The Iranian Cobalt Mirage threat group has been using the Drokbk malware in recent intrusions and employing GitHub repositories as dead drop resolvers.
A North Korean state-backed actor known for targeting South Korean victims recently used an Internet Explorer zero day (CVE-2022-41128).
The FBI, NSA and CISA are highlighting IoCs and TTPs used in an attack on a defense industrial base organization that leveraged compromised credentials, a custom data exfiltration tool and the Impacket open-source toolkit.
Researchers have discovered a new APT actor called Metador that has been targeting ISPs, telcos, and universities in the Middle East and Africa.
APT42 is creative in its social engineering efforts and steals credentials and MFA authentication codes in order to compromise targets and conduct espionage.