I. Overview On April 18, 2023, NSFOCUS Security Labs discovered a spear phishing attack against Russia during daily threat hunting. After correlation analysis of the event, NSFOCUS Security Labs confirmed that the attacker also launched a similar phishing attack against Germany. The active time of the attacker, the attack target,...
Tag: APT
Bread Crumbs of Threat Actors (Feb 13 – 26, 2023)
From 13 to 26 February 2023, NSFOCUS Security Labs found activity clues from 66 APT groups, one malware family (CoinMiner), and 426 threat actors targeting critical infrastructure. APT Groups Among the 66 APT groups discovered, the APT28 affected the most significant number of hosts from 13 to 26 February. Number...
Bread Crumbs of Threat Actors (Dec 19, 2022 – Jan 1, 2023)
From December 19, 2022 to Jan 1, 2023, NSFOCUS Security Labs found activity clues of 61 APT groups, 3 malware families (Zbot botnet, SpicyHotPot Trojan, and Banload Trojan), and 490 threat actors targeting critical infrastructure. APT Groups Among the 61 APT groups discovered, the APT28 affected the most significant number...
Analysis of Cyber Attack of APT Organization Confucius against Pakistan’s Intelligence-Based Operation
Overview Affected by many factors, Pakistan has long suffered from serious local terrorism threats. The country has also taken counter-terrorism as an important national security strategy. In the second half of 2022, the Pakistani security forces carried out many intelligence-based operations (IBO) in Baluchistan, Khyber and North Waziristan, and killed...
APT Group Lazarus Distributing Korean Phishing Lures to Feel Out Cryptocurrency Users
Overview Recently, NSFOCUS Security Labs captured a series of phishing documents containing specific Korean bait information. Most of these documents contain keywords such as "BTC", "ETH", "NFT", and "account information", which trick victims into opening them and then use remote template injection to implant malicious programs, thereby stealing host information....
APT Lorec53 group launched a series of cyber attacks against Ukraine
Overview Recently, NSFOCUS Security Labs captured a large number of phishing files against Ukraine in format of pdf, doc, cpl, lnk and other types. After analysis, we confirmed that the series of phishing activities came from the APT group Lorec53. During the period from the end of 2021 to February...
