'BellaCiao' Showcases How Iran's Threat Groups Are Modernizing Their Malware
The dropper is being used in a Charming Kitten APT campaign that has hit organizations in multiple countries.
An advanced persistent threat is a stealthy, long-term intrusion that maintains access to systems to steal data or disrupt operations.
Search across headline titles and summaries.
Background for this topic.
Advanced Persistent Threat describes a prolonged and targeted cyber intrusion where attackers maintain covert access to a network over extended periods. These intrusions often use customized malware, spear-phishing, and exploitation of specific vulnerabilities to avoid detection and sustain control. The focus is typically on intelligence collection, data theft, or strategic disruption rather than immediate financial gain.
For defenders, APTs pose significant challenges due to their stealth and adaptability, often bypassing traditional security tools. Effective defense involves continuous monitoring for unusual activity, timely patching of vulnerabilities exploited by these actors, and leveraging threat intelligence to recognize known intrusion patterns. Early identification and containment are crucial to limit damage and prevent persistent unauthorized access.
The dropper is being used in a Charming Kitten APT campaign that has hit organizations in multiple countries.
Researchers observed downloads of installers for the APT's flagship backdoor, MgBot, when users at a Chinese NGO were updating legitimate applications.
The findings come from Kaspersky's latest APT trends report for the first quarter of 2023
An old threat actor is making its comeback, sending around their old malware with a new tint.
The Chinese APT hacking group known as 'Evasive Panda' are behind a mysterious attack that distributed the MsgBot malware as part of an automatic update for the Tencent QQ messaging app. [...]
The advanced persistent threat (APT) group referred to as Evasive Panda has been observed targeting an international non-governmental organization (NGO) in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ
The Iranian threat actor displays activity similar to that of other advanced persistent threat groups.
Researchers are unraveling the threads connecting two separate, but in some ways overlapping, Russian-language APTs.
Deployed malware aims to steal internal documents from CIS government and diplomatic entities