Decade-Long Espionage Targeting the Global Research and Education Sector #APT
ti.qianxin.com/blog/articles/…

#APT28 Targets Key Networks in Europe with Multi-Phase Espionage Campaigns
github.com/blackorbird/AP…

The Threat actor group used two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver implants for macOS. Part of the CVE-2018-4404 exploit is likely borrowed from Metasploit framework. macOS version 10 was targeted using those exploits.
threatfabric.com/blogs/lightspy…

Kiteshield Packer is Being Abused by Linux Cyber Threat Actors
blog.xlab.qianxin.com/kiteshield_pac…

Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789) #Lazarus
microsoft.com/en-us/security…

#Kimsuky Green Dinosaur Lover
github.com/blackorbird/AP…

Hellhounds: Operation Lahat (target russia)
Part 1:
ptsecurity.com/ww-en/analytic…
Part 2:
ptsecurity.com/ww-en/analytic…

Tracking APT SideWinder Domains By Combining Regex Patterns, Whois Records and Domain Registrars
embeeresearch.io/advanced-guide…

The 2024 Attack Intelligence Report
github.com/blackorbird/AP…

#Andariel #Lazarus
Nestdoor + Dora RAT
asec.ahnlab.com/ko/65495/

#Turla previously unknown backdoors : LunarWeb and LunarMail
welivesecurity.com/en/eset-resear…

FOXIT PDF “FLAWED DESIGN” EXPLOITATION
#Donot
research.checkpoint.com/2024/foxit-pdf…

Incident response analyst report 2023
github.com/blackorbird/AP…

#Oceanlotus + RUST + VMP
mp.weixin.qq.com/s/j6aR2AyTdtDB…

#Kimsuky Phishing Logs
mp.weixin.qq.com/s/5dYkd9ZpjllH…

Leveraging DNS Tunneling for Tracking and Scanning
unit42.paloaltonetworks.com/three-dns-tunn…

#Bitter uses the Replit platform for activities
mp.weixin.qq.com/s/wR7IgBmEuqqG…