All articles tagged with #apt
Debian's APT package manager will require Rust support by May 2026, prompting Debian ports lacking Rust to either develop support or be discontinued, emphasizing modern tool adoption for future development.
Hackers from the Stealth Falcon group exploited a zero-day vulnerability in Windows WebDav (CVE-2025-33053) to conduct stealthy cyberespionage against Middle Eastern defense and government organizations since March 2025, using remote code execution to drop malware and maintain operational stealth. Microsoft patched the flaw, but the attack techniques involved manipulating WebDAV paths to execute malicious code remotely, leading to the deployment of advanced malware tools like Horus Loader and Horus Agent. Organizations are advised to update Windows promptly and monitor WebDAV traffic for suspicious activity.
ESET researchers have discovered a new Linux backdoor named WolfsBane, attributed to the Gelsemium APT group, marking the first known use of Linux malware by this China-aligned threat actor. WolfsBane is the Linux counterpart to the Windows-based Gelsevirine backdoor, used for cyberespionage. Another backdoor, FireWood, was also found but is only tentatively linked to Gelsemium. This shift towards Linux malware by APT groups is attributed to enhanced security measures on Windows systems, prompting attackers to target vulnerabilities in Linux-based internet-facing systems.
Aptos (APT) is at a critical support level of $8.09, which could determine whether it rebounds or continues its decline. Recent data shows a significant sell-off, with APT dropping 6.61% in the last 24 hours and 10.05% over the past week. On-chain metrics indicate strong bearish pressure, with $1.65 million in liquidations, mostly from long positions. Declining Open Interest and rising Exchange Netflow suggest waning market confidence, potentially leading to further price drops.
ToddyCat, an advanced persistent threat (APT) actor, has been linked to a new set of malicious tools for data exfiltration, revealing insights into their tactics and capabilities. Kaspersky discovered this new arsenal, which includes loaders, a file collection tool, a Dropbox uploader, and an archive exfiltration tool. ToddyCat also utilizes custom scripts, a passive backdoor, Cobalt Strike, and compromised credentials for lateral movement. Check Point has revealed that government and telecom entities in Asia have been targeted by a similar campaign using "disposable" malware, with infrastructure overlapping with ToddyCat's operations.
Kaspersky has discovered a malware campaign that targets iPhones running up to iOS 15.7 through iMessage. The malware is a zero-click mechanism that triggers a vulnerability within the system, enabling the execution of malicious code without requiring any user interaction. The attack eradicates the initial message and exploit attachment to maintain its covert nature. The malicious software possesses the capability to gather both system and user data, as well as execute arbitrary code that is downloaded as plugin modules from the C&C server. Kaspersky's blog post provides comprehensive guidelines on determining whether your iOS device is infected with the malware.
Kaspersky has been hit by a cyberattack that used clickless exploits to infect the iPhones of several dozen employees with malware that collects microphone recordings, photos, geolocation, and other data. The attacks were part of a broader campaign by the US National Security Agency that infected several thousand iPhones belonging to people inside diplomatic missions and embassies in Russia, specifically from those located in NATO countries, post-Soviet nations, Israel, and China. A separate alert from the FSB, Russia's Federal Security Service, alleged Apple cooperated with the NSA in the campaign. An Apple representative denied the claim.
A new advanced persistent threat (APT) campaign called Operation Triangulation has been discovered targeting iOS devices since 2019. The campaign uses zero-click exploits via iMessage to infect devices with root-privilege malware, giving complete control over the device and user data. The malware is capable of harvesting sensitive information and running code downloaded as plugin modules from a remote server. The attack chain begins with the iOS device receiving a message via iMessage that contains an attachment bearing the exploit. The exact scale and scope of the campaign remains unclear, and it's not known if the attacks are taking advantage of a zero-day vulnerability in iOS.
A Chinese-speaking APT hacking group known as "Dragon Breath" or "Golden Eye Dog" is using complex variations of the classic DLL sideloading technique to evade detection. The group is targeting Chinese-speaking Windows users in China, Japan, Taiwan, Singapore, Hong Kong, and the Philippines with trojanized Telegram, LetsVPN, or WhatsApp apps. The attack variations involve double DLL sideloading, which achieves evasion, obfuscation, and persistence, making it harder for defenders to adjust to specific attack patterns and effectively shield their networks. The final payload is a backdoor that supports several commands, including stealing digital assets from victims' MetaMask cryptocurrency wallets.
Criminals, including potentially an APT group, exploited a three-year-old Telerik bug to break into a US federal government agency's Microsoft Internet Information Services web server between November 2022 and early January. The Feds became aware of the intrusion after spotting warning signs at a federal civilian executive branch agency. The Telerik bug, which received a 9.8 out of 10 CVSS severity score, was first discovered in 2019 and is especially popular with Beijing-backed criminals. The cybersecurity agency suggests organizations stay on top of patching to ensure their software is up to date and limit permissions to the minimum necessary to run services.