APT (Advanced Persistent Threat) Archives - GBHackers Security | #1 Globally Trusted Cyber Security News Platform

IcePeony Hackers Exploiting Public Web Servers To Inject Webshells

Aman Mishra — Tue, 22 Oct 2024 11:15:30 +0000

IcePeony, a China-nexus APT group, has been active since 2023, targeting India, Mauritius, and Vietnam by exploiting SQL injection vulnerabilities to compromise systems using webshells and backdoors, leveraging a custom IIS malware called IceCache. The attackers accidentally exposed a server containing sensitive data, including a zsh_history file that revealed their detailed attack timeline and techniques. […]

The post IcePeony Hackers Exploiting Public Web Servers To Inject Webshells appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Crimson Palace Returns With New Hacking Tolls And Tactics

Aman Mishra — Mon, 16 Sep 2024 07:37:29 +0000

Cluster Bravo, despite its brief initial activity, subsequently targeted 11 organizations in the same region, as researchers found that these attackers used compromised environments within the same vertical for malware staging. Cluster Charlie, after being disrupted, returned with new techniques, including using the HUI loader to inject Cobalt Strike beacons into mstsc.exe. They employed open-source […]

The post Crimson Palace Returns With New Hacking Tolls And Tactics appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ToddyCat APT Abuses SMB, Exploits IKEEXT A Exchange RCE To Deploy ICMP Backdoor

Tushar Subhra — Wed, 04 Sep 2024 11:30:36 +0000

ToddyCat is an APT group that has been active since December 2020, and primarily it targets the government and military entities in Europe and Asia. The group is known for its sophisticated cyber-espionage tactics and has been involved in multiple high-profile attacks. Cybersecurity researchers at Kaspersky Lab identified that ToddyCat APT group has been abusing […]

The post ToddyCat APT Abuses SMB, Exploits IKEEXT A Exchange RCE To Deploy ICMP Backdoor appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Operation Oxidovy, Threat Actors Targeting Government And Military Officials

Kaaviya — Tue, 03 Sep 2024 09:14:11 +0000

The recent campaign targeting the Czech Republic involves a malicious ZIP file that contains a decoy LNK file and a batch script. The LNK runs the batch script, which spawns a decoy PDF document and renames a masqueraded PDF file to a portable executable, which is copied to the startup folder for persistence. Decoy documents […]

The post Operation Oxidovy, Threat Actors Targeting Government And Military Officials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Earth Baku Using Customized Tools To Maintain Persistence And Steal Data

Tushar Subhra — Wed, 14 Aug 2024 12:08:34 +0000

Earth Baku, an APT actor who initially focused on the Indo-Pacific region, has grown its activities extensively since late 2022. The group has increased its presence in Europe, the Middle East, and Africa (MEA), having also confirmed engagements in Italy, Germany, UAE and Qatar. Cybersecurity researchers at Trend Micro recently discovered that Earth Baku has […]

The post Earth Baku Using Customized Tools To Maintain Persistence And Steal Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Turla Hackers Weaponizing LNK-Files To Deploy Fileless Malware

Tushar Subhra — Tue, 09 Jul 2024 06:16:46 +0000

Hackers often weaponize LNK files because they can carry malware into systems undetected by anyone. LNK files are shortcuts that, when opened, launch a malicious payload (like scripts or executables). LNK files are widely used in Windows environments and can easily pass themselves off as genuine files, making it hard for users to suspect their […]

The post Turla Hackers Weaponizing LNK-Files To Deploy Fileless Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.