North Korea’s hackers are still targeting cybersecurity community
Google TAG: the threat actors on March 17 set up a new website with associated social media profiles for a fake company called “SecuriElite.”
Cyber Espionage, Facebook blocked Earth Empusa attacks on Uyghurs
The Chinese hackers (aka Evil Eye) targeted activists, journalists and dissidents with various TTPs to infect their devices with malware.
Cyber Espionage, an APT used at least 11 zero-days exploits in less than a year
The cybersecurity expert Maddie Stone: It used “watering hole” attacks to redirect specific targets to a pair of exploit servers delivering malware on Windows, iOS, and Android.
Cybercrime, RedXOR is a new malware which targets Linux systems
Intezer cybersecurity experts: It’s a backdoor linked to the Chinese state-sponsored hacking collective Winnti. It has meny capabilities and can be updated.
Cyber Espionage, Microsoft released mitigation measures for Exchange server
However, the company warns: Are not a remediation, nor are they full protection against attack. The APTs threat is still active.
Cybercrime, SolarWinds attackers deploy Sunshuttle as a second stage payload
FireEye cybersecurity experts: The malware uses cookie headers to pass values to the C2 and can select referrers from a list of popular websites.
Cybersecurity, Update Microsoft Exchange Now!
Many state sponsored APTs are exploiting the 4 vulnerabilities, despite Microsoft patched them, to attack servers in USA, Europe, Asia and Middle East.
Cybersecurity, Microsoft patches the last 0-day Exchange Server vulnerabilities
They have been used by the China state-sponsored APT Hafnium for cyber espionage purpose against US. Update the systems now!
Cyber Espionage, Lazarus targets Defense industry with ThreatNeedle
Kaspersky cybersecurity experts: The North Korea APT’s malware, a backdoor, moves laterally through infected networks and extracts confidential information.
Cyber Espionage, Ocean Lotus targeted Vietnamese human rights defenders
Amnesty International: The APT (aka APT32) is behind several spyware attacks between 2018 and November 2020.