APT - Cybersec Sentinel

APT

A collection of 6 posts

China APT Webworm Hides European Government Espionage Traffic Inside Discord and Microsoft Cloud

China APT Webworm Hides European Government Espionage Traffic Inside Discord and Microsoft Cloud

GroupWebworm (China-aligned APT); linked to SixLittleMonkeys and FishMongerTypeAPT Campaign / Multi-stage Government EspionageCVEsCVE-2017-7692 (SquirrelMail post-authentication RCE, CVSS 8.5 — used for initial access against webmail targets)MalwareEchoCreep (Go-based backdoor using Discord for C2); GraphWorm (.NET backdoor using Microsoft Graph API and OneDrive for C2); WormFrp, ChainWorm, SmuxProxy, WormSocket (custom proxy chain

ScarCruft and RokRAT Pose High Threat to Government and Academia

ScarCruft and RokRAT Pose High Threat to Government and Academia

Threat Group: ScarCruft / APT37 / Reaper / Red Eyes Threat Type: Advanced Persistent Threat (APT), Remote‑Access Trojan (RAT), Espionage and Ransomware Exploited Vulnerabilities: CVE‑2017‑8291 (Encapsulated PostScript vulnerability in Hangul Word Processor), CVE‑2024‑38178 (Internet Explorer mode of Microsoft Edge), vulnerabilities in Hancom Office; exploitation of Windows LNK files,

Earth Estries Uses GhostSpider Malware to Infiltrate High Value Targets

Earth Estries Uses GhostSpider Malware to Infiltrate High Value Targets

Threat Group: Earth Estries (also known as Salt Typhoon, GhostEmperor, UNC2286) Threat Type: Advanced Persistent Threat (APT) Exploited Vulnerabilities: Multiple N-day vulnerabilities in Ivanti Connect Secure, Fortinet FortiClient EMS, Sophos Firewall, and Microsoft Exchange Server Malware Used: GHOSTSPIDER backdoor, MASOL RAT, Demodex rootkit, Deed RAT (SNAPPYBEE) Threat Score: High (8.

APT-K-47 Deploys Enhanced Asyncshell to Exploit Vulnerabilities

APT-K-47 Deploys Enhanced Asyncshell to Exploit Vulnerabilities

Threat Group: Mysterious Elephant (APT-K-47) Threat Type: Remote Access Trojan (RAT) Exploited Vulnerabilities: WinRAR Vulnerability (CVE-2023-38831) Malware Used: Asyncshell (versions 1 through 4), ORPCBackdoor, MSMQSPY Threat Score: High (8.5/10) — Due to its targeted approach, advanced obfuscation techniques, and evolving attack vectors. Last Threat Observation: November 27, Overview APT-K-47,

Gelsemium APT Shifts Focus to Linux with WolfsBane Backdoor

Gelsemium APT Shifts Focus to Linux with WolfsBane Backdoor

Threat Group: Gelsemium APT Threat Type: Advanced Persistent Threat (APT) Exploited Vulnerabilities: Linux systems, specifically Apache Tomcat servers Malware Used: WolfsBane (Linux backdoor), FireWood (Linux backdoor) Threat Score: High (8.5/10) — Focus on critical infrastructure, advanced obfuscation, and cross-platform targeting. Last Threat Observation: November 22, 2024. Overview The WolfsBane

Bitter APT Resumes Operations with Newly Identified Indicators

Bitter APT Resumes Operations with Newly Identified Indicators

Threat Group: - Bitter APT (also known as APT-17 or "DeputyDog") Threat Type: - Cyber Espionage Exploited Vulnerabilities: - Microsoft Office vulnerabilities (e.g., CVE-2017-11882, CVE-2018-0798, CVE-2018-0802), Zimbra Web Client vulnerabilities Malware Used: - ZxxZ Trojan, Dracarys Android spyware, various custom Remote Access Trojans (RATs), keyloggers, and backdoors