Tag ESET

THN Cybersecurity Weekly Recap: Key Threats, Tools, and Trends (October 7 – October 13)

Posted on October 14, 2024
Category: Cybersecurity Recap

Get ready for your weekly update on the latest in cybersecurity! This week, we’re diving into everything from zero-day vulnerabilities and rogue AI to the FBI stepping into the crypto game—you won’t want to miss this! Let’s get started so we can beat the FOMO! ⚡

🔒 Threat Spotlight: GoldenJackal’s Air-Gapped Infiltration
Introducing GoldenJackal, the hacking group that’s been flying under your radar. They’ve developed a method to breach highly secure, air-gapped systems using stealthy worms distributed via infected USB drives (yes, you read that right!). ESET researchers have identified their operations targeting notable victims, including a South Asian embassy in Belarus and a European Union government entity.

🔔 Top Headlines
Mozilla has released a patch for a critical Firefox zero-day vulnerability…

THN Cybersecurity Recap: Key Threats and Developments (October 7 – October 13) October 14, 2024 As we delve into this week’s cybersecurity landscape, numerous developments highlight the urgency and complexity of the current threats. Among them is the emergence of GoldenJackal, a previously obscure hacking group that has made headlines…

Read More

THN Cybersecurity Weekly Recap: Key Threats, Tools, and Trends (October 7 – October 13)

Posted on October 14, 2024
Category: Cybersecurity Recap

Get ready for your weekly update on the latest in cybersecurity! This week, we’re diving into everything from zero-day vulnerabilities and rogue AI to the FBI stepping into the crypto game—you won’t want to miss this! Let’s get started so we can beat the FOMO! ⚡

🔒 Threat Spotlight: GoldenJackal’s Air-Gapped Infiltration
Introducing GoldenJackal, the hacking group that’s been flying under your radar. They’ve developed a method to breach highly secure, air-gapped systems using stealthy worms distributed via infected USB drives (yes, you read that right!). ESET researchers have identified their operations targeting notable victims, including a South Asian embassy in Belarus and a European Union government entity.

🔔 Top Headlines
Mozilla has released a patch for a critical Firefox zero-day vulnerability…

Russian Hackers Take Advantage of WinRAR Zero-Day Vulnerability

Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime RomCom Group Deploys SnipBot, RustyClaw, and Mythic Agent Variants Akshaya Asokan (@asokan_akshaya) • August 12, 2025 Image: WinRAR/Shutterstock/ISMG A Russian-speaking hacking collective has been observed exploiting a zero-day vulnerability in WinRAR, signaling a notable transition from traditional cybercrime to more sophisticated cyberespionage…

Read MoreRussian Hackers Take Advantage of WinRAR Zero-Day Vulnerability

Critical WinRAR 0-Day Vulnerability Exploited for Weeks by Two Groups

In recent reports, cybersecurity firm BI.ZONE disclosed that the threat actor known as Paper Werewolf has launched a series of attacks leveraging exploits delivered via email attachments. These emails masqueraded as communications from employees at the All-Russian Research Institute, with the malicious aim of installing malware to gain unauthorized access…

Read MoreCritical WinRAR 0-Day Vulnerability Exploited for Weeks by Two Groups

China-Aligned MirrorFace Hackers Lure EU Diplomats with World Expo 2025 Scheme

Date: Nov 07, 2024
Category: Threat Intelligence / Cyber Espionage

The China-aligned hacking group MirrorFace has recently targeted a diplomatic organization within the European Union for the first time. According to ESET’s APT Activity Report for April to September 2024, the attackers exploited the upcoming World Expo 2025 in Osaka, Japan, as bait. This incident illustrates that while their geographic focus is shifting, MirrorFace continues to emphasize connections to Japan and related events. Also known as Earth Kasha, MirrorFace is part of a broader group, APT10, which includes other clusters like Earth Tengshe and Bronze Starlight. The group has been actively cyber-spying on Japanese organizations since at least 2019, with a recent expansion in 2023 that included targets in Taiwan and India. Over time, their malware tools have significantly advanced, showcasing their persistent threat landscape.

China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait On November 7, 2024, cybersecurity experts from ESET reported a significant development in cyber espionage, revealing that the China-aligned hacking group known as MirrorFace has set its sights on a diplomatic organization within the European Union. This marks a…

Read More

China-Aligned MirrorFace Hackers Lure EU Diplomats with World Expo 2025 Scheme

Date: Nov 07, 2024
Category: Threat Intelligence / Cyber Espionage

The China-aligned hacking group MirrorFace has recently targeted a diplomatic organization within the European Union for the first time. According to ESET’s APT Activity Report for April to September 2024, the attackers exploited the upcoming World Expo 2025 in Osaka, Japan, as bait. This incident illustrates that while their geographic focus is shifting, MirrorFace continues to emphasize connections to Japan and related events. Also known as Earth Kasha, MirrorFace is part of a broader group, APT10, which includes other clusters like Earth Tengshe and Bronze Starlight. The group has been actively cyber-spying on Japanese organizations since at least 2019, with a recent expansion in 2023 that included targets in Taiwan and India. Over time, their malware tools have significantly advanced, showcasing their persistent threat landscape.

New Variants of SparrowDoor Backdoor Discovered in Cyberattacks on U.S. and Mexican Organizations

March 26, 2025
Malware / Vulnerability

The Chinese threat actor known as FamousSparrow has been implicated in a cyberattack targeting a U.S. trade group and a research institute in Mexico, leveraging its primary backdoor, SparrowDoor, along with ShadowPad. This activity, observed in July 2024, marks the first deployment of ShadowPad by the group, a malware commonly associated with Chinese state-sponsored attackers. ESET reported that “FamousSparrow introduced two new, undocumented versions of the SparrowDoor backdoor, one of which is modular.” These iterations show significant advancements, including the ability to execute commands in parallel. FamousSparrow was first identified by the Slovak cybersecurity firm in September 2021 during a series of attacks against hotels, governments, engineering firms, and law practices, utilizing the exclusive SparrowDoor implant. Subsequent reports have highlighted the adversarial group’s expanding footprint…

New Variants of SparrowDoor Backdoor Discovered in Cyberattacks on U.S. and Mexican Entities March 26, 2025 A notable cyber incident has linked the Chinese threat actor known as FamousSparrow to an attack on a U.S.-based trade organization and a research institute in Mexico. The attack, which occurred in July 2024,…

Read More

New Variants of SparrowDoor Backdoor Discovered in Cyberattacks on U.S. and Mexican Organizations

March 26, 2025
Malware / Vulnerability

The Chinese threat actor known as FamousSparrow has been implicated in a cyberattack targeting a U.S. trade group and a research institute in Mexico, leveraging its primary backdoor, SparrowDoor, along with ShadowPad. This activity, observed in July 2024, marks the first deployment of ShadowPad by the group, a malware commonly associated with Chinese state-sponsored attackers. ESET reported that “FamousSparrow introduced two new, undocumented versions of the SparrowDoor backdoor, one of which is modular.” These iterations show significant advancements, including the ability to execute commands in parallel. FamousSparrow was first identified by the Slovak cybersecurity firm in September 2021 during a series of attacks against hotels, governments, engineering firms, and law practices, utilizing the exclusive SparrowDoor implant. Subsequent reports have highlighted the adversarial group’s expanding footprint…

Honor Among Thieves: The M&S Hacking Group Sparks Turf War

Cybercriminal Landscape Shifting as DragonForce Targets RansomHub Affiliates Recent developments in the cybercrime realm have emerged, with the hacking group DragonForce reportedly targeting affiliates of RansomHub in a move that raises concerns over the stability within the ransomware ecosystem. Genevieve Stark, head of cybercrime analysis at Google Threat Intelligence Group,…

Read MoreHonor Among Thieves: The M&S Hacking Group Sparks Turf War

SentinelOne Reports No Breach Following Hardware Supplier Cyberattack

Third-Party Risk Management, Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Intrusion Linked to ShadowPad Malware Used by Chinese APT Groups Mathew J. Schwartz (@euroinfosec) • June 9, 2025 Image: Michael Vi/Shutterstock SentinelOne, a prominent cybersecurity firm, reported a suspected intrusion by Chinese cyber attackers targeting a logistics company that…

Read MoreSentinelOne Reports No Breach Following Hardware Supplier Cyberattack

Iranian Espionage Group Exposed for Monitoring Kurdish Officials

Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime Iranian Espionage Group, BladedFeline, Targeting Kurdish Officials Since 2017 Jayant Chakravarti (@JayJay_Tech) • June 5, 2025 Ebril, capital of the semi-autonomous Kurdistan Region of Iraq. (Image: Michal Izydorczyk/Shutterstock) A recently released report indicates that the Iranian espionage group known as BladedFeline has…

Read MoreIranian Espionage Group Exposed for Monitoring Kurdish Officials