Advanced Persistent Threats Tag

Polish government officials have issued a warning that a cyberespionage group, believed to be linked to Russia's intelligence services, is targeting diplomatic and foreign ministries from NATO and EU member states.   The group, known as APT29, Cozy Bear, and NOBELIUM, is believed to be part of Russia's Foreign Intelligence Service (SVR). This group was responsible for the 2020 supply chain attack against software company SolarWinds, which...

Read More

China-based cyberespionage actor DEV-0147 has been observed compromising diplomatic targets in South America, according to Microsoft’s Security Intelligence team. 

The initiative is “a notable expansion of the group’s data exfiltration operations that traditionally targeted gov’t agencies and think tanks in Asia and Europe,” the team tweeted on Monday. 

DEV-0147’s attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for reconnaissance...

Read More

Sandworm Targets Ukraine and its Supporters   In the last months of 2022, Russian Advanced Persistent Threat (APT) group Sandworm continued its data wiping attacks against Ukrainian organizations, but expanded its efforts to organizations from countries that are strong supporters of Ukraine, such as Poland, according to a new report by cybersecurity firm ESET. Sandworm is believed to operate as a unit inside Russia's military intelligence agency,...

Read More

Researchers uncovered a stealthy UEFI rootkit that's being used in highly targeted campaigns by a notorious Chinese cyberespionage group with suspected government ties. The group is known for using software supply-chain attacks in the past. Dubbed MoonBounce by researchers from Kaspersky Lab, the implant's goal is to inject a malicious driver into the Windows kernel during the booting stages, providing attackers with a high level...

Read More