Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been attributed by Palo Alto Networks Unit 42 to a previously undocumented threat activity group dubbed

iT4iNT SERVER Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure VDS VPS Cloud #CyberSecurity #Hacking #Infrastructure #Espionage #ThreatActor

Ok, this is _interesting_ and it's confusing. The domain `hungerrush.com` is not affiliated with any of my domains. The only similarity is that we both use Cloudflare. But this is coming to my personal email domain. DNSlytics doesn't show anything out of order […]

[Original post on bofh.social]

⚠️ New threat actor on the radar ⚠️

🥷🏻 AtomSilo Ransomware
🗓️ added on February 24

🥢 Overview
AtomSilo was first observed in September 2021, historically attributed to the Chinese state-sponsored cluster known as BRONZE STARLIGHT.

#ransomNews #cybersecurity #threatactor

Snippet of the PromptSpy malware code.

This snippet of the #malware reveals hardcoded prompts. Analysis of the sample also suggests that the #threatactor likely operated in a Chinese-speaking environment. ESET concluded that the #campaign appears to be primarily targeting users in Argentina.

An AI-generated, Harry Potter-themed illustration titled "Digital Defense Against the Dark Arts" depicts a battle between students and dark figures over the integrity of information. On the left, students dressed as wizards use glowing wands and magnifying glasses to perform fact-checking and manage Wikipedia edit wars, while a wizard resembling Dumbledore oversees the process. On the right, hooded, skeletal figures cast dark spells labeled disinformation. In the foreground, a student focuses on critical thinking, surrounded by a golden "SIFT" methodology icon cycle: Stop, Investigate source, Find trusted coverage, and Trace claims.

Check out my latest article, "Digital Defense Against the Dark Arts"
wfryer.substack.com/p/digital...

Join me now in the "Zoom Room of Requirement" :-)

#MediaLit #MediaLiteracy #disinfo #HarryPotter #selfdefense #Russia #badactor #threatactor #edtechSR

Can’t stop, won’t stop: TA584 innovates initial access

www.proofpoint.com/us/blog/thre...

#ClickFix #cybercrime #TA584 #ThreatActor #SocialEngineering #EMail #Tsundere #IAB

He called himself an ‘untouchable hacker god’. But who was behind the biggest crime Finland has ever known? www.theguardian.com/...
#cybersecurity #datatheft #medical #psychiatrist #threatactor

Absurd Tales from the Cyber Frontline

~Sophos~
Analysis of bizarre threat actor behavior, including a victim hit by LockBit, Hive, & BlackCat ransomware, offers unique intel.
-
IOCs: LockBit, Hive, BlackCat
-
#Ransomware #ThreatActor #ThreatIntel

In the realm of cybersecurity, understanding the concept of a threat actor is crucial for both individuals and organizations.

securityish.com/what-is-a-t...

#cybersecurity #threatactor #security

Check out my new research 👇

Scattered Spider Many Names One Syndicate

Link: akatsukilegion.netlify.app/scattered_sp...

#scatteredspider #threathunting #adversary #threatintel #malware #c2 #threatactor

Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT. The campaign, which is primarily aimed at Chinese-speaking users, employs trojanized NSIS installers masquerading as legitimate like Google Chrome and Microsoft Teams, according to Elastic Security Labs. "The

iT4iNT SERVER Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT VDS VPS Cloud #CyberSecurity #Malware #GhostRAT #Roningloader #ThreatActor

The latest Weekly Bulletin is live!

Read more: www.cyber.nj.gov/connect/weekly-bulletin/...

#infosec #cyber #security #threatactor #apt44

The latest Weekly Bulletin is live!

Read more: www.cyber.nj.gov/connect/weekly-bulletin/...

#infosec #cyber #security #threatactor #apt44

Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave Chinese-linked hackers use Nezha and Gh0st RAT to compromise over 100 servers via phpMyAdmin flaws.

Chinese threat actors are weaponizing open-source tools for stealthier attacks — blurring lines between community innovation and covert operations. 🧰🐉 #OpenSourceSecurity #ThreatActor

Cybersecurity alla Difesa, l’esercito potrà assumere hacker per attaccare: il ddl della maggioranza Una mossa fatta sentendo comunque il ministro Crosetto che da tempo predica un cambio delle norme. Il disegno di legge ha come primo firmatario e proponente il…

Governo a vocazione fascista seleziona #APT da inserire in organico per operazioni di spionaggio politico, sabotaggio di infrastrutture critiche e furti di dati sensibili. Astenersi perditempo e difensori dello stato di diritto.

#cyberwarfare #infosec #threatactor

www.repubblica.it/politica/202...

Original post on no-pony.farm

In der Behörde E:

Beamtin: Ich kann Sie nicht allein im Büro lassen. Sie könnten ja Akten klauen. Mein Chef ist da sehr dahinter.

Ich: Also wenn ich hier Akten klauen wollte, dann über das Internet.

Beamtin: Ja, so wie unsere IT aussieht, wäre das der bessere Weg

. Ich: ....?! […]

With a reverse lookup on any IP, you can identify other domains sharing the same infrastructure.

Try for yourself with our free edition: explore.silentpush.com

#threatactor #IP #CTI #threatintel #threathunting #cybersecurity

Stone Panda (APT 10) is still active across the globe in 2025.
• State-sponsored ops tied to China’s MSS
• Targets: healthcare, defense, academia
• Tools: Mimikatz, BloodHound, Impacket
• Active in the U.S., UK, Japan, India + more

#CyberEspionage #ChinaAPT #ThreatActor #Cyble

🚨 *Scattered Lapsus$ Hunters threaten Google with data leak*

On September 1, 2025, the “Scattered Lapsus$ Hunters” group demanded Google fire two security analysts (one from Threat Intelligence, one from Mandiant), or they’d leak alleged internal data.

#ransomNews #threatactor #infosecintel

From Alias to Attribution: An Analyst’s Guide to Dark Web Threat Actor Profiling How to fuse OSINT with darknet signals to map aliases, link TTPs, and raise attribution confidence - fast.

From Alias to Attribution: An Analyst’s Guide to Dark Web Threat Actor Profiling #ThreatActor #DarkWeb #OSINT
More: medium.com/@matt_black/...

4/11 CSE defines "threat actor" as group or individual with "malicious intent" to gain unauthorized access to victims' data, devices, and networks.

Information could be used for scams or to impersonate MPs.
#ThreatActor #MPs

Unit 42 Threat Actor Encyclopedia Update

~Paloalto~
Unit 42 has updated its comprehensive encyclopedia of tracked threat actors, adding new ransomware and cybercrime groups.
-
IOCs: BlackCat, LockBit, Cl0P
-
#Ransomware #ThreatActor #ThreatIntel

You don’t have to agree with 888 to learn from him.
We covered breach methodology, identity management, and how public perception shapes threat actors.
Full interview:
youtu.be/MUYjiETdVWQ
#888 #threatactor #breachforums