Threat Intelligence · Global monitoring

Hujumlar Bazasi

APT kampaniyalari, ransomware hujumlari va global kibertahdidlar ma'lumotlar bazasi

Jami hujumlar

0

Kritik

0

APT guruhlar

0

Davlatlar

0

// LIVE THREAT FEED

Hammasi 💀 Ransomware 🌊 DDoS 🔗 Ta'minot zanjiri 🕵️ APT 🗃️ Ma'lumot sizintisi 🎣 Fishing ⚡ Zero-day 📌 Boshqa

Kritik Yuqori O'rtacha Past

Salesforce Data Exfiltration

🎣 FishingPast

The Salesforce Data Exfiltration campaign began in October 2024 with financially-motivated threat actor UNC6040 using Spearphishing Voice (vishing) to compromise corporate Salesforce instances for large-scale data theft and extortion. Following the initial data theft, victim organizations received extortion demands from a separate threat actor, UNC6240, who claimed to be the “ShinyHunters” group. The observed infrastructure and TTPs used during the Salesforce Data Exfiltration campaign overlap with those used by threat groups with suspected ties to the broader collective known as "The Com.” These overlaps could plausibly be the result of associated actors operating within the same communities and are not necessarily an indication of a direct operational relationship.

👤Salesforce Data Exfiltration🎯Umumiy22-okt, 2025

RedDelta Modified PlugX Infection Chain Operations

🎣 FishingPast

RedDelta Modified PlugX Infection Chain Operations was executed by Mustang Panda from mid-2023 through the end of 2024 against multiple entities in East and Southeast Asia. RedDelta Modified PlugX Infection Chain Operations involved phishing to deliver malicious files or links to users prompting follow-on installer downloads to load PlugX on victim machines in a persistent state.

👤RedDelta Modified PlugX Infection Chain Operations🎯Umumiy14-yan, 2025

APT42

🎣 FishingPast

APT42 is an Iranian-sponsored threat group that conducts cyber espionage and surveillance. The group primarily focuses on targets in the Middle East region, but has targeted a variety of industries and countries since at least 2015. APT42 starts cyber operations through spearphishing emails and/or the PINEFLOWER Android malware, then monitors and collects information from the compromised systems and devices. Finally, APT42 exfiltrates data using native features and open-source tools. APT42 activities have been linked to Magic Hound by other commercial vendors. While there are behavior and software overlaps between Magic Hound and APT42, they appear to be distinct entities and are tracked as separate entities by their originating vendor.

👤APT42🎯Umumiy8-yan, 2025

Winter Vivern

🎣 FishingPast

Winter Vivern is a group linked to Russian and Belorussian interests active since at least 2020 targeting various European government and NGO entities, along with sporadic targeting of Indian and US victims. The group leverages a combination of document-based phishing activity and server-side exploitation for initial access, leveraging adversary-controlled and -created infrastructure for follow-on command and control.

👤Winter Vivern🎯Umumiy29-iyl, 2024

SolarWinds Compromise

🎣 FishingPast

The SolarWinds Compromise was a sophisticated supply chain cyber operation conducted by APT29 that was discovered in mid-December 2020. APT29 used customized malware to inject malicious code into the SolarWinds Orion software build process that was later distributed through a normal software update; they also used password spraying, token theft, API abuse, spear phishing, and other supply chain attacks to compromise user accounts and leverage their associated access. Victims of this campaign included government, consulting, technology, telecom, and other organizations in North America, Europe, Asia, and the Middle East. This activity has been labled the StellarParticle campaign in industry reporting. Industry reporting also initially referred to the actors involved in this campaign as UNC2452, NOBELIUM, Dark Halo, and SolarStorm. In April 2021, the US and UK governments attributed the SolarWinds Compromise to Russia's Foreign Intelligence Service (SVR); public statements included citations to APT29, Cozy Bear, and The Dukes. The US government assessed that of the approximately 18,000 affected public and private sector customers of Solar Winds’ Orion product, a much smaller number were compromised by follow-on APT29 activity on their systems.

👤SolarWinds Compromise🎯Umumiy24-mar, 2023