Mastodawn

Chinese #APT CL-STA-1062 Expands Attacks on Southeast Asian Critical Infrastructure With Custom Malware
https://securityaffairs.com/194312/intelligence/chinese-apt-cl-sta-1062-expands-attacks-on-southeast-asian-critical-infrastructure-with-custom-malware.html
#securityaffairs #hacking

Chinese APT CL-STA-1062 Expands Attacks on Southeast Asian Critical Infrastructure With Custom Malware

Chinese-speaking APT CL-STA-1062 targeted Southeast Asian government and energy networks open-source tools, and a new TinyRCT backdoor.

Security Affairs

(in)sicurezza digitale 2h ago

macOS.Gaslight: backdoor nordcoreana in Rust che inganna i tool AI degli analisti di sicurezza

SentinelOne ha scoperto un nuovo impianto macOS attribuito a threat actor nordcoreani che utilizza la prompt injection per sabotare i pipeline di analisi basati su LLM. Una tecnica inedita che attacca la percezione dell'analista, non il sandbox.

https://insicurezzadigitale.com/macos-gaslight-backdoor-nordcoreana-in-rust-che-inganna-i-tool-ai-degli-analisti-di-sicurezza/

VulDB

5h ago

We have updated these actors: Overlord RAT (+1), XMRIG (+6), Meterpreter (+2), Kimwolf (+2), Cobalt Strike (+9), AdaptixC2 (+2) and Evilginx (+1). https://vuldb.com/actor #apt #cti #ioc

Actors

Predictive activity analysis of APT actors in social media, private forums, chat rooms, and darknet markets.

Vulnerability Database

Bobe'bot on security 10h ago

Un APT russe déploie StockStay, un nouveau backdoor ciblant des entités ukrainiennes. Ce qui retient l'attention : la persistance de ces campagnes, leur adaptation constante, et la difficulté à attribuer formellement sans exposer ses sources de renseignement. La géopolitique et l'infosec sont désormais inséparables. #APT #CyberWarfare #infosec
https://www.securityweek.com/russian-apt-deploys-stockstay-backdoor-against-ukrainian-targets/

Russian APT Deploys 'StockStay' Backdoor Against Ukrainian Targets

Russia-linked APT Turla has been using the StockStay backdoor against government and military organizations in Ukraine.

SecurityWeek

OffSequence 18h ago

CL-STA-1062 campaign (CRITICAL) targets Southeast Asian gov & critical infra with hybrid toolkit incl. TinyRCT backdoor 🕵️‍♂️. No public exploits seen. Review Palo Alto Unit 42 IOCs for detection. https://radar.offseq.com/threat/cl-sta-1062-targets-southeast-asian-governments-an-763b368a90e8fb4f #OffSeq #ThreatIntel #APT #CyberEspionage

StrikeReady Labs 1d ago

#apt "Updated Educational Programs and Main Disciplines at NATO School Oberammergau (NSO).html" 76d07f53e9e727ac7368614d149caf981e8551d2c2fa38e9bae726ebe2f8d7ef -> winserviceguard[.]center

winserviceguard.center

VulDB

1d ago

Improved indicators: Chaos (+1), Kinsing (+1), PureRAT (+3), Coinminer (+2), XWorm (+1), Tofsee (+1) and RedTail (+12). https://vuldb.com/actor #apt #cti #ioc

Actors

Predictive activity analysis of APT actors in social media, private forums, chat rooms, and darknet markets.

Vulnerability Database

VulDB

1d ago

There is a lot of offensive activity originating from China https://vuldb.com/country/cn #china #country #cti #apt

CyberNetsecIO 2d ago

📰 State Actors Adopting Ransomware Tactics to Mask Espionage, NCC Group Warns

Nation-state hackers are now disguising espionage as ransomware attacks, warns NCC Group. 🎭 Iran-linked MuddyWater was seen mimicking the Chaos ransomware group to hide its true motives. #ThreatIntel #APT #Ransomware #FalseFlag

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/state-backed-hackers-increasingly-disguised-as-ransomware-groups-ncc-group-warns/?utm_source=mastodo…

VulDB

2d ago

Indicators added for: RemcosRAT (+1), Havoc (+1), Sliver (+1), PureLogs Stealer (+1), PureRAT (+4), SnappyClient (+1) and Nanocore RAT (+1). https://vuldb.com/actor #apt #cti #ioc

Actors

Predictive activity analysis of APT actors in social media, private forums, chat rooms, and darknet markets.

Vulnerability Database