August 2025 APT Attack Trends Report (South Korea) - ASEC
August 2025 APT Attack Trends Report (South Korea) ASEC| ASEC
Something a bit wild happened recently: A rival of LockBit decided to hack LockBit. Or, to put this into ransomware-parlance: LockBit got a post-paid pentest. It is unclear if a ransomware negotiation took place between the two, but if it has, it was not successful. The data was leaked.| blog.compass-security.com
This guide provides a streamlined yet comprehensive approach to upgrading Debian 12 (Bookworm) to Debian 13 (Trixie) on production servers. It balances efficiency with safety, based on real-world server upgrade experience. Pre-Flight Checklist Essential Preparations Schedule Maintenance Window: Plan for 30-60 minutes of downtime, depending on your server’s package count and internet speed. Backup Critical...| Pieter Bakker
Sometimes package management on Ubuntu or Debian gets stuck because apt or dpkg can’t acquire a lock. This usually happens if an upgrade, install, or update process was interrupted or if another process is still running in the background. The error looks like this: Here’s a short guide on how to safely resolve the problem....| Pieter Bakker
August 2025 APT Attack Trends Report (South Korea) ASEC| ASEC
Regional APT Threat Situation In August 2025, the global threat hunting system of Fuying Lab detected a total of 23 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, Eastern Europe, and West Asia, as shown in the following figure. Regarding the activity levels of different organizations, the most […] The post NSFOCUS Monthly APT Insights – August 2025 appeared first on NSFOCUS, Inc., a global network and cyber security leader, ...| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
This report on cybercrime, hacktivist and APT groups targeting primarily Russian organizations provides an analysis and comparison of their TTPs and divides them into three clusters.| securelist.com
APT28 Operation Phantom Net Voxel: weaponized Office lures, COM-hijack DLL, PNG stego to Covenant Grunt via Koofr, BeardShell on icedrive.| Sekoia.io Blog
Trends of APT Groups by Region 1) North Korea North Korea-linked APT groups have been intensively launching advanced cyber attacks targeting the areas of diplomacy, finance, technology, media, and policy research in South Korea. They have been highly active in their sophisticated spear-phishing campaigns employing various malware strains, social engineering techniques, and cloud-based […]| ASEC
Regional APT Threat Situation In July 2025, the global threat hunting system of Fuying Lab detected a total of 33 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, Southeast Asia, Eastern Europe, and West Asia, as shown in the following figure. Regarding the activity levels of different organizations, […]| NSFOCUS, Inc., a global network and cyber security leader, protects enterpris...
El informe contiene datos estadísticos sobre las vulnerabilidades que nuestro equipo publicó, y los exploits que investigó en el segundo trimestre de 2025, así como datos resumidos sobre el uso de frameworks C2.| Securelist
Executive Summary This analysis represents the second instalment in a comprehensive examination of the KorPlug malware family. Previous reporting detailed the initial loading vector utilising DLL side-loading techniques against legitimate utilities to achieve code execution. The second-stage payload executes via a designated entry point function. Static analysis of the binary| RevEng.AI Blog
As businesses adopt AI-enabled interfaces, ransomware actors use them to expand, increase profits, and enhance successful attacks.| Help Net Security
I was using apt-cache in Ubuntu to get a list of dependencies for a certain package and parse the output programmatically, eventually I wanted to programatically download and package them within an archive for offline installs later on. I was not really sure about the exact meanings of the output ...| The Code Ship
Trends of Key APT Groups by Region 1) North Korea North Korea’s APT group actively utilized the ClickFix technique and performed the DLL side-loading technique through OLE objects inserted in Hangul (HWP) documents. Kimsuky The Kimsuky group utilized the ClickFix tactic to launch a multi-stage spear phishing attack targeting diplomats […]| ASEC
July 2025 APT Attack Trends Report (South Korea) ASEC| ASEC
…and its actually a pretty neat idea!| Made by Mikal
Sicherheitsforscher von Trend Micro berichten, dass die Schadsoftware Lumma Stealer in einer neuen, verbesserten Version zurück ist. Die Malware ist schwerer z| B2B Cyber Security
Probably when you saw the title, your reaction was WTF?! Using astrology for APT detection, that's totally crazy! But, the sad fact is that it isn't so crazy after all because large number of products that are offered on the market claim that they are protecting you from APTs in the same way astrology claims it can predict your future. To elaborate a bit more this claim, the key question is how| Everything about nothing
Cybersecurity - Cybersecurity Threats - What is Cybersecurity Threat? - Types of Cybersecurity Threats - Cybersecurity Attacks| Gridinsoft Blogs
Kaspersky experts analyze an incident that saw APT41 launch a targeted attack on government IT services in Africa.| securelist.com
June 2025 APT Attack Trends Report (South Korea) ASEC| ASEC
The newly discovered backdoor1 in the XZ Utils package2 affecting numerous Linux distributions3 and assigned CVE-2024-30944 is being dismissed by some members of the technology and security communities as yet another supply chain attack; relevant only because of how blatant it was and that it affected the Open Source ecosystem but in essence nothing out of the ordinary. Regardless of whether this perspective is gaining traction due to cynicism, as hyperbole for clicks or as a coping mechanism...| Jayson Salazar Rodriguez | @jdsalaro | Blog
Antivirus engines and EDRs have their place – no doubt. But what happens when malware simply slips through their nets? What if the malicious file was never executed? What if the incident happened months ago? That’s where THOR comes in. Our compromise assessment scanner has a unique superpower: it operates where others stay blind – in the calm, post-incident stillness of a system.| Nextron Systems
I’m currently learning Helm to improve how I deploy and manage Kubernetes applications. This post is a quick summary of […]| Vuyisile Ndlovu
Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader.| Cisco Talos Blog
Nothing we have ever recorded on SCW has brought so much joy to David. However, at several points during the episode, we may have witnessed Matthew Green’s soul leave his body. Our esteemed guests Justin Schuh and Matt Green joined us to debate whether Dual_EC_DRBG was intentionally backdoored by the NSA or ‘just’ a major fuckup. Links: Dicky George at InfiltrateCon 2014, Life at Both Ends of the Barrel - An NSA Targeting Retrospective: https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q D...| Security Cryptography Whatever
Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.| securelist.com
Join us at PostgresSQL Extension Mini Summit #3 this week, where PostgreSQL Debian packaging maintainer Christoph Berg will takes on a tour of APT extension packaging.| Just a Theory
Last week Christoph Berg, who maintains PostgreSQL’s APT packaging system, gave a very nice talk on that system. Herein lie the transcript and links to the slides and video.| ❖ Just a Theory
Understanding how to detect obfuscated threats is key to defending against stealthy cyber attacks. Learn how THOR uncovers hidden threats.| www.nextron-systems.com
Join us at PostgresSQL Extension Mini Summit #3 this week, where PostgreSQL Debian packaging maintainer Christoph Berg will takes on a tour of APT extension packaging.| ❖ Just a Theory
Discover how Lazarus leverages fake job sites in the ClickFake Interview campaign targeting crypto firms using the ClickFix tactic.| Sekoia.io Blog
One aspect of vulnerability intelligence is also doing a best-faith effort to track the threat actors that are using the vulnerabilities. While that information often isn’t published, when it…| Rants of a deranged squirrel.
In this article, we discuss the tools and TTPs used in the SideWinder APT's attacks in H2 2024, as well as shifts in its targets, such as an increase in attacks against the maritime and logistics sectors.| securelist.com
Delve into Finance-related cyber threats in 2024. Our report highlights major actors and tactics impacting the financial sector.| Sekoia.io Blog
The EarlyCrow system introduces a groundbreaking approach to detecting Advanced Persistent Threat (APT) malware command and control (C&C) communications.| Cyber Security News
An APT group known as Tonto Team has tried targeting the Singapore-based Group-IB cybersecurity firm for the second time.| Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Kaspersky researchers analyze EAGERBEE backdoor modules, revealing a possible connection to the CoughingDown APT actor.| securelist.com
Introduction On April 29, 2024, XLab's Cyber Threat Insight and Analysis System(CTIA) detected anomalous activity: IP 172.247.127.210 was distributing an ELF-based Winnti backdoor. Further investigation revealed the same IP had, on December 20, 2023, distributed a zero-detection malicious PHP file, init_task.txt, providing a key| 奇安信 X 实验室
简介 2024年4月29日,XLab 大网威胁感知系统捕获一起异常活动:IP 172.247.127.210 正在传播 ELF 版本的 winnti 后门木马。APT 相关告警的出现迅速引起了我们的注意。进一步溯源发现,该 IP 曾于2023年12月20日传播一个VirusTotal 0检测的恶意PHP文件init_task.txt ,这一线索为我们后续的调查提供了重要切入点。 以 init_task 为线索,我们进一步发现了一系列关联的恶意 PHP payload,包括 task_loade...| 奇安信 X 实验室
Background On July 27, 2024, XLab's Cyber Threat Insight and Analysis System(CTIA) detected an ELF file named pskt from IP address 45.92.156.166. Currently undetected on VirusTotal, the file triggered two alerts: an Overlay section and a communication domain mimicking Microsoft. Our analysis identified it as a| 奇安信 X 实验室
简介 2024年7月27日,XLab的大网威胁感知系统检测到 IP 地址 45.92.156.166 正在传播一个名为pskt的ELF 文件,它在 VirusTotal 上尚无检测。该样本触发了两条告警:文件存在 Overlay 区段,且通信域名疑似模仿微软。经过分析,我们确认这是一个专门针对 Red Hat Enterprise Linux (RHEL) 7.9 的 Melofee 后门木马变种。 Melofee 是一个用 C++ 编写的后门木马,支持信息收集、进程管理、文件操作和 SHEL...| 奇安信 X 实验室
When Julian Andres Klode and I added initial Zstandard compression support to Ubuntu’s APT and dpkg in Ubuntu 18.04 LTS we planned getting the changes accepted to Debian quickly and making Ubuntu 18.10 the first release where the new compression could speed up package installations and upgrades. Well, it took slightly longer than that. Since […]| Obsessed with reality
Terraform has now been open-source and forked with the OpenTofu project. The ‘tofu’ binary is a drop-in replacement for terraform, and this article will show you how to install on Debian/Ubuntu. After installation, we will then use the Debian/Ubuntu Alternatives concept to supersede existing calls to ‘terraform’ to instead invoke ‘tofu’. Setup OpenTofu apt repository ... OpenTofu: installing OpenTofu on Debian/Ubuntu| Fabian Lee : Software Engineer
Cisco Talos has uncovered a new remote access trojan (RAT) family we are calling “MoonPeak.” This a XenoRAT-based malware, which is under active development by a North Korean nexus cluster we are calling “UAT-5394.”| Cisco Talos Blog
ShadowPad, widely considered the successor of PlugX, is a modular remote access trojan (RAT) only seen sold to Chinese hacking groups.| Cisco Talos Blog
ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from multiple vendors. Coveted by these actors, perimeter network devices are the perfect intrusion point for espionage-focused campaigns.| Cisco Talos Blog
My effort to improve transparency and confidence of public apt archives continues. I started to work on this in “Apt Archive Transparency” in which I mention the debdistget project in passing. Debdistget is responsible for mirroring index files for some Continue reading Apt archive mirrors in Git-LFS→| Simon Josefsson's blog
I’ve always found the operation of apt software package repositories to be a mystery. There appears to be a lack of transparency into which people have access to important apt package repositories out there, how the automatic non-human update mechanism Continue reading Apt Archive Transparency: debdistdiff & apt-canary→| Simon Josefsson's blog
Key Points Introduction In the summer of 2023, Avast identified a campaign targeting specific individuals in the Asian region through fabricated job offers. The motivation behind the attack remains uncertain, but judging from the low frequency of attacks, it appears that the attacker had a special interest in individuals with technical backgrounds. This sophistication is […] The post From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams appeared first on Avast Threat ...| Avast Threat Labs
Cisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track as “HeavyLift.”| Cisco Talos Blog
If apt update throws warnings about invalid signature verification and NO_PUBKEY, you may need to migrate from using the deprecated system keyring to using a ‘signed-by’ attribute in your apt repo definition file. Here are examples of errors you might see when doing an ‘apt update’. W: An error occurred during the signature verification. The ... Ubuntu: fixing apt NO_PUBKEY errors by converting deprecated keyring to signed-by attribute| fabianlee.org
If you have warning messages coming from apt about an invalid signature verification and EXPKEYSIG, then it is likely that a signing key for one of the remote apt repo has expired. Below is an example coming from an expired podman package at the “download.opensuse.org” repo. W: An error occurred during the signature verification. The ... Ubuntu: fixing apt invalid signature warnings| fabianlee.org
Ugrupowanie Lazarus nadal żeruje na kryptowalutach: cyberprzestępcy dystrybuują portfele DeFi z wbudowanym backdoorem.| Oficjalny blog Kaspersky
Table of Contents Background The IntructionsCreate An Apt Entry Add the Keyring and Install The apt-key SolutionThe Start of the Solution Getting the GPG File Now Back to Setting it Up Update and Install And Now, Another Problem What Have We Learned Today Children? Links Collected Background I have an old eeePC netbook that I thought I'd revive by loading Sparky Linux onto it. One of the things I set up on it is apt-fast, which the README on the github repository describes like this: apt-fast...| The Cloistered Monkey
If you ever used Process Monitor to track activity of a process, you might have encountered the following pattern: The image above is a snippet from events captured by Process Monitor during the execution of x32dbg.exe on Windows 7. DNSAPI.DLL and IPHLPPAPI.DLL are persisted in the System directory, so you might question yourself: Why would …The DLL Search Order And Hijacking It Read More »| Malware and Stuff
In this article we analyze social engineering aspects of the XZ backdoor incident. Namely pressuring the XZ maintainer to pass on the project to Jia Cheong Tan, and then urging major downstream maintainers to commit the backdoored code to their projects.| securelist.com
Brief notes on my switch from approx to apt-cacher-ng| Random Ramblings
The bookworm-frehi Debian package repository contains newer packages for AppArmor and libapache2-mod-qos fixing some bugs in Debian 12 Bookworm.| Frederik Himpe
Click here to learn more about the Apt Candied Fruits (or fruits confits d'Apt), delicious fruits candied in sugar syrup from Apt, Provence.| French Moments
Advanced persistent threats are highly sophisticated and targeted cyber attacks that can have far-reaching consequences for organizations and individuals| WeSecureApp :: Securing Offensively
This article sheds light on one of the infrastructure clusters employed by Lycantrox, potentially to compromise their targets.| Sekoia.io Blog
