APT28, also known as ITG05, BlueDelta, Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, Sofacy, and TA422, is conducting a highly targeted cyber espionage campaign that primarily focuses on European entities involved in humanitarian aid allocation, utilizing lures related to the Israel-Hamas war and distributing the HeadLace backdoor.
The Apache Software Foundation has issued a security advisory for a critical security flaw in the Struts 2 web application framework, allowing for remote code execution and control over the underlying operating system.
Sandman APT, Storm-0866/Red Dev 40, and LuaDream are China-based threat clusters that target telecommunication providers in the Middle East, Western Europe, and South Asia using the KEYPLUG backdoor and LuaDream implant, highlighting the complex nature of the Chinese threat landscape and the growing trend among threat actors to employ less common techniques to avoid detection.
The Lazarus Group, linked to North Korea, deploys remote access trojans through the Log4Shell vulnerability in a global campaign targeting manufacturing, agriculture, and physical security sectors.
ALPHV, also known as BlackCat, a ransomware-as-a-service group, is facing disruption to its data leak site and communication channels, potentially due to a law enforcement operation.
SafeBreach researcher Alon Leviev discovers PoolParty, a collection of process injection techniques that enable code execution in Windows systems while evading endpoint detection and response (EDR) systems.
