APT Archives - Securezoo

Cyber actors continue to exploit Log4Shell vulnerability (CVE-2021-44228) in VMware Horizon Systems (updated)

Cybersecurity Attacks, Malware, Vulnerabilities & Exploits / Frank Crast / July 20, 2022 / APT, Aquatic Panda, CGCYBER, CISA, CVE-2021-44228, Cybersecurity Threat Center, Deep Panda, Log4j, log4Shell, UAG

The Cybersecurity and Infrastructure Security Agency (CISA) warns cyber actors continue to exploit Log4Shell vulnerability (CVE-2021-44228) in VMware Horizon Systems.

Cyber actors continue to exploit Log4Shell vulnerability (CVE-2021-44228) in VMware Horizon Systems (updated) Read More »

APT actors targeting ICS/SCADA Devices with custom tools

Cybersecurity Attacks / Frank Crast / April 18, 2022 / APT, CISA, DOE, ICS, OMRON, OPC UA, SCADA, Schneider

US Government cybersecurity experts are warning of advanced persistent threat (APT) actors using custom tools to target and compromise multiple industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices.

APT actors targeting ICS/SCADA Devices with custom tools Read More »

Deep Panda APT group launches new attacks against Log4Shell vulnerability to install Fire Chili rootkits

Cybersecurity Attacks, Malware, Vulnerabilities & Exploits / Frank Crast / April 2, 2022 / APT, CVE-2021-44228, Deep Panda, FortiLabs, Log4j, log4Shell

In the past month, researchers from FortiLabs have detected a new cyber campaign involving Chinese Advanced Persistent Threat (APT) group Deep Panda that has exploited the Log4Shell (log4j) vulnerability CVE-2021-44228 on vulnerable VMware Horizon servers to install digitally signed Fire Chili rootkits.

Deep Panda APT group launches new attacks against Log4Shell vulnerability to install Fire Chili rootkits Read More »

Threat hunters discover Aquatic Panda Log4Shell exploit attempts

Cybersecurity Attacks, Vulnerabilities & Exploits / Frank Crast / January 2, 2022 / Apache, APT, Aquatic Panda, CVE-2021-44228, Log4j, log4Shell

Threat hunters from CrowdStrike have discovered Aquatic Panda cyber gang using Log4Shell exploit tools in recent intrusion attempts against a customer.

Threat hunters discover Aquatic Panda Log4Shell exploit attempts Read More »

CISA and FBI alert: Attackers actively exploiting vulnerability in Zoho ManageEngine ServiceDesk Plus

Cybersecurity Attacks, Vulnerabilities & Exploits / Frank Crast / December 3, 2021 / APT, CISA, CVE-2021-44077, FBI, ServiceDesk, Zoho

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) issued a joint advisory warning attackers are actively exploiting a vulnerability CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus.

CISA and FBI alert: Attackers actively exploiting vulnerability in Zoho ManageEngine ServiceDesk Plus Read More »

Iranian state-sponsored APT actors target Microsoft Exchange and Fortinet vulnerabilities

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / November 18, 2021 / APT, ChamelGang, CVE-2018-13379, CVE-2019-5591, CVE-2020-12812, CVE-2021-34473, Exchange, Fortigate, Fortinet, ProxyShell, VPN

Iranian state-sponsored advanced persistent threat (APT) actors have been targeting and exploiting Microsoft Exchange and Fortinet vulnerabilities.

Iranian state-sponsored APT actors target Microsoft Exchange and Fortinet vulnerabilities Read More »

APT group ChamelGang targets Russian Energy and Aviation industries, 9 other countries

Cybersecurity Attacks, Malware, Vulnerabilities & Exploits / Frank Crast / October 2, 2021 / APT, aviation, BeaconLoader, ChamelGang, Cobalt Strike, CVE-2017-12149, DoorMe, energy, Exchange, FRP, ProxyShell, Tiny shell

A new advanced persistent threat (APT) group dubbed ChamelGang has been targeting Russian Energy and Aviation industries, as well as entities in 9 other countries.

APT group ChamelGang targets Russian Energy and Aviation industries, 9 other countries Read More »

U.S. government releases advisories and indictments related to “sophisticated Chinese state-sponsored activity”

Cybersecurity Attacks, Vulnerabilities & Exploits / Frank Crast / July 20, 2021 / APT, APT40, Chinese, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, Cybersecurity Threat Center, DOJ, Exchange, FBI, HSDD, MSS, NSA

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have observed “sophisticated Chinese state-sponsored activity” targeting multiple public and private sectors in the United States.

U.S. government releases advisories and indictments related to “sophisticated Chinese state-sponsored activity” Read More »

New Supernova malware analysis reveals new APT cyberattack methods against vulnerable SolarWinds infrastructure

Cybersecurity Attacks, Malware, Network Security, Vulnerabilities & Exploits / Frank Crast / April 26, 2021 / APT, CISA, CVE-2020-10148, malware, Orion, SolarWinds, Supernova

The Cybersecurity and Infrastructure Security Agency (CISA) has published a new analysis report on Supernova malware used in a cyberattack and long term compromise of an entity’s network and SolarWinds systems.

New Supernova malware analysis reveals new APT cyberattack methods against vulnerable SolarWinds infrastructure Read More »

FBI and CISA warn of Fortinet FortiOS vulnerability exploits

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 2, 2021 / APT, CISA, CVE-2018-13379, CVE-2019-5591, CVE-2020-12812, FBI, Fortinet, FortiOS, Zerologon

Cybersecurity experts from the FBI and CISA have issued a joint cybersecurity advisory warning of APT exploits of Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2019-5591 and CVE-2020-12812.

FBI and CISA warn of Fortinet FortiOS vulnerability exploits Read More »