Tag Malware

Advanced DownEx Malware Campaign Targets Central Asian Governments

May 10, 2023
Malware / Cyber Attack

Central Asian government entities are under threat from a sophisticated espionage operation utilizing a previously unidentified strain of malware known as DownEx. In a report shared with The Hacker News, cybersecurity firm Bitdefender indicated that the malicious activities are ongoing, with indications pointing towards involvement from Russia-based threat actors. The malware was first detected in a highly targeted assault on foreign government institutions in Kazakhstan in late 2022, followed by an attack in Afghanistan. The use of a diplomat-themed lure document and the campaign’s emphasis on data exfiltration imply the actions of a state-sponsored group, although the exact identity of the hacking organization remains unclear. The campaign’s initial breach method appears to involve spear-phishing emails containing a malicious payload disguised as a Microsoft Word file.

Sophisticated DownEx Malware Campaign Targets Central Asian Governments A newly identified malware campaign, known as DownEx, is targeting government institutions in Central Asia, raising significant concerns within the cybersecurity community. According to a recent report by Bitdefender, the ongoing campaign indicates strong ties to threat actors operating from Russia. This…

Read More

Advanced DownEx Malware Campaign Targets Central Asian Governments

May 10, 2023
Malware / Cyber Attack

Central Asian government entities are under threat from a sophisticated espionage operation utilizing a previously unidentified strain of malware known as DownEx. In a report shared with The Hacker News, cybersecurity firm Bitdefender indicated that the malicious activities are ongoing, with indications pointing towards involvement from Russia-based threat actors. The malware was first detected in a highly targeted assault on foreign government institutions in Kazakhstan in late 2022, followed by an attack in Afghanistan. The use of a diplomat-themed lure document and the campaign’s emphasis on data exfiltration imply the actions of a state-sponsored group, although the exact identity of the hacking organization remains unclear. The campaign’s initial breach method appears to involve spear-phishing emails containing a malicious payload disguised as a Microsoft Word file.

Rising China-Taiwan Tensions Ignite Sharp Increase in Cyber Attacks

May 18, 2023
Cyber Warfare / Threat Intelligence

Recent geopolitical strains between China and Taiwan have led to a significant rise in cyber attacks targeting the island nation. According to a report from the Trellix Advanced Research Center, “The conflict stemming from China’s claim over Taiwan, combined with Taiwan’s push for independence, has resulted in a troubling escalation of cyber threats.” These attacks, aimed at various sectors, primarily focus on deploying malware and stealing sensitive data. The cybersecurity firm noted a staggering four-fold increase in malicious emails between April 7 and April 10, 2023, with sectors such as networking, manufacturing, and logistics being particularly affected. Following this surge, the region saw a 15x spike in PlugX detections between April 10 and April 12, 2023.

Rising China-Taiwan Tensions Ignite Surge in Cyber Attacks May 18, 2023 Recent months have witnessed a significant escalation in tensions between China and Taiwan, resulting in a marked increase in cyber attacks aimed at the East Asian island nation. According to a new report from the Trellix Advanced Research Center,…

Read More

Rising China-Taiwan Tensions Ignite Sharp Increase in Cyber Attacks

May 18, 2023
Cyber Warfare / Threat Intelligence

Recent geopolitical strains between China and Taiwan have led to a significant rise in cyber attacks targeting the island nation. According to a report from the Trellix Advanced Research Center, “The conflict stemming from China’s claim over Taiwan, combined with Taiwan’s push for independence, has resulted in a troubling escalation of cyber threats.” These attacks, aimed at various sectors, primarily focus on deploying malware and stealing sensitive data. The cybersecurity firm noted a staggering four-fold increase in malicious emails between April 7 and April 10, 2023, with sectors such as networking, manufacturing, and logistics being particularly affected. Following this surge, the region saw a 15x spike in PlugX detections between April 10 and April 12, 2023.

RVTools Official Site Compromised to Distribute Bumblebee Malware via Trojan Installer

May 19, 2025
Malware / Supply Chain Attack

The official RVTools website has been compromised, delivering a tainted installer for the widely-used VMware environment reporting tool. In a statement on their site, the company announced, “Robware.net and RVTools.com are currently offline. We are working diligently to restore service and appreciate your patience. Please note that Robware.net and RVTools.com are the only authorized and supported sources for RVTools software. Avoid downloading RVTools from any other websites or sources.” This incident follows revelations from security researcher Aidan Leon, who discovered that the infected installer was being used to load a malicious DLL, identified as the Bumblebee malware loader. It remains unclear how long the compromised version of RVTools was available for download or how many users had installed it before the websites were taken offline. In the meantime, users are advised to verify…

RVTools Official Website Compromised, Distributing Bumblebee Malware Through Trojan Installer On May 19, 2025, the official website for RVTools, a well-known utility for reporting within VMware environments, was breached, leading to the distribution of a compromised installer. This attack is a stark reminder of the vulnerabilities associated with software supply…

Read More

RVTools Official Site Compromised to Distribute Bumblebee Malware via Trojan Installer

May 19, 2025
Malware / Supply Chain Attack

The official RVTools website has been compromised, delivering a tainted installer for the widely-used VMware environment reporting tool. In a statement on their site, the company announced, “Robware.net and RVTools.com are currently offline. We are working diligently to restore service and appreciate your patience. Please note that Robware.net and RVTools.com are the only authorized and supported sources for RVTools software. Avoid downloading RVTools from any other websites or sources.” This incident follows revelations from security researcher Aidan Leon, who discovered that the infected installer was being used to load a malicious DLL, identified as the Bumblebee malware loader. It remains unclear how long the compromised version of RVTools was available for download or how many users had installed it before the websites were taken offline. In the meantime, users are advised to verify…

Chinese Hackers Leverage Ivanti EPMM Vulnerabilities in Widespread Global Attacks

May 22, 2025
Enterprise Security / Malware

A recently patched duo of security vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-linked threat actor to target various sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, identified as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), can be combined to run arbitrary code on vulnerable devices without needing any authentication. Ivanti addressed these flaws just last week. According to a report from EclecticIQ, the vulnerability chain has been misused by UNC5221, a Chinese cyber espionage group known for targeting edge network devices since at least 2023. Most recently, this group has also been linked to exploitation attempts on SAP NetWeaver instances affected by CVE-2025-31324. The Dutch cybersecurity firm noted that the first exploitation activities began on May 15, 2025, with attacks focused on healthcare, telecommunications, and aviation sectors.

Chinese Cyber Actors Target Global Enterprises Through Ivanti EPMM Vulnerabilities May 22, 2025 – Enterprise Security / Malware Recent developments in the cybersecurity landscape have revealed that a pair of vulnerabilities within Ivanti Endpoint Manager Mobile (EPMM) software, identified as CVE-2025-4427 and CVE-2025-4428, have been exploited by a China-based threat…

Read More

Chinese Hackers Leverage Ivanti EPMM Vulnerabilities in Widespread Global Attacks

May 22, 2025
Enterprise Security / Malware

A recently patched duo of security vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-linked threat actor to target various sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, identified as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), can be combined to run arbitrary code on vulnerable devices without needing any authentication. Ivanti addressed these flaws just last week. According to a report from EclecticIQ, the vulnerability chain has been misused by UNC5221, a Chinese cyber espionage group known for targeting edge network devices since at least 2023. Most recently, this group has also been linked to exploitation attempts on SAP NetWeaver instances affected by CVE-2025-31324. The Dutch cybersecurity firm noted that the first exploitation activities began on May 15, 2025, with attacks focused on healthcare, telecommunications, and aviation sectors.

North Korean Hackers Initiate New Cyber Attack Against South Korea

Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Geo Focus: Asia Report: North Korean Hacking Group Incorporates Ransomware into Cyber Operations Chris Riotta (@chrisriotta) • August 14, 2025 Image: Shutterstock Recent findings from South Korean cybersecurity researchers have revealed a robust cyberattack campaign attributed to the North Korean hacker group…

Read MoreNorth Korean Hackers Initiate New Cyber Attack Against South Korea

INTERPOL Takes Down Over 20,000 Malicious IPs Tied to 69 Malware Variants in Operation Secure

On June 11, 2025, INTERPOL announced the successful dismantling of more than 20,000 malicious IP addresses and domains associated with 69 information-stealing malware variants. Conducted between January and April 2025, the operation—codename Operation Secure—was a collaborative effort involving law enforcement agencies from 26 countries. This initiative focused on identifying servers, mapping physical networks, and executing targeted takedowns.

According to INTERPOL, these coordinated actions led to the removal of 79% of the suspicious IP addresses identified. Participating countries reported seizing 41 servers, recovering over 100 GB of data, and arresting 32 individuals linked to illegal cyber activities. Vietnamese authorities alone apprehended 18 suspects, confiscating various devices, SIM cards, registration documents, and $11,500 in cash. Additional house raids in Sri Lanka resulted in the arrest of 12 more individuals, with two suspects apprehended in Nauru. The Hong Kong Police also played a crucial role in the operation, as stated by INTERPOL.

INTERPOL Disrupts Over 20,000 Malicious IP Addresses in Operation Secure On June 11, 2025, INTERPOL announced a significant crackdown on cybercrime, revealing the dismantling of more than 20,000 malicious IP addresses linked to 69 variants of information-stealing malware. The initiative, termed Operation Secure, involved a coordinated effort from law enforcement…

Read More

INTERPOL Takes Down Over 20,000 Malicious IPs Tied to 69 Malware Variants in Operation Secure

On June 11, 2025, INTERPOL announced the successful dismantling of more than 20,000 malicious IP addresses and domains associated with 69 information-stealing malware variants. Conducted between January and April 2025, the operation—codename Operation Secure—was a collaborative effort involving law enforcement agencies from 26 countries. This initiative focused on identifying servers, mapping physical networks, and executing targeted takedowns.

According to INTERPOL, these coordinated actions led to the removal of 79% of the suspicious IP addresses identified. Participating countries reported seizing 41 servers, recovering over 100 GB of data, and arresting 32 individuals linked to illegal cyber activities. Vietnamese authorities alone apprehended 18 suspects, confiscating various devices, SIM cards, registration documents, and $11,500 in cash. Additional house raids in Sri Lanka resulted in the arrest of 12 more individuals, with two suspects apprehended in Nauru. The Hong Kong Police also played a crucial role in the operation, as stated by INTERPOL.

SideWinder APT Launches Covert Multi-Stage Assault on Middle East and Africa

October 17, 2024
Malware / Cyber Espionage

An advanced persistent threat (APT) known as SideWinder, with suspected links to India, has initiated a wave of attacks targeting high-profile organizations and critical infrastructure in the Middle East and Africa. This group, also referred to as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger, and T-APT-04, may initially appear low-skilled due to its reliance on publicly available exploits, malicious LNK files, scripts, and common remote access tools (RATs). However, Kaspersky researchers Giampaolo Dedola and Vasily Berdnikov suggest that their true capabilities become evident upon closer examination of their operational tactics. The group’s targets include government and military sectors, logistics, telecommunications, financial institutions, universities, and oil trading firms in countries such as Bangladesh, Djibouti, Jordan, and Malaysia.

SideWinder APT Targets Middle East and Africa in Cohesive Multi-Stage Attacks October 17, 2024 Recent reports indicate that an advanced persistent threat (APT) group, identified as SideWinder, is actively executing a series of sophisticated cyberattacks against notable infrastructures and organizations in the Middle East and Africa. This group, also referred…

Read More

SideWinder APT Launches Covert Multi-Stage Assault on Middle East and Africa

October 17, 2024
Malware / Cyber Espionage

An advanced persistent threat (APT) known as SideWinder, with suspected links to India, has initiated a wave of attacks targeting high-profile organizations and critical infrastructure in the Middle East and Africa. This group, also referred to as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger, and T-APT-04, may initially appear low-skilled due to its reliance on publicly available exploits, malicious LNK files, scripts, and common remote access tools (RATs). However, Kaspersky researchers Giampaolo Dedola and Vasily Berdnikov suggest that their true capabilities become evident upon closer examination of their operational tactics. The group’s targets include government and military sectors, logistics, telecommunications, financial institutions, universities, and oil trading firms in countries such as Bangladesh, Djibouti, Jordan, and Malaysia.