#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

State-Sponsored | Breaking Cybersecurity News | The Hacker News

Category — State-Sponsored
Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia

Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia

Sep 10, 2024 Malware / Cyber Espionage
A trio of threat activity clusters linked to China has been observed compromising more government organizations in Southeast Asia as part of a renewed state-sponsored operation codenamed Crimson Palace , indicating an expansion in the scope of the espionage effort. Cybersecurity firm Sophos, which has been monitoring the cyber offensive, said it comprises three intrusion sets tracked as Cluster Alpha (STAC1248), Cluster Bravo (STAC1870), and Cluster Charlie (STAC1305). STAC is an abbreviation for "security threat activity cluster." "The attackers consistently used other compromised organizational and public service networks in that region to deliver malware and tools under the guise of a trusted access point," security researchers Mark Parsons, Morgan Demboski, and Sean Gallagher said in a technical report shared with The Hacker News. A noteworthy aspect of the attacks is that it entails the use of an unnamed organization's systems as a command-and-control
Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp

Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp

Aug 24, 2024 Election Security / Threat Intelligence
Meta Platforms on Friday became the latest company after Microsoft, Google, and OpenAI to expose the activities of an Iranian state-sponsored threat actor, who it said used a set of WhatsApp accounts that attempted to target individuals in Israel, Palestine, Iran, the U.K., and the U.S. The activity cluster, which originated from Iran, "appeared to have focused on political and diplomatic officials, and other public figures, including some associated with administrations of President Biden and former President Trump," Meta said . The social media giant attributed it to a nation-state actor tracked as APT42, which is also known as Charming Kitten, Damselfly, Mint Sandstorm (formerly Phosphorus), TA453, and Yellow Garuda. It's assessed to be linked to Iran's Islamic Revolutionary Guard Corps (IRGC). The adversarial collective is well-known for its use of sophisticated social engineering lures to spear-phish targets of interest with malware and steal their credenti
Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Sep 13, 2024Device Security / Identity Management
Even as cyber threats become increasingly sophisticated, the number one attack vector for unauthorized access remains phished credentials ( Verizon DBIR, 2024 ). Solving this problem resolves over 80% of your corporate risk, and a solution is possible.  However, most tools available on the market today cannot offer a complete defense against this attack vector because they were architected to deliver probabilistic defenses. Learn more about the characteristics of Beyond Identity that allow us to deliver deterministic defenses.  The Challenge: Phishing and Credential Theft Phishing attacks trick users into revealing their credentials via deceptive sites or messages sent via SMS, email, and/or voice calls. Traditional defenses, such as end-user training or basic multi-factor authentication (MFA), lower the risk at best but cannot eliminate it. Users may still fall prey to scams, and stolen credentials can be exploited. Legacy MFA is a particularly urgent problem, given that attackers
North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign

North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign

Aug 21, 2024 Cyber Espionage / Malware
A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign. Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level of tactical overlaps with a known nation-state actor codenamed Kimsuky . MoonPeak, under active development by the threat actor, is a variant of the open-source Xeno RAT malware, which was previously deployed as part of phishing attacks that were designed to retrieve the payload from actor-controlled cloud services like Dropbox, Google Drive, and Microsoft OneDrive. Some of the key features of Xeno RAT include the ability to load additional plugins, launch and terminate processes, and communicate with a command-and-control (C2) server. Talos said the commonalities between the two intrusion sets either indicate UAT-5394 is actually Kimsuky (or its sub-group) or it's another hacking crew wi
cyber security

DevOps Security Best Practices

websiteWizDevOps / Secure Coding
Develop securely from code to cloud with this DevOps Security Cheat Sheet from Wiz. Take a deep dive into secure coding, infrastructure security, and vigilant monitoring and response.
Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group

Microsoft Patches Zero-Day Flaw Exploited by North Korea's Lazarus Group

Aug 19, 2024 Vulnerability / Zero-Day
A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group , a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), has been described as a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft said in an advisory for the flaw last week. It was addressed by the tech giant as part of its monthly Patch Tuesday update. Credited with discovering and reporting the flaw are Gen Digital researchers Luigino Camastra and Milánek. Gen Digital owns a number of security and utility software brands like Norton, Avast, Avira, AVG, ReputationDefender, and CCleaner. "This flaw allowed them to gain unauthorized access to sensitive system areas," the company disclosed last week, adding it discovered the exploitation in early J
Expert Insights / Articles Videos
Cybersecurity Resources