APT Archives

Threat Intelligence

Storm Cloud on the Horizon: GIMMICK Malware Strikes at macOS

March 22, 2022

Damien Cash, Steven Adair, and Tom Lancaster

In late 2021, Volexity discovered an intrusion in an environment monitored as part of its Network Security Monitoring service. Volexity detected a system running frp, otherwise known as fast reverse […]

Threat Intelligence

Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra

February 3, 2022

Steven Adair and Tom Lancaster

[UPDATE] On February 4, 2022, Zimbra provided an update regarding this zero-day exploit vulnerability and reported that a hotfix for 8.8.15 P30 would be available on February 5, 2022. This vulnerability […]

Threat Intelligence

North Korean BLUELIGHT Special: InkySquid Deploys RokRAT

August 24, 2021

Damien Cash, Josh Grunzweig, Steven Adair, and Tom Lancaster

In a recent blog post, Volexity disclosed details on a portion of the operations by a North Korean threat actor it tracks as InkySquid. This threat actor compromised a news […]

Threat Intelligence

North Korean APT InkySquid Infects Victims Using Browser Exploits

August 17, 2021

Damien Cash, Josh Grunzweig, Matthew Meltzer, Steven Adair, and Tom Lancaster

Volexity recently investigated a strategic web compromise (SWC) of the website of the Daily NK (www.dailynk[.]com), a South Korean online newspaper that focuses on issues relating to North Korea. Malicious […]

Threat Intelligence

Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns

May 27, 2021

Damien Cash, Josh Grunzweig, Matthew Meltzer, Sean Koessel, Steven Adair, and Tom Lancaster

On May 25, 2021, Volexity identified a phishing campaign targeting multiple organizations based in the United States and Europe. The following industries have been observed being targeted thus far: NGOs […]

Threat Intelligence

Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities

March 2, 2021

Josh Grunzweig, Matthew Meltzer, Sean Koessel, Steven Adair, and Tom Lancaster

[UPDATE] March 8, 2021 – Since original publication of this blog, Volexity has now observed that cyber espionage operations using the SSRF vulnerability CVE-2021-26855 started occurring on January 3, 2021, three […]

Threat Intelligence

Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant

April 21, 2020

Andrew Case, Dave Lassalle, Matthew Meltzer, Sean Koessel, Steven Adair, and Tom Lancaster

In September 2019, Volexity published Digital Crackdown: Large-Scale Surveillance and Exploitation of Uyghurs, which described a series of attacks against Uyghurs from multiple Chinese APT actors. The most notable threat […]

Threat Intelligence

Storm Cloud Unleashed: Tibetan Focus of Highly Targeted Fake Flash Campaign

March 31, 2020

Volexity Threat Research

Beginning in May 2019, Volexity started tracking a new series of strategic web compromises that have been used in highly targeted attacks against Tibetan individuals and organizations by a Chinese […]

Threat Intelligence

Microsoft Exchange Control Panel (ECP) Vulnerability CVE-2020-0688 Exploited

March 6, 2020

Volexity Threat Research

On February 11, 2020, as part of Patch Tuesday, Microsoft released cumulative updates and a service pack that addressed a remote code execution vulnerability found in Microsoft Exchange 2010, 2013, […]

Threat Intelligence

Vulnerable Private Networks: Corporate VPNs Exploited in the Wild

September 11, 2019

Sean Koessel and Steven Adair

The details of multiple, critical Pulse Secure SSL VPN vulnerabilities are well known; they were disclosed in detail by two security researchers as part of a talk at Black Hat […]