The who, where, and how of APT attacks

This week, ESET experts released several research publications that shone the spotlight on a number of notable attacks and broader developments on the threat landscape.
First, their new APT Activity Report reviewed the key aspects of sophisticated attacks as investigated by ESET researchers from October 2023 to March 2024 and looked at the targeted countries and industry verticals, along with the initial access methods and sources of these attacks.
In another major research effort, ESET documented the Ebury attacks that involve one of the most advanced server-side malware campaigns and have compromised hundreds of thousands of servers over a period of at least 15 years - and have even come to encompass credit card and cryptocurrency theft.
In other research, ESET's experts found two previously unknown backdoors - which they named LunarWeb and LunarMail - compromising a European ministry of foreign affairs and its diplomatic missions abroad. We believe that the Lunar toolset has been used since at least 2020 and is probably the work of the infamous Russia-aligned cyberespionage group Turla.
The above is barely a glimpse of what the research team has published this week - you can learn far, far more about these threats and wider trends in the video and especially in the blogs and papers above.
Connect with us on Facebook, Twitter, LinkedIn and Instagram.


This Cyber News was published on www.welivesecurity.com. Publication date: Sat, 18 May 2024 08:43:05 +0000


Cyber News related to The who, where, and how of APT attacks

What is an advanced persistent threat? - An advanced persistent threat is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. APT attacks are initiated to steal highly sensitive data rather than cause damage to ...
11 months ago Techtarget.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
CVE-2020-5202 - apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit ...
2 years ago
Cyber Insights 2023: Criminal Gangs - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. Despite some geopolitical overlaps with state attackers, the majority of ...
1 year ago Securityweek.com
North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence - North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. “Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a ...
1 month ago Securityaffairs.com
Russian APT Turla Wields Novel Backdoor Malware Against Polish NGOs - Russia-sponsored advanced persistent threat group Turla is now targeting Polish NGOs in a cyberespionage campaign that uses a freshly developed backdoor with modular capabilities, signaling an expansion of the scope of its attacks against supporters ...
8 months ago Darkreading.com
Signature Techniques of Asian APT Groups Revealed - The Kaspersky Cyber Threat Intelligence team has unveiled crucial insights into the tactics, techniques and procedures employed by Asian Advanced Persistent Threat groups. The 370-page report, Modern Asian APT groups: Tactics, Techniques and ...
11 months ago Infosecurity-magazine.com
Russian hackers target unpatched JetBrains TeamCity servers - Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. APT 29, believed to ...
10 months ago Helpnetsecurity.com
BreachForums resurrected after FBI seizure - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group ...
5 months ago Securityaffairs.com
A cyberattack shutdown the University Hospital Centre Zagreb in Croatia - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Stanford University announced that 27,000 ...
4 months ago Securityaffairs.com
The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
9 months ago Blog.checkpoint.com
ESET APT Activity Report T3 2022 - ESET APT Activity Report T3 2022 summarizes the activities of selected advanced persistent threat groups that were observed, investigated, and analyzed by ESET researchers from September until the end of December 2022. In the monitored timespan, ...
1 year ago Welivesecurity.com
CVE-2020-27350 - APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 ...
2 years ago
State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
1 year ago Csoonline.com
Iran-Linked 'OilRig' Cyberattackers Target Israel's Critical Infrastructure, Over & Over - Prolific Iranian advanced persistent threat group OilRig has repeatedly targeted several Israeli organizations throughout 2022 in cyberattacks that were notable for leveraging a series of custom downloaders that use legitimate Microsoft cloud ...
10 months ago Darkreading.com
Harmony Horizon Bridge and Lazarus APT Activities Revealed - SecurityAffairs recently shed light on a report by FireEye security researchers about the activities of the Harmony Horizon Bridge and Lazarus APTs. The report includes a new variant of the Bridge malware named “Ovorum”, as well as the TVShow ...
1 year ago Securityaffairs.com
FlyingYeti targets Ukraine using WinRAR exploit to drop Malware - MUST READ. FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. ...
5 months ago Securityaffairs.com
Cyber Insights 2023: ICS and Operational Technology - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. At the same time, ICS/OT is facing an expanding attack surface caused by ...
1 year ago Securityweek.com
Why every company needs a DDoS response plan - Today's DDoS attacks are not what they were even a few years ago, and we continue to see DDoS attacks that are framed as the largest in history. As a result, large organizations need adaptive, multilayered defense capabilities that can respond just ...
4 months ago Helpnetsecurity.com
North Korean Kimsuky used a new Linux backdoor in recent attacks - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
5 months ago Securityaffairs.com
Dragonspark APT Targets East Asia with Malware - The Dragonspark Advanced Persistent Threat (APT) has recently been detected targeting East Asia with malware and other malicious programs. Dragonspark is believed to be an organized hacker group – possibly based in China – that is actively ...
1 year ago Securityaffairs.com
Sandworm APT targets Ukraine with new SwiftSlicer wiper - Russia-linked Sandworm APT group is behind a new Golang-based wiper, tracked as SwiftSlicer, that hit Ukraine, ESET reports. Researchers from ESET discovered a new Golang-based wiper, dubbed SwiftSlicer, that was used in attacks aimed at Ukraine. The ...
1 year ago Securityaffairs.com
Chinese APT Hacks 48 Government Organizations - An advanced persistent threat actor likely operating on behalf of the Chinese government has compromised dozens of foreign government entities worldwide, Trend Micro reports. Referred to as Earth Krahang, the hacking group appears linked to Earth ...
7 months ago Securityweek.com
The Rise of DDoS Attacks in Q3, 2023: Are You Prepared? - The Indusface AppSec Q3, 2023 Report reveals a staggering 67% surge in DDoS attacks compared to the previous quarter, highlighting a concerning trend with profound impacts on various industries. Over 41% of websites have shown signs of DDoS attacks ...
10 months ago Cybersecuritynews.com
Vulnerability Summary for the Week of January 15, 2024 - This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program. Successful attacks require human interaction from a ...
9 months ago Cisa.gov

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)