APT Archives

Threat Intelligence

Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)

November 8, 2018

Volexity Threat Research

If your organization is running an Internet-facing version of ColdFusion, you may want to take a close look at your server. Volexity recently observed active exploitation of a newly patched […]

Threat Intelligence

Patchwork APT Group Targets US Think Tanks

June 7, 2018

Matthew Meltzer, Sean Koessel, and Steven Adair

In March and April 2018, Volexity identified multiple spear phishing campaigns attributed to Patchwork, an Indian APT group also known as Dropping Elephant. This increase in threat activity was consistent […]

Threat Intelligence

OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society

November 6, 2017

Dave Lassalle, Sean Koessel, and Steven Adair

In May 2017, Volexity identified and started tracking a very sophisticated and extremely widespread mass digital surveillance and attack campaign targeting several Asian nations, the ASEAN organization, and hundreds of […]

Threat Intelligence

Real News, Fake Flash: Mac OS X Users Targeted

July 24, 2017

Volexity

Volexity recently identified a breach to the website of a well regarded media outlet in the country of Georgia. As part of this breach, the media organization’s website was being […]

Threat Intelligence

PowerDuke: Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs

November 9, 2016

Steven Adair

In the wake of the 2016 United States Presidential Election, not even six hours after Donald Trump became the nation’s President-Elect, an advanced persistent threat (APT) group launched a series […]

Threat Intelligence

Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence

October 7, 2015

Volexity

In the world of information security, there is never a dull moment. Part of the fun of working in this space is that you always get to see attackers do […]

Threat Intelligence

APT Group Wekby Leveraging Adobe Flash Exploit (CVE-2015-5119)

July 8, 2015

Volexity

As if the recent breach and subsequent public data dump involving the Italian company Hacking Team wasn’t bad enough, it all gets just a little bit worse. Emerging from the […]

Threat Intelligence

Afghan Government Compromise: Browser Beware

June 12, 2015

Volexity

Visiting a wide-ranging number of websites associated with the Government of Afghanistan may yield visitors an unwanted surprise. For the second time this year, malicious code has surfaced on, cdn.afghanistan.af, […]

Threat Intelligence

Drupal Vulnerability: Mass Scans & Targeted Exploitation

October 16, 2014

Volexity

Yesterday (October 15, 2014), a critical SQL injection vulnerability in version 7 of the popular open source content management system (CMS) Drupal was disclosed by Stefan Horst and detailed in […]

Threat Intelligence

Democracy in Hong Kong Under Attack

October 9, 2014

Volexity

Over the last few months, Volexity has been tracking a particularly remarkable advanced persistent threat (APT) operation involving strategic web compromises of websites in Hong Kong and Japan. In both […]