All CosmicBytez Labs articles tagged #APT, across news, security advisories, how-to guides, and projects.
Researchers have uncovered a spear-phishing campaign by the Pakistan-aligned SideCopy APT group targeting Afghanistan's Ministry of Finance with the open-source Xeno RAT remote access trojan delivered via malicious ZIP archives.
Security researchers at Seqrite Labs have uncovered Operation Dragon Weave, a new China-aligned cyber espionage campaign targeting government, research, academic, and financial organizations in the Czech Republic and Taiwan using the AdaptixC2 post-exploitation framework.
Nimbus Manticore, an Iranian advanced persistent threat group, has continued operations targeting aviation and software companies during and after the US.
The Belarus-aligned Ghostwriter APT (UAC-0057/UNC1151) has launched a new phishing campaign impersonating Prometheus, a Ukrainian e-learning platform, to...
Russia's Turla APT has transformed its long-running Kazuar backdoor into a modular peer-to-peer botnet architecture engineered for stealth and deep...
The threat group UAT-8616 is actively exploiting a new Cisco SD-WAN zero-day and has been linked to multiple prior Cisco firewall and SD-WAN vulnerability...
Secret Blizzard, a Russian state-sponsored threat group, has evolved its long-running Kazuar backdoor into a sophisticated modular peer-to-peer botnet...
AI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed...
A Belarusian nation-state threat group dubbed FrostyNeighbor is conducting a precise espionage campaign against government organizations in Poland and...
The China-linked threat group FamousSparrow has expanded its targeting to an Azerbaijani oil and gas company, marking a shift beyond its traditional...
Two U.S. men have been sentenced for operating laptop farms that helped North Korean IT workers fraudulently obtain employment at nearly 70 American...
When rival ransomware groups 0APT and KryBit turned on each other, they exposed infrastructure details, operational data, victim lists, and internal...
Researchers at Infoblox and Confiant have uncovered a dual-threat fraud operation active since 2020: fake CAPTCHA pages secretly send up to 50...
A previously undocumented China-aligned APT group tracked as GopherWhisper has targeted Mongolian governmental institutions, deploying a wide array of...
A newly identified Chinese advanced persistent threat group dubbed GopherWhisper has been deploying multiple Go-based backdoors alongside custom loaders...
CISA and the UK's NCSC have revealed that a US federal civilian agency's Cisco Firepower device running ASA software was compromised in September 2025...
SentinelOne has discovered 'fast16', a 2005-era Lua-based cyber sabotage implant that predates Stuxnet by five years and targeted high-precision...
Zscaler ThreatLabz has uncovered a Tropic Trooper (APT23) campaign that delivers the AdaptixC2 post-exploitation beacon via trojanized SumatraPDF...
US and UK cybersecurity agencies are warning about Firestarter, a custom implant that persists on Cisco Firepower and Secure Firewall devices running ASA...
Two New Jersey men received prison sentences of nine and nearly eight years respectively for operating IT laptop farms that funneled over $5 million to...
Russia's APT28 (Forest Blizzard) is conducting a malwareless espionage campaign by modifying a single DNS setting in vulnerable SOHO routers to silently...
An international law enforcement operation has dismantled FrostArmada, an APT28 campaign that hijacked DNS on compromised MikroTik and TP-Link routers to...
A China-based threat cluster designated Storm-1175 has been linked to high-velocity ransomware attacks deploying Medusa payloads using chained zero-day...
The TeamPCP threat actor's March 2026 supply chain attack against LiteLLM exposed a dangerous blind spot: developer workstations running local AI agents...
Iranian APT groups are increasingly blurring the lines between state-sponsored cyber espionage and financially motivated cybercrime, deploying destructive...
Three threat activity clusters aligned with China jointly targeted a Southeast Asian government organization in a complex, well-resourced espionage...
A newly observed ClickFix campaign impersonates Cloudflare's CAPTCHA verification pages to deliver the Python-based Infiniti Stealer to macOS users via a...
Proofpoint has attributed a targeted email campaign to Russian state-sponsored threat actor TA446, which is leveraging the recently disclosed DarkSword...
Google's Threat Intelligence Group dismantles UNC2814, a China-linked operation that deployed a novel backdoor called GRIDTIDE abusing Google Sheets API...
Technical documents leaked from a malware-infected developer device expose a Chinese military-linked training platform that replicates the critical...
Notepad++ releases emergency v8.9.2 patch after a China-linked APT group hijacked the update mechanism for six months, deploying the Chrysalis backdoor to...
A maximum-severity CVSS 10.0 hardcoded credentials vulnerability in Dell RecoverPoint for VMs has been under active exploitation by China-nexus threat...
A Russian state-sponsored APT group dubbed ChainReaver-L compromised trusted file-sharing mirrors and 50 long-established GitHub accounts to distribute...
Google reports that APT groups from China, Russia, Iran, and North Korea are all actively using Gemini AI for cyber operations including target...
Google Threat Intelligence Group attributes a previously undocumented JavaScript malware called CANFAIL to a Russian-linked threat actor targeting...
North Korea's Lazarus Group is running a fake recruitment campaign codenamed Graphalgo, planting 192 malicious packages on npm and PyPI that target...
North Korean threat actors are running sophisticated campaigns using AI-generated deepfake videos and the ClickFix social engineering technique to target...
Singapore discloses that APT group UNC3886 compromised all four major telecom providers using zero-day exploits and rootkits, triggering the nation's...
China-linked Lotus Blossom hijacked Notepad++ software updates for six months, selectively delivering the Chrysalis backdoor to government and IT targets...
Singapore discloses that APT group UNC3886 conducted a targeted espionage campaign against M1, SIMBA, Singtel, and StarHub using a previously unknown...
UNC1069, a North Korean APT group, deployed a sophisticated ClickFix scam using a fake Zoom meeting to target a cryptocurrency executive in a social...
Palo Alto Unit 42 reveals a state-aligned group designated TGR-STA-1030 compromised government and critical infrastructure targets in 37 countries using...
Sophisticated attack chain leverages compromised SonicWall VPN and VMware ESXi vulnerabilities to break out of virtual machine isolation and compromise...
The US Treasury Department has confirmed a significant cybersecurity incident, attributing the breach to state-sponsored threat actors who accessed...