Afghan resettlement
-
China-linked APT used DNS poisoning to deliver MgBot backdoor, Kaspersky says
Kaspersky linked a China-aligned APT known as Evasive Panda to a campaign from November 2022 to November 2024 that used DNS poisoning to deliver an MgBot backdoor to targets in Türkiye, China and India, employing staged loaders, custom encryption and host-specific payloads.
-
MuddyWater using UDP-based backdoor ‘UDPGangster’ in Turkey, Israel and Azerbaijan campaigns
Fortinet FortiGuard Labs says MuddyWater has been using a UDP-based backdoor named UDPGangster to target users in Turkey, Israel and Azerbaijan via spear-phishing Word documents that rely on macros; the backdoor includes persistence mechanisms and extensive anti-analysis checks before contacting a UDP command-and-control server.
-
Iran-linked MuddyWater group deploys MuddyViper backdoor against Israeli targets
Researchers say Iranian-linked MuddyWater has used a new MuddyViper backdoor, delivered via a Fooder loader, to target Israeli organisations across multiple sectors and to harvest credentials and browser data.
-
China-linked PlushDaemon hijacks software updates with new EdgeStepper implant, ESET says
ESET researchers say a China-linked group called PlushDaemon is hijacking software-update traffic using an EdgeStepper network implant that redirects update domains to attacker servers and delivers a chain of malware including LittleDaemon, DaemonicLogistics and the SlowStepper backdoor.
-
UK regulator declines formal probe into MoD Afghan data leak, commissioner tells MPs
The UK Information Commissioner told MPs his office decided not to open a formal investigation into a Ministry of Defence data breach that exposed details of Afghan resettlement applicants, citing concerns an inquiry might hinder the MoD’s response and noting resource limits for handling classified material.
