Tag
#APT
40 published stories tagged with APT.
Brief: MuddyWater activity masquerades as Chaos ransomware
SecurityWeek reported that Iranian APT-linked activity masqueraded as Chaos ransomware while focusing on social engineering, persistent access, remote access tooling, lateral movem
Defender Guidance: MuddyWater activity masquerades as Chaos ransomware
SecurityWeek reported that Iranian APT-linked activity masqueraded as Chaos ransomware while focusing on social engineering, persistent access, remote access tooling, lateral movem
Detection Notes: MuddyWater activity masquerades as Chaos ransomware
SecurityWeek reported that Iranian APT-linked activity masqueraded as Chaos ransomware while focusing on social engineering, persistent access, remote access tooling, lateral movem
Risk Brief: MuddyWater activity masquerades as Chaos ransomware
SecurityWeek reported that Iranian APT-linked activity masqueraded as Chaos ransomware while focusing on social engineering, persistent access, remote access tooling, lateral movem
Brief: Chinese APT abuses cloud tools to spy on Mongolia
Dark Reading reported Chinese APT activity abusing cloud tools to spy on Mongolia. Cloud logs, identity telemetry, and sanctioned OAuth application review are key defensive areas.
Defender Guidance: Chinese APT abuses cloud tools to spy on Mongolia
Dark Reading reported Chinese APT activity abusing cloud tools to spy on Mongolia. Cloud logs, identity telemetry, and sanctioned OAuth application review are key defensive areas.
Detection Notes: Chinese APT abuses cloud tools to spy on Mongolia
Dark Reading reported Chinese APT activity abusing cloud tools to spy on Mongolia. Cloud logs, identity telemetry, and sanctioned OAuth application review are key defensive areas.
Risk Brief: Chinese APT abuses cloud tools to spy on Mongolia
Dark Reading reported Chinese APT activity abusing cloud tools to spy on Mongolia. Cloud logs, identity telemetry, and sanctioned OAuth application review are key defensive areas.
Brief: Tropic Trooper activity involves home routers and Japan targeting
Dark Reading reported Tropic Trooper activity involving home routers and Japan-related targeting. Edge and home-office routers remain useful attacker infrastructure.
Defender Guidance: Tropic Trooper activity involves home routers and Japan targeting
Dark Reading reported Tropic Trooper activity involving home routers and Japan-related targeting. Edge and home-office routers remain useful attacker infrastructure.
Detection Notes: Tropic Trooper activity involves home routers and Japan targeting
Dark Reading reported Tropic Trooper activity involving home routers and Japan-related targeting. Edge and home-office routers remain useful attacker infrastructure.
Risk Brief: Tropic Trooper activity involves home routers and Japan targeting
Dark Reading reported Tropic Trooper activity involving home routers and Japan-related targeting. Edge and home-office routers remain useful attacker infrastructure.
Brief: BlueNoroff uses fake Zoom calls in social engineering campaigns
Dark Reading reported BlueNoroff activity using fake Zoom calls. Defenders should treat meeting-themed lures as credential and malware delivery risks.
Defender Guidance: BlueNoroff uses fake Zoom calls in social engineering campaigns
Dark Reading reported BlueNoroff activity using fake Zoom calls. Defenders should treat meeting-themed lures as credential and malware delivery risks.
Detection Notes: BlueNoroff uses fake Zoom calls in social engineering campaigns
Dark Reading reported BlueNoroff activity using fake Zoom calls. Defenders should treat meeting-themed lures as credential and malware delivery risks.
Risk Brief: BlueNoroff uses fake Zoom calls in social engineering campaigns
Dark Reading reported BlueNoroff activity using fake Zoom calls. Defenders should treat meeting-themed lures as credential and malware delivery risks.
Brief: China-nexus hackers persist in Southeast Asian military environments
Dark Reading reported that China-nexus hackers maintained access in Southeast Asian military environments. Long dwell time requires identity, endpoint, and network retrospective hu
Defender Guidance: China-nexus hackers persist in Southeast Asian military environments
Dark Reading reported that China-nexus hackers maintained access in Southeast Asian military environments. Long dwell time requires identity, endpoint, and network retrospective hu
Detection Notes: China-nexus hackers persist in Southeast Asian military environments
Dark Reading reported that China-nexus hackers maintained access in Southeast Asian military environments. Long dwell time requires identity, endpoint, and network retrospective hu
Risk Brief: China-nexus hackers persist in Southeast Asian military environments
Dark Reading reported that China-nexus hackers maintained access in Southeast Asian military environments. Long dwell time requires identity, endpoint, and network retrospective hu
Brief: Sednit activity resurfaces in recent threat reporting
Dark Reading reported renewed Sednit activity. Organizations in likely target sectors should validate phishing controls, endpoint visibility, and incident escalation.
Defender Guidance: Sednit activity resurfaces in recent threat reporting
Dark Reading reported renewed Sednit activity. Organizations in likely target sectors should validate phishing controls, endpoint visibility, and incident escalation.
Detection Notes: Sednit activity resurfaces in recent threat reporting
Dark Reading reported renewed Sednit activity. Organizations in likely target sectors should validate phishing controls, endpoint visibility, and incident escalation.
Risk Brief: Sednit activity resurfaces in recent threat reporting
Dark Reading reported renewed Sednit activity. Organizations in likely target sectors should validate phishing controls, endpoint visibility, and incident escalation.
Brief: Fancy Bear secrets theft activity remains a priority threat
Dark Reading reported Fancy Bear activity focused on secrets theft. Defenders should watch for credential harvesting, cloud token abuse, and suspicious OAuth grants.
Defender Guidance: Fancy Bear secrets theft activity remains a priority threat
Dark Reading reported Fancy Bear activity focused on secrets theft. Defenders should watch for credential harvesting, cloud token abuse, and suspicious OAuth grants.
Detection Notes: Fancy Bear secrets theft activity remains a priority threat
Dark Reading reported Fancy Bear activity focused on secrets theft. Defenders should watch for credential harvesting, cloud token abuse, and suspicious OAuth grants.
Risk Brief: Fancy Bear secrets theft activity remains a priority threat
Dark Reading reported Fancy Bear activity focused on secrets theft. Defenders should watch for credential harvesting, cloud token abuse, and suspicious OAuth grants.
Brief: Tomiris updates Havoc-based tooling and tactics
Dark Reading reported Tomiris activity involving Havoc tooling and tactical changes. Defenders should monitor for C2 frameworks and post-exploitation behavior.
Defender Guidance: Tomiris updates Havoc-based tooling and tactics
Dark Reading reported Tomiris activity involving Havoc tooling and tactical changes. Defenders should monitor for C2 frameworks and post-exploitation behavior.
Detection Notes: Tomiris updates Havoc-based tooling and tactics
Dark Reading reported Tomiris activity involving Havoc tooling and tactical changes. Defenders should monitor for C2 frameworks and post-exploitation behavior.
Risk Brief: Tomiris updates Havoc-based tooling and tactics
Dark Reading reported Tomiris activity involving Havoc tooling and tactical changes. Defenders should monitor for C2 frameworks and post-exploitation behavior.
Brief: Iran MOIS reported collaborating with criminal cyber actors
Dark Reading reported Iran MOIS collaboration with criminal actors. Attribution should follow source confidence, but defenders should expect overlap between state and criminal trad
Defender Guidance: Iran MOIS reported collaborating with criminal cyber actors
Dark Reading reported Iran MOIS collaboration with criminal actors. Attribution should follow source confidence, but defenders should expect overlap between state and criminal trad
Detection Notes: Iran MOIS reported collaborating with criminal cyber actors
Dark Reading reported Iran MOIS collaboration with criminal actors. Attribution should follow source confidence, but defenders should expect overlap between state and criminal trad
Risk Brief: Iran MOIS reported collaborating with criminal cyber actors
Dark Reading reported Iran MOIS collaboration with criminal actors. Attribution should follow source confidence, but defenders should expect overlap between state and criminal trad
Brief: Chinese cyber threat activity focuses on critical Asian sectors
Dark Reading reported China-linked cyber threat activity in critical Asian sectors for years. Long-term intrusion risk requires strategic threat hunting and asset visibility.
Defender Guidance: Chinese cyber threat activity focuses on critical Asian sectors
Dark Reading reported China-linked cyber threat activity in critical Asian sectors for years. Long-term intrusion risk requires strategic threat hunting and asset visibility.
Detection Notes: Chinese cyber threat activity focuses on critical Asian sectors
Dark Reading reported China-linked cyber threat activity in critical Asian sectors for years. Long-term intrusion risk requires strategic threat hunting and asset visibility.
Risk Brief: Chinese cyber threat activity focuses on critical Asian sectors
Dark Reading reported China-linked cyber threat activity in critical Asian sectors for years. Long-term intrusion risk requires strategic threat hunting and asset visibility.