Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
64 articles

#APT

All CosmicBytez Labs articles tagged #APT, across news, security advisories, how-to guides, and projects.

  • NewsJul 17, 2026

    GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

    Cybersecurity researchers at Expel have attributed the April 2026 DigiCert security incident to CylindricalCanine, a sub-group of the Chinese APT known as GoldenEyeDog (APT-Q-27, Dragon Breath). The threat actors stole code-signing certificates to legitimize malicious software.

  • SecurityJul 14, 2026

    CVE-2026-58065: Apache Airflow Git Provider Disables SSH Host Key Verification

    The Apache Airflow Git provider runs git-over-SSH with StrictHostKeyChecking=no by default, allowing a network-position attacker to silently impersonate the Git server and steal SSH credentials or inject malicious code.

  • NewsJul 11, 2026

    Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns

    SentinelOne researchers have uncovered two years of sustained cyberespionage against Pakistani law enforcement — with China-nexus and India-nexus threat...

  • NewsJul 8, 2026

    China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware

    Cisco Talos researchers have identified new LONGLEASH malware deployed by Chinese APT group UAT-7810 to expand its Operational Relay Box network,...

  • NewsJul 8, 2026

    SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users

    A new banking fraud campaign tracked as REF6045 is deploying SCMBANKER malware through fake CAPTCHA ClickFix lures to steal credentials from customers of...

  • NewsJul 6, 2026

    Armored Likho APT Targeting Government and Electric Power Entities

    Kaspersky researchers have detailed a new campaign by Armored Likho — a threat actor overlapping with Eagle Werewolf — deploying modular RATs and the...

  • NewsJul 4, 2026

    Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

    Kaspersky has identified a previously undocumented APT group — Armored Likho (aka Eagle Werewolf) — deploying an AI-assisted Python infostealer called...

  • NewsJun 29, 2026

    Gamaredon Expands Ukraine Attacks with New Malware and Cloud Abuse

    Russian FSB-linked APT group Gamaredon has mounted 35 distinct spear-phishing campaigns against Ukrainian targets in 2025, deploying an expanded malware...

  • NewsJun 28, 2026

    Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

    Ukraine's SSU and the FBI have exposed a sustained Russian intelligence campaign using fake support SMS messages to steal Signal, WhatsApp, and Telegram...

  • NewsJun 27, 2026

    Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign

    A Chinese-speaking advanced persistent threat actor has launched targeted attacks against government entities and critical infrastructure in Southeast...

  • NewsJun 26, 2026

    Russian APT Deploys 'StockStay' Backdoor Against Ukrainian Targets

    Turla, a prolific Russian state-sponsored threat actor, has deployed a previously undocumented backdoor dubbed 'StockStay' in espionage operations...

  • NewsJun 25, 2026

    Russian APT Gamaredon Upgrades Its Arsenal, Requiring New Defenses

    ESET research reveals FSB-sponsored Gamaredon has significantly upgraded its C2 infrastructure obfuscation and malware delivery capabilities, running 35...

  • NewsJun 23, 2026

    Russian Initial Access Broker Behind FortiBleed Campaign

    A Russian-speaking initial access broker has compromised 86,644 verified credentials from over 430,000 internet-facing Fortinet FortiGate devices across...

  • NewsJun 21, 2026

    Google Exposes China Espionage Group UNC6508 Lurking in Networks Since 2023

    Google's Threat Intelligence Group has unmasked UNC6508, a China-linked espionage actor that silently maintained access to critical infrastructure and...

  • NewsJun 21, 2026

    Microsoft Links Mastra AI Supply Chain Attack to North Korean Hackers

    Microsoft has attributed a 88-minute automated supply chain attack against 142 Mastra AI npm packages — with over 1.1 million combined weekly downloads —...

  • NewsJun 16, 2026

    Fake Microsoft Security Alerts Used to Deploy North Korean NarwhalRAT Malware

    North Korean state-sponsored group APT37 (ScarCruft) is conducting spear-phishing campaigns impersonating Microsoft Account security notifications to...

  • NewsJun 15, 2026

    Chinese Hackers Breach REDCap Servers, Steal Medical Research Data

    A China-linked espionage campaign targeted exposed REDCap servers, deploying the InfiniteRed malware to steal sensitive medical research data from a North...

  • NewsJun 13, 2026

    China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade

    Sygnia researchers uncovered Velvet Ant, a China-nexus APT that spent close to a decade hidden inside Linux authentication infrastructure by backdooring...

  • NewsJun 13, 2026

    Chinese Hackers Hijack Auth Flow, Spy on Isolated Network for a Decade

    Chinese state-sponsored hackers seized complete control of a target organization's authentication infrastructure and maintained undetected access for ten...

  • NewsJun 5, 2026

    Chinese APT UNC5221 Deploys Three New Malware Families to Maintain M365 Access

    Chinese espionage group UNC5221 is actively using the Brickstorm backdoor alongside two newly discovered malware families — Plenet and AgentPSD — to maintain…

  • NewsJun 2, 2026

    Pakistan-Linked SideCopy APT Targets Afghanistan Finance Ministry with Xeno RAT

    Researchers have uncovered a spear-phishing campaign by the Pakistan-aligned SideCopy APT group targeting Afghanistan's Ministry of Finance with the…

  • NewsJun 1, 2026

    China-Aligned Groups Ramp Up Attacks: Operation Dragon Weave Hits Czech Republic and Taiwan

    Security researchers at Seqrite Labs have uncovered Operation Dragon Weave, a new China-aligned cyber espionage campaign targeting government, research…

  • NewsMay 26, 2026

    Iranian APT Targets Aviation, Software Companies With

    Nimbus Manticore, an Iranian advanced persistent threat group, has continued operations targeting aviation and software companies during and after the US.

  • NewsMay 24, 2026

    Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

    The Belarus-aligned Ghostwriter APT (UAC-0057/UNC1151) has launched a new phishing campaign impersonating Prometheus, a Ukrainian e-learning platform, to...

  • NewsMay 17, 2026

    Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

    Russia's Turla APT has transformed its long-running Kazuar backdoor into a modular peer-to-peer botnet architecture engineered for stealth and deep...

  • NewsMay 16, 2026

    Cisco Zero-Day Under Ongoing Attack by Persistent Threat

    The threat group UAT-8616 is actively exploiting a new Cisco SD-WAN zero-day and has been linked to multiple prior Cisco firewall and SD-WAN vulnerability...

  • NewsMay 16, 2026

    Russian Hackers Turn Kazuar Backdoor into Modular P2P Botnet

    Secret Blizzard, a Russian state-sponsored threat group, has evolved its long-running Kazuar backdoor into a sophisticated modular peer-to-peer botnet...

  • NewsMay 15, 2026

    The Boring Stuff Is Dangerous Now

    AI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed...

  • NewsMay 14, 2026

    ''FrostyNeighbor'' APT Carefully Targets Govt Orgs in Poland, Ukraine

    A Belarusian nation-state threat group dubbed FrostyNeighbor is conducting a precise espionage campaign against government organizations in Poland and...

  • NewsMay 13, 2026

    China's 'FamousSparrow' APT Nests in South Caucasus Energy

    The China-linked threat group FamousSparrow has expanded its targeting to an Azerbaijani oil and gas company, marking a shift beyond its traditional...

  • NewsMay 10, 2026

    American Duo Sentenced for Hosting Laptop Farms for North

    Two U.S. men have been sentenced for operating laptop farms that helped North Korean IT workers fraudulently obtain employment at nearly 70 American...

  • NewsApr 28, 2026

    Feuding Ransomware Groups Leak Each Other's Data

    When rival ransomware groups 0APT and KryBit turned on each other, they exposed infrastructure details, operational data, victim lists, and internal...

  • NewsApr 27, 2026

    Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive

    Researchers at Infoblox and Confiant have uncovered a dual-threat fraud operation active since 2020: fake CAPTCHA pages secretly send up to 50...

  • NewsApr 26, 2026

    China-Linked GopherWhisper Infects 12 Mongolian Government

    A previously undocumented China-aligned APT group tracked as GopherWhisper has targeted Mongolian governmental institutions, deploying a wide array of...

  • NewsApr 25, 2026

    China-Linked APT GopherWhisper Abuses Legitimate Services

    A newly identified Chinese advanced persistent threat group dubbed GopherWhisper has been deploying multiple Go-based backdoors alongside custom loaders...

  • NewsApr 25, 2026

    FIRESTARTER Backdoor Hit Federal Cisco Firepower Device

    CISA and the UK's NCSC have revealed that a US federal civilian agency's Cisco Firepower device running ASA software was compromised in September 2025...

  • NewsApr 25, 2026

    Researchers Uncover Pre-Stuxnet 'fast16' Malware Targeting

    SentinelOne has discovered 'fast16', a 2005-era Lua-based cyber sabotage implant that predates Stuxnet by five years and targeted high-precision...

  • NewsApr 25, 2026

    Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

    Zscaler ThreatLabz has uncovered a Tropic Trooper (APT23) campaign that delivers the AdaptixC2 post-exploitation beacon via trojanized SumatraPDF...

  • NewsApr 24, 2026

    Firestarter Malware Survives Cisco Firewall Updates and Security Patches

    US and UK cybersecurity agencies are warning about Firestarter, a custom implant that persists on Cisco Firepower and Secure Firewall devices running ASA...

  • NewsApr 18, 2026

    New Jersey Men Sentenced to Combined 17 Years for Running

    Two New Jersey men received prison sentences of nine and nearly eight years respectively for operating IT laptop farms that funneled over $5 million to...

  • NewsApr 9, 2026

    Russia's Forest Blizzard Harvests Logins via SOHO Router

    Russia's APT28 (Forest Blizzard) is conducting a malwareless espionage campaign by modifying a single DNS setting in vulnerable SOHO routers to silently...

  • NewsApr 7, 2026

    Authorities Disrupt APT28 Router DNS Hijacks Targeting

    An international law enforcement operation has dismantled FrostArmada, an APT28 campaign that hijacked DNS on compromised MikroTik and TP-Link routers to...

  • NewsApr 7, 2026

    China-Linked Storm-1175 Chains Zero-Days for High-Velocity

    A China-based threat cluster designated Storm-1175 has been linked to high-velocity ransomware attacks deploying Medusa payloads using chained zero-day...

  • NewsApr 6, 2026

    How LiteLLM Turned Developer Machines Into Credential

    The TeamPCP threat actor's March 2026 supply chain attack against LiteLLM exposed a dangerous blind spot: developer workstations running local AI agents...

  • NewsMar 31, 2026

    Iran Deploys 'Pseudo-Ransomware,' Revives Pay2Key Operations

    Iranian APT groups are increasingly blurring the lines between state-sponsored cyber espionage and financially motivated cybercrime, deploying destructive...

  • NewsMar 30, 2026

    Three China-Linked Clusters Target Southeast Asian

    Three threat activity clusters aligned with China jointly targeted a Southeast Asian government organization in a complex, well-resourced espionage...

  • NewsMar 28, 2026

    Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

    A newly observed ClickFix campaign impersonates Cloudflare's CAPTCHA verification pages to deliver the Python-based Infiniti Stealer to macOS users via a...

  • NewsMar 28, 2026

    TA446 Deploys DarkSword iOS Exploit Kit in Targeted

    Proofpoint has attributed a targeted email campaign to Russian state-sponsored threat actor TA446, which is leveraging the recently disclosed DarkSword...

  • NewsFeb 28, 2026

    Google Disrupts Massive Chinese Espionage Campaign

    Google's Threat Intelligence Group dismantles UNC2814, a China-linked operation that deployed a novel backdoor called GRIDTIDE abusing Google Sheets API...

  • NewsFeb 27, 2026

    Leaked Documents Reveal China's 'Expedition Cloud' Cyber

    Technical documents leaked from a malware-infected developer device expose a Chinese military-linked training platform that replicates the critical...

  • NewsFeb 18, 2026

    Notepad++ Supply Chain Attack Attributed to China-Linked

    Notepad++ releases emergency v8.9.2 patch after a China-linked APT group hijacked the update mechanism for six months, deploying the Chrysalis backdoor to...

  • SecurityFeb 18, 2026

    Dell RecoverPoint Zero-Day Exploited by Chinese APT Since

    A maximum-severity CVSS 10.0 hardcoded credentials vulnerability in Dell RecoverPoint for VMs has been under active exploitation by China-nexus threat...

  • NewsFeb 15, 2026

    Russian APT 'ChainReaver' Hijacks 50 GitHub Accounts and Mirrors

    A Russian state-sponsored APT group dubbed ChainReaver-L compromised trusted file-sharing mirrors and 50 long-established GitHub accounts to distribute...

  • NewsFeb 13, 2026

    All Four Major Nation-State Adversaries Now Weaponizing

    Google reports that APT groups from China, Russia, Iran, and North Korea are all actively using Gemini AI for cyber operations including target...

  • NewsFeb 13, 2026

    Russian-Linked CANFAIL Malware Targets Ukrainian Defense

    Google Threat Intelligence Group attributes a previously undocumented JavaScript malware called CANFAIL to a Russian-linked threat actor targeting...

  • NewsFeb 12, 2026

    Lazarus Group Plants 192 Malicious Packages in npm and PyPI

    North Korea's Lazarus Group is running a fake recruitment campaign codenamed Graphalgo, planting 192 malicious packages on npm and PyPI that target...

  • NewsFeb 11, 2026

    North Korea Deploys AI-Generated Video and ClickFix

    North Korean threat actors are running sophisticated campaigns using AI-generated deepfake videos and the ClickFix social engineering technique to target...

  • NewsFeb 10, 2026

    China-Linked UNC3886 Breaches All Four Singapore Telecom

    Singapore discloses that APT group UNC3886 compromised all four major telecom providers using zero-day exploits and rootkits, triggering the nation's...

  • SecurityFeb 10, 2026

    Lotus Blossom APT Compromises Notepad++ Updates to Deploy

    China-linked Lotus Blossom hijacked Notepad++ software updates for six months, selectively delivering the Chrysalis backdoor to government and IT targets...

  • SecurityFeb 10, 2026

    UNC3886 Zero-Day Campaign: Singapore Telecom Operators

    Singapore discloses that APT group UNC3886 conducted a targeted espionage campaign against M1, SIMBA, Singtel, and StarHub using a previously unknown...

  • NewsFeb 8, 2026

    North Korean Hackers Use Fake Zoom Meeting to Target Crypto

    UNC1069, a North Korean APT group, deployed a sophisticated ClickFix scam using a fake Zoom meeting to target a cryptocurrency executive in a social...

  • NewsFeb 7, 2026

    Shadow Campaigns: State-Backed Espionage Group Breaches 70+

    Palo Alto Unit 42 reveals a state-aligned group designated TGR-STA-1030 compromised government and critical infrastructure targets in 37 countries using...

  • SecurityJan 22, 2026

    China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape VMs

    Sophisticated attack chain leverages compromised SonicWall VPN and VMware ESXi vulnerabilities to break out of virtual machine isolation and compromise...

  • NewsJan 8, 2026

    US Treasury Department Confirms Network Breach by State Actors

    The US Treasury Department has confirmed a significant cybersecurity incident, attributing the breach to state-sponsored threat actors who accessed...