Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
An advanced persistent threat is a stealthy, long-term intrusion that maintains access to systems to steal data or disrupt operations.
Search across headline titles and summaries.
Background for this topic.
Advanced Persistent Threat describes a prolonged and targeted cyber intrusion where attackers maintain covert access to a network over extended periods. These intrusions often use customized malware, spear-phishing, and exploitation of specific vulnerabilities to avoid detection and sustain control. The focus is typically on intelligence collection, data theft, or strategic disruption rather than immediate financial gain.
For defenders, APTs pose significant challenges due to their stealth and adaptability, often bypassing traditional security tools. Effective defense involves continuous monitoring for unusual activity, timely patching of vulnerabilities exploited by these actors, and leveraging threat intelligence to recognize known intrusion patterns. Early identification and containment are crucial to limit damage and prevent persistent unauthorized access.
Weekly headline count for the current query.
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
U.S. Treasury blocked the business of the virtual currency mixer for laundering more than $7 billion for hackers, including $455 million to help fund North Korea’s missile program.
Since 2021, various state-aligned threat groups have turned up their targeting of journalists to siphon data and credentials and also track them.
In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M.
The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.
The threat actor targets institutions and companies in Europe and Asia.
Evidence suggests that a just-discovered APT has been active since 2013.
Analysts have uncovered an Iran-linked APT sending malicious emails to top Israeli government officials.
Research indicates that organizations should make patching existing flaws a priority to mitigate risk of compromise.
A state-sponsored threat actor designed a house-of-cards style infection chain to exfiltrate massive troves of highly sensitive data.
The threat group known as TA410 that wields the sophisticated FlowCloud RAT actually has three subgroups operating globally, each with their own toolsets and targets.
At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine's digital infrastructure.
Threat actors have developed custom modules to compromise various ICS devices as well as Windows workstations that pose an imminent threat, particularly to energy providers.
Mustang Panda's already sophisticated cyberespionage campaign has matured even further with the introduction of a brand-new PlugX RAT variant.
A DarkHotel phishing campaign breached luxe hotel networks, including Wynn Palace and the Grand Coloane Resort in Macao, a new report says.
The Russian-speaking APT behind the NotPetya attacks and the Ukrainian power grid takedown could be setting up for additional sinister attacks, researchers said.
Also on the rise: DDoS attacks against Ukrainian sites and phishing activity capitalizing on the conflict, with China's Mustang Panda targeting Europe.
Since 2017, the attacker has flung simple off-the-shelf malware in malicious email campaigns aimed at aviation, aerospace, transportation and defense.
Researchers from Proofpoint have spotted a new Middle East-targeted phishing campaign that delivers a novel malware dubbed NimbleMamba.
The notorious Iranian APT is fortifying its arsenal with new malicious tools and evasion tactics and may even be behind the Memento ransomware.