State-sponsored hackers know enterprise VPN appliances inside out

Suspected Chinese state-sponsored hackers leveraging Ivanti Connect Secure VPN flaws to breach a variety of organizations have demonstrated “a nuanced understanding of the appliance”, according to Mandiant incident responders and threat hun… Continue reading State-sponsored hackers know enterprise VPN appliances inside out

How are state-sponsored threat actors leveraging AI?

Microsoft and OpenAI have identified attempts by various state-affiliated threat actors to use large language models (LLMs) to enhance their cyber operations. Threat actors use LLMs for various tasks Just as defenders do, threat actors are leveraging A… Continue reading How are state-sponsored threat actors leveraging AI?

Chinese hackers breached Dutch Ministry of Defense

Chinese state-sponsored hackers have breached the Dutch Ministry of Defense (MOD) last year and deployed a new remote access trojan (RAT) malware to serve as a backdoor. “The effects of the intrusion were limited because the victim network was se… Continue reading Chinese hackers breached Dutch Ministry of Defense

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631)

The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers. “Exploitation … Continue reading Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631)

State-sponsored APTs are leveraging WinRAR bug

A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows. CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE v… Continue reading State-sponsored APTs are leveraging WinRAR bug

Russian APT phished government employees via Microsoft Teams

An APT group linked to Russia’s Foreign Intelligence Service has hit employees of several dozen global organizations with phishing attacks via Microsoft Teams, says Microsoft. A social engineering attack to bypass MFA protection “To facilit… Continue reading Russian APT phished government employees via Microsoft Teams

North Korean hackers targeted tech companies through JumpCloud and GitHub

North Korean state-sponsored hackers have been linked to two recent cyberattack campaigns: one involving a spear-phishing attack on JumpCloud and the other targeting tech employees on GitHub through a social engineering campaign. The JumpCloud intrusio… Continue reading North Korean hackers targeted tech companies through JumpCloud and GitHub

Thanks Storm-0558! Microsoft to expand default access to cloud logs

Starting in September 2023, more federal government and commercial Microsoft customers will have access to expanded cloud logging capabilities at no additional charge, Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) have annou… Continue reading Thanks Storm-0558! Microsoft to expand default access to cloud logs

Five Eyes agencies detail how Chinese hackers breached US infrastructure

The National Security Agency (NSA) and Five Eyes partner agencies have identified indicators of compromise associated with a People’s Republic of China (PRC) state-sponsored cyber actor dubbed Volt Typhoon, which is using living off the land techniques… Continue reading Five Eyes agencies detail how Chinese hackers breached US infrastructure