Phoenix IT

Author: origin

N. Korea’s Kimsuky Targeting South Korean Research Institutes with Backdoor Attacks

N. Korea’s Kimsuky Targeting South Korean Research Institutes with Backdoor Attacks

The North Korean threat actor known as Kimsuky has been observed targeting research institutes in South Korea as part of a spear-phishing campaign with the ultimate goal of distributing backdoors on compromised systems. “The threat actor ultimately uses a backdoor to steal information and execute commands,” the AhnLab Security Emergency Response Center (ASEC) said in an analysis posted last

Read More
New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands

New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands

A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS. Of the 14 flaws – collectively called 5Ghoul (a combination of “5G” and “Ghoul”) – 10 affect 5G

Read More
Researchers Unmask Sandman APT’s Hidden Link to China-Based KEYPLUG Backdoor

Researchers Unmask Sandman APT’s Hidden Link to China-Based KEYPLUG Backdoor

Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that’s known to use a backdoor known as KEYPLUG. The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligence team based on the fact that the adversary’s Lua-based malware LuaDream and KEYPLUG have been

Read More
Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans

Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans

The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts. Cisco Talos is tracking the activity under the name Operation Blacksmith, noting the use of three DLang-based

Read More