APT
朝鲜APT Kimsuky 团伙利用新ScreenConnect 漏洞作案
黑客正在利用最近披露的 ScreenConnect 漏洞来部署先前与朝鲜威胁组织Kimsuky相关的恶意软件菌株的新变种。这种新恶意软件被 Kroll 的研究人员称为 ToddlerSh...
猎影追踪:APT37利用朝鲜政治话题针对韩国的攻击活动分析
近日,安恒信息猎影实验室在日常威胁狩猎中发现APT37组织多次利用朝鲜相关政治话题诱饵,向目标用户下发ROKRAT木马窃取信息。针对韩国的APT组织APT37组织又名...
Russian cyberespionage group APT29 targeting cloud vulnerabilities
APT29 uses brute forcing and password spraying attacks to access service accounts. (Adobe Stock) APT29 使用暴力破解和密码喷射攻击来访问服务帐户。 ...
CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day
The Trend Micro Zero Day Initiative discovered the vulnerability CVE-2024-21412 which we track as ZDI-CAN-23100, and alerted Microsoft of a Microso...
WINRAR RCE VULNERABILITY SPOTLIGHT: APT29’S ZERO-DAY TACTICS
Introduction 介绍 During the beginning of September 2023, APT29, a group linked with Russia’s Foreign Intelligence Service (SVR) conducted a cybera...
TinyTurla-NG in-depth tooling and command and control analysis
Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the in...
TinyTurla Next Generation – Turla APT spies on Polish NGOs
Cisco Talos has identified a new backdoor authored and operated by the Turla APT group, a Russian cyber espionage threat group. This new backdoor w...
疑似DuckTail组织针对性攻击活动分析
背景介绍近期山石网科捕获到了一批疑似与黑客组织DuckTail相关的针对数字营销人员进行的安全事件。Ducktail 组织由国外安全厂商于2022年披露,其攻击活动至少...
APT37组织主战远控武器RokRAT更新迭代部分执行流程
前言各个师傅新年好奥,希望今年都好一点。从威胁情报渠道获取到比较新的APT37组织主战武器RokRAT样本,相比以往的RokRAT样本,此次样本在执行流程和细节上有...
APT-C-24(SideWinder)组织新威胁:基于Nim的载荷浮出水面
APT-C-24 响尾蛇APT-C-24 (响尾蛇)是一个活跃于南亚地区的APT组织,最早活跃可追溯到2012年,其主要攻击国家包括巴基斯坦、阿富汗、尼泊尔、不丹、缅甸...