2007, Information Security and Phishing

France links Russian APT28 to attacks on dozen French entities

Security Affairs

APRIL 30, 2025

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election. . CVE-2023-23397 ).

Government

Government Phishing DNS VPN

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

JUNE 3, 2024

Researchers at Insikt Group observed Russian GRU’s unit APT28 targeting networks across Europe with information-stealer Headlace and credential-harvesting web pages. In December 2023, researchers from Proofpoint and IBM detailed a new wave of APT spear-phishing attacks relying on multiple lure content to deliver Headlace malware.

Malware

Malware Phishing Surveillance Internet

Long-existing Bandook RAT targets Windows machines

Security Affairs

JANUARY 8, 2024

Reseachers from Fortinet observed a new variant of a remote access trojan dubbed Bandook that has been used in phishing attacks against Windows users. Bandook has been active since 2007, it has been continuously developed since then and was employed in several campaigns by different threat actors. 7z file.

Malware

Malware Phishing Passwords Hacking

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Security Affairs

MARCH 20, 2020

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. The group was involved also in the string of attacks that targeted 2016 Presidential election.

Phishing

Phishing Accountability Advertising DNS

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Security Affairs

DECEMBER 10, 2020

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. ” concludes the report.

Malware

Malware Phishing Government Data collection

Financially motivated Earth Lusca threat actors targets organizations worldwide

Security Affairs

JANUARY 18, 2022

Trend Micro researchers spotted an elusive threat actor, called Earth Lusca, that targets organizations worldwide via spear-phishing and watering hole attacks. . The Winnti group was first spotted by Kaspersky in 2013, but according to the researchers the gang has been active since 2007. Both clusters served as a C&C server.

Cryptocurrency

Cryptocurrency Media Social Engineering Phishing

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. According to the Google Threat Horizons report, the state-sponsored hackers sent fake job offers to employees at the security companies. . ” reads the Google Threat Horizons report.

Malware

Malware Phishing Antivirus Hacking

Google warns of APT28 attack attempts against 14,000 Gmail users

Security Affairs

OCTOBER 8, 2021

Google warned more than 14,000 Gmail users that they have been the target of nation-state spear-phishing campaigns. Shane Huntley, the head of the Threat Analysis Group (TAG), wrote on Twitter that his group had sent an above-average batch of government-backed security warnings. . .” Pierluigi Paganini.

Phishing

Phishing Government Hacking Accountability

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

The APT28 group (aka Forest Blizzard , Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government

Government Education Phishing Malware

FBI and NSA joint report details APT28’s Linux malware Drovorub

Security Affairs

AUGUST 13, 2020

” The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Malware

Malware Advertising IoT Government

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Security Affairs

OCTOBER 27, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government

Government Accountability Phishing Hacking

Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs

Security Affairs

FEBRUARY 9, 2021

The developers behind the NextGen Gallery plugin have fixed two critical Cross-site request forgery (CSRF) vulnerabilities, their exploitation could lead to a site takeover, malicious redirects, spam injection, phishing, and other malicious activities. The plugin receives over 1.5

Social Engineering

Social Engineering Firewall Engineering Phishing

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

In recent attacks, the kill chain starts with spear-phishing emails that were specially crafted for one specific recipient per target organization, a circumstance that suggests a deep knowledge of the targets that results from a prior reconnaissance. . ” continues the report. To deploy the coin miners, BISMUTH first dropped a .dat

Cryptocurrency

Cryptocurrency Antivirus Government Manufacturing

A new Fancy Bear backdoor used to target political targets

Security Affairs

SEPTEMBER 24, 2019

The Fancy Bear APT group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. ” The threat actors used phishing messages containing a malicious attachment that launches a long chain of downloaders , ending with a backdoor. dotm hosted at Dropbox.

Advertising

Advertising Phishing Malware Hacking

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Security Affairs

DECEMBER 5, 2023

Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group was involved also in the string of attacks that targeted 2016 Presidential election. The group operates out of military unity 26165 of the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

Accountability

Accountability Government Phishing Passwords

Microsoft disrupted APT28 attacks on Ukraine through a court order

Security Affairs

APRIL 8, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government

Government Media Malware Hacking

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Security Affairs

DECEMBER 7, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government

Government Telecommunications Accountability Phishing

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The group was involved also in the string of attacks that targeted 2016 Presidential election.

System Administration

System Administration Government Phishing Malware

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

Security Affairs

FEBRUARY 25, 2021

The attack chain starts with COVID19-themed spear-phishing messages that contain either a malicious Word attachment or a link to one hosted on company servers. . The experts discovered the custom backdoor while investigating an incident, it was used by attackers for lateral movements and data exfiltration.

Malware

Malware Cryptocurrency Password Management Encryption

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Security Affairs

APRIL 20, 2021

BMP) image files in a recent spear-phishing campaign targeting entities in South Korea. . Experts from Malwarebytes have uncovered a spear-phishing attack conducted by a North Korea-linked Lazarus APT group that obfuscated a malicious code within a bitmap (.BMP) North Korea-linked Lazarus APT group is abusing bitmap (.BMP)

Phishing

Phishing Hacking Cryptocurrency Malware

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Security Affairs

JUNE 21, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Hacking

Hacking Government Phishing Malware

Mandiant identifies 3 hacktivist groups working in support of Russia

Security Affairs

SEPTEMBER 27, 2022

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

DDOS

DDOS Cyber threats Phishing Hacking

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

Security Affairs

FEBRUARY 8, 2021

The attack chain leverage multiple vectors Telegram channels, SMS messages containing a link to the malware, phishing messages, and watering hole attacks involving Iranian websites. Threat actors used a large variety of covers to avoid detection, including: VIPRE Mobile Security – A fake mobile security application.

Surveillance

Surveillance Mobile Malware Cyber Attacks

China-linked APT41 group spotted using open-source red teaming tool GC2

Security Affairs

APRIL 17, 2023

The APT41 group, aka Winnti , Axiom, Barium , Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007. The attack took place in October 2022, threat actors sent phishing emails that contained links to a password-protected file hosted in Drive.

Media

Media Accountability Malware Government

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Security Affairs

JANUARY 27, 2022

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

Malware

Malware Hacking Phishing Ransomware

Lazarus malware delivered to South Korean users via supply chain attacks

Security Affairs

NOVEMBER 16, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. In August, F-Secure Labs experts observed a spear-phishing campaign targeting an organization in the cryptocurrency industry.

Malware

Malware Software Cryptocurrency Financial Services

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

Security Affairs

APRIL 19, 2023

The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Malware

Malware Firmware Government Education

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

Security Affairs

MARCH 2, 2019

In February 2019, SI-LAB captured multiple samples of phishing campaigns using an Office Excel document carrying a malicious Excel 4.0 This threat has been closely observed by researchers from Proofpoint that discovered the RAT used since the beginning of 2016 in targeted phishing campaigns as well as massive, multi-million message campaigns.

Malware

Malware Antivirus Technology Phishing

A taste of the latest release of QakBot

Security Affairs

MAY 6, 2021

A taste of the latest release of QakBot – one of the most popular and mediatic trojan bankers active since 2007. The malware QakBot , also known as Qbot , Pinkslipbot , and Quakbot is a banking trojan that has been made headlines since 2007. In the next workflow, we can learn how the QakBot infection chain works.

Malware

Malware Encryption Banking Software

Cyber Pearl Harbor Is Happening Right Now — It’s Ransomware

Daniel Miessler

SEPTEMBER 29, 2020

Since 2007 the InfoSec industry has been talking about TheBigOne™—the event that would change cyber threats from annoyances to existential concerns. Once they get in— via RDP or Phishing or Drive-bys —they are not only extorting people who want to get their data back. They called it Cyber Pearl Harbor.

Ransomware

Ransomware Government Social Engineering Small Business

NATO and the EU formally condemned Russia-linked APT28 cyber espionage

Security Affairs

MAY 5, 2024

” The APT28 group (aka Fancy Bear , Pawn Storm , Sofacy Group , Sednit , BlueDelta, and STRONTIUM ) has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

Government

Government Accountability Cyber Attacks Telecommunications

Is APT27 Abusing COVID-19 To Attack People ?!

Security Affairs

MARCH 19, 2020

Today, many reports are describing how infamous attackers are abusing such an emergency time to lure people by sending thematic email campaigns or by using thematic IM within Malware or Phishing links. It hijacks method on an old office 2007 component (Office Data Provider for – MSOSTYLE.exe). Stage 4 is decoded and run by Stage 3.

Computers and Electronics

Computers and Electronics Penetration Testing Malware Cyber Attacks

The Life and Death of Passwords: Improving Security With Passwords and People

Duo's Security Blog

MARCH 28, 2023

Humans are not the weakest link in information security. They’re the least invested in for security. Most of the attackers that you’ve seen usually start nowadays with a phishing attack. I’ve fallen for a phish. We need to get past this point where we think, “Oh, no one should ever fall for a phish.”

Passwords

Passwords Social Engineering Phishing Technology

North Korea-linked Lazarus APT targets the COVID-19 research

Security Affairs

DECEMBER 25, 2020

This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems. The wAgent backdoor allows the attackers to executed various shell commands to gather information from the infected device.

Cryptocurrency

Cryptocurrency Malware Hacking Phishing

Cyber Security Informer

France links Russian APT28 to attacks on dozen French entities

APT28 targets key networks in Europe with HeadLace malware

Trending Sources

Long-existing Bandook RAT targets Windows machines

Russia-linked APT28 has been scanning vulnerable email servers in the last year

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Financially motivated Earth Lusca threat actors targets organizations worldwide

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Google warns of APT28 attack attempts against 14,000 Gmail users

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

FBI and NSA joint report details APT28’s Linux malware Drovorub

France agency ANSSI warns of Russia-linked APT28 attacks on French entities

Critical flaws in NextGen Gallery WordPress plugin still impact over 500K installs

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

A new Fancy Bear backdoor used to target political targets

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Microsoft disrupted APT28 attacks on Ukraine through a court order

Russia-linked APT8 exploited Outlook zero-day to target European NATO members

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor

North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection

Russia-linked APT28 hacked Roundcube email servers of Ukrainian entities

Mandiant identifies 3 hacktivist groups working in support of Russia

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

China-linked APT41 group spotted using open-source red teaming tool GC2

North Korea-linked Lazarus APT used Windows Update client and GitHub in recent attacks

Lazarus malware delivered to South Korean users via supply chain attacks

US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws

[SI-LAB] FlawedAmmyy Leveraging Undetected XLM Macros as an Infection Vehicle

A taste of the latest release of QakBot

Cyber Pearl Harbor Is Happening Right Now — It’s Ransomware

NATO and the EU formally condemned Russia-linked APT28 cyber espionage

Is APT27 Abusing COVID-19 To Attack People ?!

The Life and Death of Passwords: Improving Security With Passwords and People

North Korea-linked Lazarus APT targets the COVID-19 research

Stay Connected