⚔️

Hujumlar Bazasi

Tasdiqlangan kiberxavfsizlik hujumlari, APT kampaniyalari va global tahdidlar to'plami

3

Jami hujumlar

-

Kritik

-

APT guruhlar

-

Davlatlar

Hammasi 💀 Ransomware 🌊 DDoS 🔗 Ta'minot zanjiri 🕵️ APT 🗃️ Ma'lumot sızıntısı 🎣 Fishing ⚡ Zero-day 📌 Boshqa

Kritik Yuqori O'rtacha Past

RedDelta Modified PlugX Infection Chain Operations

🎣 FishingPast

RedDelta Modified PlugX Infection Chain Operations was executed by Mustang Panda from mid-2023 through the end of 2024 against multiple entities in East and Southeast Asia. RedDelta Modified PlugX Infection Chain Operations involved phishing to deliver malicious files or links to users prompting follow-on installer downloads to load PlugX on victim machines in a persistent state.

👤RedDelta Modified PlugX Infection Chain Operations🎯Umumiy14-yan, 2025

APT42

🎣 FishingPast

APT42 is an Iranian-sponsored threat group that conducts cyber espionage and surveillance. The group primarily focuses on targets in the Middle East region, but has targeted a variety of industries and countries since at least 2015. APT42 starts cyber operations through spearphishing emails and/or the PINEFLOWER Android malware, then monitors and collects information from the compromised systems and devices. Finally, APT42 exfiltrates data using native features and open-source tools. APT42 activities have been linked to Magic Hound by other commercial vendors. While there are behavior and software overlaps between Magic Hound and APT42, they appear to be distinct entities and are tracked as separate entities by their originating vendor.

👤APT42🎯Umumiy8-yan, 2025

SolarWinds Compromise

🎣 FishingPast

The SolarWinds Compromise was a sophisticated supply chain cyber operation conducted by APT29 that was discovered in mid-December 2020. APT29 used customized malware to inject malicious code into the SolarWinds Orion software build process that was later distributed through a normal software update; they also used password spraying, token theft, API abuse, spear phishing, and other supply chain attacks to compromise user accounts and leverage their associated access. Victims of this campaign included government, consulting, technology, telecom, and other organizations in North America, Europe, Asia, and the Middle East. This activity has been labled the StellarParticle campaign in industry reporting. Industry reporting also initially referred to the actors involved in this campaign as UNC2452, NOBELIUM, Dark Halo, and SolarStorm. In April 2021, the US and UK governments attributed the SolarWinds Compromise to Russia's Foreign Intelligence Service (SVR); public statements included citations to APT29, Cozy Bear, and The Dukes. The US government assessed that of the approximately 18,000 affected public and private sector customers of Solar Winds’ Orion product, a much smaller number were compromised by follow-on APT29 activity on their systems.

👤SolarWinds Compromise🎯Umumiy24-mar, 2023