PROBABLYPWNED
Home/Tag/Apt

Apt

61 articles tagged with "Apt"

Armored Likho APT Hits Power Grids With AI-Generated Malware
Threat Intelligence3 min read

Armored Likho APT Hits Power Grids With AI-Generated Malware

New threat group Armored Likho targets government agencies and power sectors in Russia, Brazil, and Kazakhstan using BusySnake Stealer—malware with AI-generated loader code and reverse SSH tunneling capabilities.

Alex KowalskiJul 6, 2026
Phantom Taurus: Chinese APT Deploys NET-STAR Malware Suite
Threat Intelligence4 min read

Phantom Taurus: Chinese APT Deploys NET-STAR Malware Suite

Unit 42 exposes Phantom Taurus, a China-aligned APT targeting governments and telecoms across Africa, the Middle East, and Asia with custom NET-STAR backdoors for IIS servers.

Threat Intel DeskJun 6, 2026
SideCopy Targets Afghanistan's Finance Ministry With XenoRAT
Threat Intelligence4 min read

SideCopy Targets Afghanistan's Finance Ministry With XenoRAT

Operation XENOFISCAL delivers customized XenoRAT to Afghanistan's Ministry of Finance and 34 provincial revenue directorates. The Pakistan-linked APT used Pashto-language lures and bulletproof European hosting.

Threat Intel DeskMay 31, 2026
GREYVIBE APT Uses ChatGPT and Gemini to Target Ukraine
Threat Intelligence4 min read

GREYVIBE APT Uses ChatGPT and Gemini to Target Ukraine

Russian-linked GREYVIBE threat actor deploys AI-generated malware including PhantomRelay and LegionRelay against Ukrainian military and government targets. WithSecure analysis reveals the group's OPSEC failures.

Threat Intel DeskMay 30, 2026
MuddyWater Exploits Langflow Flaw for Initial Access
Vulnerabilities3 min read

MuddyWater Exploits Langflow Flaw for Initial Access

CISA adds CVE-2025-34291 to KEV after Iranian APT MuddyWater weaponizes the CORS/CSRF chain for account takeover and RCE. CVSS 9.4 flaw requires only a malicious link click.

Vulnerability DeskMay 24, 2026
Turla's Kazuar Backdoor Evolves Into Modular P2P Botnet
Threat Intelligence4 min read

Turla's Kazuar Backdoor Evolves Into Modular P2P Botnet

Microsoft exposes how Russia's FSB-linked Secret Blizzard transformed Kazuar from a monolithic backdoor into a three-module P2P botnet with advanced anti-detection capabilities.

Threat Intel DeskMay 16, 2026
Silk Typhoon Hacker Extradited to U.S. for COVID Vaccine Theft
Threat Intelligence4 min read

Silk Typhoon Hacker Extradited to U.S. for COVID Vaccine Theft

Chinese national Xu Zewei faces nine federal counts after extradition from Italy for alleged role in Silk Typhoon attacks stealing COVID-19 vaccine research from U.S. universities and research institutions.

Threat Intel DeskApr 28, 2026
PhantomCore Exploits TrueConf Flaws to Breach Russian Networks
Threat Intelligence4 min read

PhantomCore Exploits TrueConf Flaws to Breach Russian Networks

Pro-Ukrainian hacktivist group PhantomCore chains three TrueConf vulnerabilities including CVSS 9.8 command injection to infiltrate Russian government and private organizations since September 2025.

Threat Intel DeskApr 27, 2026
UAC-0247 Targets Ukrainian Hospitals With Data-Theft Malware
Threat Intelligence4 min read

UAC-0247 Targets Ukrainian Hospitals With Data-Theft Malware

CERT-UA warns of ongoing campaign hitting Ukrainian clinics and government agencies with AGINGFLY backdoor. Attackers steal browser credentials, WhatsApp data, and deploy cryptominers.

Threat Intel DeskApr 17, 2026
Phantom Taurus Deploys Net-Star Backdoors Across Africa
Threat Intelligence3 min read

Phantom Taurus Deploys Net-Star Backdoors Across Africa

Unit 42 exposes Phantom Taurus, a Chinese APT targeting embassies and foreign ministries with fileless NET-STAR malware. The group resurfaces within hours after discovery.

Threat Intel DeskApr 4, 2026
North Korea Uses GitHub as C2 in South Korea Attacks
Threat Intelligence4 min read

North Korea Uses GitHub as C2 in South Korea Attacks

FortiGuard Labs exposes DPRK campaign using LNK files and GitHub repositories for command-and-control against South Korean targets. 22 evasion techniques identified.

Threat Intel DeskApr 3, 2026
Iranian APT Deploys Fake RedAlert App to Surveil Israeli Users
Threat Intelligence3 min read

Iranian APT Deploys Fake RedAlert App to Surveil Israeli Users

Unit 42 uncovers phishing campaign distributing trojanized Israeli civil defense app. Malicious APK harvests location data, contacts, and messages from Android devices amid regional tensions.

Threat Intel DeskMar 23, 2026
UnsolicitedBooker APT Targets Central Asian Telecoms
Threat Intelligence4 min read

UnsolicitedBooker APT Targets Central Asian Telecoms

China-aligned threat group deploys LuciDoor and MarsSnake backdoors against telecom providers in Kyrgyzstan and Tajikistan, expanding from prior Saudi operations.

Threat Intel DeskMar 1, 2026
MuddyWater Deploys GhostFetch and Telegram-Based Backdoors
Threat Intelligence3 min read

MuddyWater Deploys GhostFetch and Telegram-Based Backdoors

Iranian APT MuddyWater launches Operation Olalampo against MENA organizations, deploying four new malware families including GhostFetch and CHAR, a Rust backdoor controlled via Telegram.

Threat Intel DeskFeb 23, 2026
Dell Zero-Day Exploited by Chinese Hackers Since 2024
Threat Intelligence5 min read

Dell Zero-Day Exploited by Chinese Hackers Since 2024

Chinese threat group UNC6201 exploited a critical hardcoded credential flaw (CVE-2026-22769) in Dell RecoverPoint for 18 months before disclosure. Patch now.

Threat Intel DeskFeb 18, 2026
China's UNC3886 Breached All Four Singapore Telcos
Threat Intelligence3 min read

China's UNC3886 Breached All Four Singapore Telcos

Singapore confirms China-linked APT compromised M1, Singtel, StarHub, and SIMBA using zero-day exploits and rootkits. 11-month Operation Cyber Guardian response disclosed.

Threat Intel DeskFeb 14, 2026
RedKitten Malware Targets Iranian Protest Documenters
Threat Intelligence3 min read

RedKitten Malware Targets Iranian Protest Documenters

French researchers uncover SloppyMIO, an AI-assisted malware campaign using fabricated victim lists to target individuals documenting human rights abuses during Iranian protests.

Threat Intel DeskJan 31, 2026
Google Dismantles IPIDEA Proxy Network Used by 550+ APTs
Threat Intelligence4 min read

Google Dismantles IPIDEA Proxy Network Used by 550+ APTs

Google Threat Intelligence Group disrupts one of the world's largest residential proxy networks, cutting off infrastructure used by nation-state actors from China, Russia, Iran, and North Korea.

Threat Intel DeskJan 31, 2026