APT Archives

Threat Intelligence

Storm Cloud Unleashed: Tibetan Focus of Highly Targeted Fake Flash Campaign

March 31, 2020

Volexity Threat Research

Beginning in May 2019, Volexity started tracking a new series of strategic web compromises that have been used in highly targeted attacks against Tibetan individuals and organizations by a Chinese […]

Threat Intelligence

Microsoft Exchange Control Panel (ECP) Vulnerability CVE-2020-0688 Exploited

March 6, 2020

Volexity Threat Research

On February 11, 2020, as part of Patch Tuesday, Microsoft released cumulative updates and a service pack that addressed a remote code execution vulnerability found in Microsoft Exchange 2010, 2013, […]

Threat Intelligence

Vulnerable Private Networks: Corporate VPNs Exploited in the Wild

September 11, 2019

Sean Koessel and Steven Adair

The details of multiple, critical Pulse Secure SSL VPN vulnerabilities are well known; they were disclosed in detail by two security researchers as part of a talk at Black Hat […]

Threat Intelligence

Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)

November 8, 2018

Volexity Threat Research

If your organization is running an Internet-facing version of ColdFusion, you may want to take a close look at your server. Volexity recently observed active exploitation of a newly patched […]

Threat Intelligence

Patchwork APT Group Targets US Think Tanks

June 7, 2018

Matthew Meltzer, Sean Koessel, and Steven Adair

In March and April 2018, Volexity identified multiple spear phishing campaigns attributed to Patchwork, an Indian APT group also known as Dropping Elephant. This increase in threat activity was consistent […]

Threat Intelligence

OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society

November 6, 2017

Dave Lassalle, Sean Koessel, and Steven Adair

In May 2017, Volexity identified and started tracking a very sophisticated and extremely widespread mass digital surveillance and attack campaign targeting several Asian nations, the ASEAN organization, and hundreds of […]

Threat Intelligence

Real News, Fake Flash: Mac OS X Users Targeted

July 24, 2017

Volexity

Volexity recently identified a breach to the website of a well regarded media outlet in the country of Georgia. As part of this breach, the media organization’s website was being […]

Threat Intelligence

PowerDuke: Widespread Post-Election Spear Phishing Campaigns Targeting Think Tanks and NGOs

November 9, 2016

Steven Adair

In the wake of the 2016 United States Presidential Election, not even six hours after Donald Trump became the nation’s President-Elect, an advanced persistent threat (APT) group launched a series […]

Threat Intelligence

Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence

October 7, 2015

Volexity

In the world of information security, there is never a dull moment. Part of the fun of working in this space is that you always get to see attackers do […]

Threat Intelligence

APT Group Wekby Leveraging Adobe Flash Exploit (CVE-2015-5119)

July 8, 2015

Volexity

As if the recent breach and subsequent public data dump involving the Italian company Hacking Team wasn’t bad enough, it all gets just a little bit worse. Emerging from the […]