CIRCLE WITH A DOT

UAT-10027 targeting U.S. healthcare & education with:• “Dohdoor” DoH-based backdoor• Cloud-masked C2 via encrypted DNS• Cobalt Strike beaconsPossible DPRK nexus (low confidence).Full analysis:https://www.technadu.com/uat-10027-leverages-dohdoor-backdoor-and-cobalt-strike-against-us-education-and-healthcare/621270/#InfoSec #APT #HealthcareSecurity #ThreatIntel

The XZ supply chain attack episode from @veritasiumThis episode discusses the history, sequence of events and an explanation of the attack along with some speculation as to the threat actor involved.https://youtu.be/aoag03mSuXQ [52' 59"]#XZ #SupplyChainAttack #InfoSec #APT

@milagemayvary I haven't rebooted yet, so the big test is yet to come, but there were no serious errors during the upgrade, just a few config file merge conflicts. A couple of minor things did seem to break - the input remapper daemon I use got reset or something, so I had to try to remember which trackball key did what to open its control applet and reload its config, and the console is full of `audit` lines, one about every second or two, so I'll have to figure out why that's so verbose.Rebooting will be the test...

New indicators for: Cobalt Strike (+1), Arkei Stealer (+1), XRed (+1), SpyNote (+1), RedLine Stealer (+1), Hajime (+4) and VShell (+3). https://vuldb.com/?actor #apt #cti #ioc

CRESCENTHARVEST malware targets Iran protest supporters in new cyberespionage campaign.Acronis analysis: Hybrid RAT + infostealer via DLL sideloading. Targets browser creds & Telegram sessions.https://www.technadu.com/hackers-target-iran-protest-supporters-with-new-malware-in-new-cyberespionage-campaign/620485/#Infosec #APT #Malware #ThreatIntel

#China-linked #APT weaponized #Dell #RecoverPoint zero-day since 2024https://securityaffairs.com/188176/apt/china-linked-apt-weaponized-dell-recoverpoint-zero-day-since-2024.html#securityaffairs #hacking