Russian APT 'Gamaredon' Upgrades Its Arsenal, Requiring New Defenses
The FSB state-sponsored operation has gotten a lot better at loading its malware and hiding its servers.
An advanced persistent threat is a stealthy, long-term intrusion that maintains access to systems to steal data or disrupt operations.
Search across headline titles and summaries.
Background for this topic.
Advanced Persistent Threat describes a prolonged and targeted cyber intrusion where attackers maintain covert access to a network over extended periods. These intrusions often use customized malware, spear-phishing, and exploitation of specific vulnerabilities to avoid detection and sustain control. The focus is typically on intelligence collection, data theft, or strategic disruption rather than immediate financial gain.
For defenders, APTs pose significant challenges due to their stealth and adaptability, often bypassing traditional security tools. Effective defense involves continuous monitoring for unusual activity, timely patching of vulnerabilities exploited by these actors, and leveraging threat intelligence to recognize known intrusion patterns. Early identification and containment are crucial to limit damage and prevent persistent unauthorized access.
Weekly headline count for the current query.
The FSB state-sponsored operation has gotten a lot better at loading its malware and hiding its servers.
The advanced persistent threat group also relied on SOCKS proxies like SoftEther VPN, tunneling tools that act as a middleman between victim and attacker.
"Showboat" doesn't show off, but clearly it doesn't need to, as it's long helped China spy on small market communications providers.
Attackers uniquely fingerprint victims before delivering spear-phishing payloads aimed at espionage, in the latest campaign from the Belarussian nation-state threat group.
The cyberthreat group targets an Azerbaijani oil and gas firm with repeated attacks, as the China-linked actors extend targeting beyond hospitality, telecom, and government sectors.
More than 1,600 socially engineered messages from the China-backed advanced persistent threat (APT) group target various sectors to deliver the previously undocumented ABCDoor backdoor, ValleyRAT, and other malware.
The Chinese state-sponsored cyber threat is known for moving fast and trying odd attack vectors; now it's branching out in tools, victimology, and TTPs.
The threat actor gave itself plenty of options to support command and control, tapping Microsoft Outlook, Slack, Discord, and file.io for online espionage.
China is spying on India's financial sector, for some reason, and it's not putting much effort into it, judging by some stale TTPs.
Victims don't need to match the cyber espionage group's technical sophistication, experts say. But patching and some form of zero trust are now non-negotiable.
Iranian APTs are blurring the lines between state-sponsored and cybercriminal activities to target high-impact US organizations.
Chinese APT Red Menshen's super-advanced BPFdoor malware defeats traditional cybersecurity protections. All telcos can do, really, is try hunting it down.
Iranian APTs have long pretended to be cybercriminal groups. Now they're working with actual cybercriminal groups.
DPRK worker scams are old hat, but they're still working, thanks to AI tools that help with everything from face swapping to daily emails.
India-nexus cyber threat actors are growing more active and sophisticated, using custom tools coded in Rust and cloud-based command and control.
Advanced persistent threat (APT) groups have deployed new cyber weapons against a variety of targets, highlighting the increasing threats to the region.
Researchers attributed the failed attempt to the infamous Russian APT Sandworm, which is notorious for wiper attacks on critical infrastructure organizations.
A state-sponsored threat group tracked as "Kimsuky" sent QR-code-filled phishing emails to US and foreign government agencies, NGOs, and academic institutions.
"Fancy Bear" relies on basic techniques that are highly effective, often delivering greater ROI than more complex malware-heavy operations.
The April/May zero-day exploitations of Ivanti's mobile device management platform meant unprecedented pwning of thousands of orgs by a Chinese APT — and history will probably repeat itself.