Cyber Espionage Archives - GBHackers Security | #1 Globally Trusted Cyber Security News Platform

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Aman Mishra — Mon, 14 Oct 2024 16:01:06 +0000

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on critical infrastructure in the UAE and wider Gulf region. The group employs sophisticated techniques to gain unauthorized access and exfiltrate sensitive data, such as using a new backdoor to steal credentials via on-premises Microsoft Exchange servers by exploiting vulnerabilities like CVE-2024-30088 […]

The post OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

UNC2970 Hackers Attacking Job Seekers Using Weaponized PDF Reader

Aman Mishra — Wed, 18 Sep 2024 11:46:24 +0000

UNC2970, a North Korean cyber espionage group, used customized SumatraPDF trojans to deliver MISTPEN backdoors to victims through phishing emails pretending to be job recruiters. The group targeted the energy and aerospace industries, copying job descriptions and engaging with victims via email and WhatsApp. It modifies job descriptions to target specific victims in U.S. critical […]

The post UNC2970 Hackers Attacking Job Seekers Using Weaponized PDF Reader appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Chinese Hackers Using Open Source Tools To Launch Cyber Attacks

Varshini — Tue, 10 Sep 2024 14:14:10 +0000

Three Chinese state-backed threat groups, APT10, GALLIUM, and Stately Taurus, have repeatedly employed a modified version of the open-source network scanning tool NBTscan over the past decade. NBTscan, designed for network discovery and forensics, sends NetBIOS status queries to IP addresses within a specified range. By analyzing the responses, it extracts valuable information like IP […]

The post Chinese Hackers Using Open Source Tools To Launch Cyber Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Operation DevilTiger, APT Hackers 0-Day Exploitation Tactics Exposed

Raga Varshini — Tue, 03 Sep 2024 07:38:14 +0000

The APT-Q-12 group, also known as Pseudo Hunter, is a Northeast Asian threat actor linked to Darkhotel, which primarily targets East Asian countries, including China, North Korea, Japan, and South Korea. They employ sophisticated techniques to infiltrate systems and steal sensitive data by use of various plug-ins, such as Durain and Peach, demonstrating their adaptability […]

The post Operation DevilTiger, APT Hackers 0-Day Exploitation Tactics Exposed appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Iranian APT42 Actors Conducting World Wide Surveillance Operations

Tushar Subhra — Wed, 14 Aug 2024 12:10:40 +0000

APT42 (aka Damselfly, UNC788, CALANQUE, Charming Kitten) is a sophisticated Iranian state-sponsored cyber espionage group. This Advanced Persistent Threat (APT) group is known for its ability to carry out long-term and focused digital surveillance campaigns. The major targets of such actions are often government bodies, defense contractors, and critical infrastructure. Cybersecurity researchers at Cyfirma recently […]

The post Iranian APT42 Actors Conducting World Wide Surveillance Operations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Tushar Subhra — Thu, 18 Jul 2024 13:38:47 +0000

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and often have extensive community support, making them easy to modify and deploy. Besides this, open-source tools can be customized to evade detection, automate tasks, and leverage existing vulnerabilities, enabling threat actors to conduct sophisticated attacks efficiently. Recorded Future’s Insikt Group uncovered […]

The post TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

Aman Mishra — Mon, 15 Jul 2024 08:10:18 +0000

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to target military personnel in the Middle East by leveraging social engineering tactics and using military-themed lures to trick victims into downloading the malware. Based on a preexisting RAT (Remote Access Trojan) called Dendroid, GuardZoo grants attackers remote control over the infected […]

The post GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Kimusk’s HappyDoor Executed Via regsvr32 File To Evade Detection

Tushar Subhra — Fri, 05 Jul 2024 10:55:46 +0000

Kimsuky, also known as the Velvet Chollima, Black Banshee, THALLIUM, or Emerald Sleet, is a North Korean state-sponsored advanced cyber espionage group that uses sophisticated methods to target political, economic, and national security interests for various countries. They are very dangerous on the international cyber stage as they constantly change their approach and think out […]

The post Kimusk’s HappyDoor Executed Via regsvr32 File To Evade Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

OilRig Hackers Attacking Individuals And Organizations In The Middle East

Tushar Subhra — Wed, 26 Jun 2024 12:07:16 +0000

OilRig is an Iranian-linked cyber espionage group that has been active since 2015, and this group is known for its sophisticated spear-phishing campaigns and advanced infiltration techniques. This group conducts a multitude of cyber attacks against various sectors, and among them, the most executed ones are intelligence gathering, surveillance, and high-profile cyberattacks. Besides this, cybersecurity […]

The post OilRig Hackers Attacking Individuals And Organizations In The Middle East appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Chinese UNC3886 Actors Exploiting VMware, Fortinet 0-days For Spying

Eswar — Fri, 21 Jun 2024 06:44:24 +0000

In 2021, UNC3886, a suspected China nexus cyber espionage actor, was found to be targeting strategic organizations on a large scale, utilizing multiple vulnerabilities in FortiOS and VMware to install backdoors on the infected machines. Fortinet and VMware have released patches to fix the vulnerabilities. However, further investigations on the threat actor’s attack vector revealed […]

The post Chinese UNC3886 Actors Exploiting VMware, Fortinet 0-days For Spying appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.