in Central Asia. This backdoor has been linked to espionage activities aimed at intercepting communications from smaller markets. The attacks raise concerns about the security of telecom infrastructure in the region, as they highlight how vulnerable these systems can be to state-sponsored hacking. The use of such sophisticated malware suggests that these APTs are not only looking to gather intelligence but also to potentially disrupt communications. As these attacks unfold, the implications for privacy and security in the telecommunications sector are significant, particularly for users relying on these services.

Read Original

ESET has reported that the Webworm APT group, also known as Space Pirates and UAT-8302, has shifted its focus from Asian targets to European government organizations in 2025. The group has been active since at least 2022 and is believed to be aligned with China. Its recent targets include government entities in Belgium, Italy, Poland, Serbia, and Spain, as well as a local university in South Africa. This expansion into Europe raises concerns about the potential for increased cyber espionage and data breaches affecting national security and government operations. Organizations in the affected regions need to bolster their cybersecurity measures to defend against these sophisticated attacks.

Read Original
Actively Exploited

ESET researchers have reported that the China-linked Webworm APT group has expanded its operations to target European government organizations, moving beyond its previous focus on Asia. This shift indicates a significant evolution in their cyber espionage tactics, suggesting that the group is refining its methods to achieve greater effectiveness. The implications are serious, as government entities in Europe may be at risk of sensitive data breaches and espionage activities. This development underlines the growing threat posed by state-sponsored hacking groups and highlights the need for enhanced cybersecurity measures among European institutions. As these tactics evolve, organizations must remain vigilant and proactive in defending against potential attacks.

Read Original

ESET has reported that the Ghostwriter group, also known as FrostyNeighbor, has resumed its cyberattacks on Ukrainian government organizations. This activity has been ongoing since at least March 2026 and follows a pattern similar to their previous campaigns. The group appears to be targeting sensitive government systems, which raises concerns about the security of critical infrastructure in Ukraine. As the conflict in the region continues, these attacks could have serious implications for government operations and national security. Researchers emphasize the need for heightened vigilance and improved cybersecurity measures within affected organizations.

Read Original

Recent cyber campaigns attributed to Chinese advanced persistent threat (APT) groups have expanded their targets and updated their tactics. The group known as Salt Typhoon has reportedly attacked an energy entity in Azerbaijan, raising concerns about the security of critical infrastructure in the region. Another group, Twill Typhoon, has focused on entities in Asia, deploying an updated remote access Trojan (RAT) that enhances their capabilities. These developments suggest that these APTs are adapting to better infiltrate and exploit various sectors, which could lead to increased risks for organizations in affected areas. As these campaigns evolve, organizations need to bolster their cybersecurity measures to defend against such sophisticated attacks.

Read Original

A Chinese cyber threat group known as 'FamousSparrow' has been targeting an Azerbaijani oil and gas firm with a series of attacks. This marks a shift for the group, which previously focused on sectors like hospitality, telecom, and government. The ongoing attacks raise concerns about the security of critical infrastructure in the South Caucasus region, especially given the strategic importance of energy resources. Researchers are alarmed by the group's expanding reach, which could have implications for other companies in similar industries. As these attacks continue, organizations in the energy sector should bolster their defenses against potential cyber intrusions.

Read Original
Page 1 of 5Next