Winnti APT group docks in Sri Lanka for new campaign

Categories: Threat Intelligence

Tags: Winnti

Tags: APT

Tags: China

Tags: Sri Lanka

Tags: India

Tags: Keyplug

Tags: malware

Tags: dropbox

Tags: C2

Tags: DBoxAgent

In this research paper, we document a new campaign we attribute to the Winnti APT group. The victims are located in Sri Lanka at a point in time where the country is going through economic hardship while China makes headlines for docking on of its special vessels there.

(Read more…)

The post Winnti APT group docks in Sri Lanka for new campaign appeared first on Malwarebytes Labs.

Read more

Chinese APT’s favorite vulnerabilities revealed

Categories: Exploits and vulnerabilities

Categories: News

Tags: Chinese APT

Tags: advanced persistent threat

Tags: APT

Tags: CISA

Tags: NSA

Tags: FBI

Tags: security advisory

CISA, the NSA and the FBI have compiled a list of the vulnerabilities targeted by state-sponsorted threat actors from China.

(Read more…)

The post Chinese APT’s favorite vulnerabilities revealed appeared first on Malwarebytes Labs.

Read more

North Korean APT targets US healthcare sector with Maui ransomware

Credit to Author: Jovi Umawing| Date: Sun, 10 Jul 2022 21:43:29 +0000

CISA warns of an unusual ransomware.

The post North Korean APT targets US healthcare sector with Maui ransomware appeared first on Malwarebytes Labs.

Read more

Immigration organisations targeted by APT group Evilnum

Credit to Author: Christopher Boyd| Date: Thu, 30 Jun 2022 14:13:47 +0000

Immigration organisations are being targeted by the APT group Evilnum, using spear phishing to send malicious Word documents.

The post Immigration organisations targeted by APT group Evilnum appeared first on Malwarebytes Labs.

Read more

“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft

Credit to Author: Christopher Boyd| Date: Tue, 14 Jun 2022 12:43:08 +0000

Microsoft has warned of APT groups and ransomware authors exploiting the now patched Confluence vulnerability. We take a look at the dangers.

The post “Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft appeared first on Malwarebytes Labs.

Read more