LIVE · cybersecurity feed

apt

zeroday.news · 3h ago·high

China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors

A China-linked advanced persistent threat (APT) group, identified as LapDogs, has reportedly enhanced its malicious toolkit. Security researchers have observed the deployment of three new backdoors: LongLeash, DogLeash, and JarLeash, which are designed to compromise small office/home office (SOHO) routers.

zeroday.news · 4h ago·high

Armored Likho Hits Government, Energy Sectors With BusySnake Stealer

Cybersecurity researchers have identified a new threat actor, dubbed Armored Likho, targeting government and energy sectors in Russia, Kazakhstan, and Brazil with a sophisticated phishing campaign. The operation utilizes a custom-built Python infostealer named BusySnake, designed to steal credentials, sensitive documents, and other high-value data. The attackers employ AI-generated payloads to obscure their activities and maintain persistence through various methods, including reverse SSH tunneling.

zeroday.news · 1d ago·high

Chinese hackers develop LONGLEASH malware to expand ORB network

Chinese state-sponsored hackers, identified as UAT-7810, have developed new malware named LONGLEASH. It is being used to expand their ORB network by compromising internet-facing devices, specifically targeting unpatched Ruckus routers.

zeroday.news · 1d ago·high

Iran-Linked Hackers Using Modular C&C Framework in Cyberattacks

An Iran-linked threat actor is using an adaptable modular command-and-control framework in cyberattacks. It compromised IT service providers to reach high-value targets primarily in Israel.

zeroday.news · 2d ago·high

Cavern Manticore: Exposing Iran-Linked Modular C2 Framework

A new modular command-and-control framework, dubbed 'Cavern Manticore,' has been observed in the wild, attributed to an Iran-nexus threat actor targeting Israeli government and IT sectors. The framework utilizes a .NET foundation but employs diverse compilation formats to evade analysis. Attackers gain initial access by exploiting legitimate software deployment features, such as RMM tools, to infiltrate victim environments.