APT Groups | Breaking Cybersecurity News | The Hacker News

Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. "By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence," Vasu Jakkal, corporate vice president at Microsoft Security, said . The initiative is seen as a way to untangle the menagerie of nicknames that private cybersecurity vendors assign to various hacking groups that are broadly categorized as a nation-state, financially motivated, influence operations, private sector offensive actors, and emerging clusters. For example, the Russian state-sponsored threat actor tracked by Microsoft as Midnight Blizzard (formerly Nobelium) is also known as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock, and The Dukes. Likewise, Forest Blizzard (previously Strontium) goes by other monikers such...

Multiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025. The highly targeted social engineering operations, per Volexity, are a shift from previously documented attacks that leveraged a technique known as device code phishing to achieve the same goals, indicating that indicating that the Russian adversaries behind these campaigns are actively refining their tradecraft to fly under the radar. "These recently observed attacks rely heavily on one-on-one interaction with a target, as the threat actor must both convince them to click a link and send back a Microsoft-generated code," security researchers Charlie Gardner, Josh Duke, Matthew Meltzer, Sean Koessel, Steven Adair, and Tom Lancaster said in an exhaustive analysis. At least two different threat clusters tracked as UTA0352 and UTA03...

A large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice's product suite to sidestep detection efforts and deliver the Gh0st RAT malware . "To further evade detection, the attackers deliberately generated multiple variants (with different hashes) of the 2.0.2 driver by modifying specific PE parts while keeping the signature valid," Check Point said in a new report published Monday. The cybersecurity company said the malicious activity involved thousands of first-stage malicious samples that are used to deploy a program capable of terminating endpoint detection and response (EDR) software by means of what's called a bring your own vulnerable driver ( BYOVD ) attack. As many as 2,500 distinct variants of the legacy version 2.0.2 of the vulnerable RogueKiller Antirootkit Driver, truesight.sys, have been identified on the VirusTotal platform, although the number is believed to be likely higher. The EDR-killer module...

SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn't. These platforms weren't built with full-scale data protection in mind . Most follow a shared responsibility model — wherein the provider ensures uptime and application security, but the data inside is your responsibility. In a world of hybrid architectures, global teams, and relentless cyber threats, that responsibility is harder than ever to manage. Modern organizations are being stretched across: Hybrid and multi-cloud environments with decentralized data sprawl Complex integration layers between IaaS, SaaS, and legacy systems Expanding regulatory pressure with steeper penalties for noncompliance Escalating ransomware threats and inside...