Security news aggregator

Latest coverage for Threat Actor

Coverage of named threat actors and intrusion sets examines reported incidents, infrastructure, disruption, and defensive guidance.

20 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Coverage under this tag concerns a named threat actor or intrusion set: an individual, group, or organized operation assessed to be responsible for malicious cyber activity. Reports may describe incidents, malware, attack infrastructure, disruption efforts, or analyst assessments. Attribution is often provisional, so actor names and reported links should be treated as intelligence judgments rather than established identity, nationality, sponsorship, or motive.

For defenders, such reporting can help connect incidents and prioritize monitoring, but indicators and techniques may be reused or become obsolete. Validate reported infrastructure, hashes, and behaviors against local telemetry; use confirmed weaknesses to guide vulnerability remediation and access controls. If activity is suspected, preserve relevant logs and evidence, contain affected accounts or systems, and coordinate investigation without relying on an actor label alone.

Showing 20 most recent headlines Filtered view

Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries to execute malicious code in what's seen as a sneakier attempt to stage a software supply chain attack

The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel

Bank Info Security 1 year, 3 months ago

Microsoft Warns Ransomware Actors Exploiting Windows Flaw

Tech Giant Says Threat Actors Are Exploiting a Flaw in Widely-Targeted Windows ToolRansomware threat actors are exploiting a zero-day vulnerability discovered in a highly targeted Windows logging system tool in a campaign in part targeting U.S. IT and real estate sectors, Microsoft confirmed in a Tuesday blog post urging customers to apply available patches.

Bank Info Security 1 year, 3 months ago

Russian APT Hacker Observed Deploying Unusual RDP Tactics

Espionage Campaign Mainly Targeted European OrganizationsA Russian nation state threat actor exploited "lesser known" features of Microsoft Windows remote desktop protocol to target European organizations for espionage. Hackers using RDP to deploy a malicious application and access data from victims.

Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office

Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control (C2) channel