Category: Advanced Persistent Threat (APT)
Advanced Persistent Threat (APT)
-
Global Alert: React2Shell (CVE-2025-55182) Exploitation Escalated
On 16 December 2025, after several days its public disclosure, the critical React2Shell vulnerability (CVE-2025-55182) continues to be widely exploited worldwide, with both the breadth of compromised systems and the number of threat actors involved rising sharply. Researchers have tracked at least 30 confirmed organizational breaches attributed to this flaw and estimate that tens of
-
React2Shell Vulnerability (CVE-2025-55182) Widely Exploited
React2Shell is a critical unauthenticated remote code execution vulnerability tracked as CVE-2025-55182 in React Server Components and related frameworks like Next.js. The flaw arises because unsafe de-serialization in the internal Flight protocol allows attackers, without logging in or valid credentials, to send a specially crafted HTTP request that gets executed on the server. This gives
-
Lazarus Group
The Lazarus Group is a notorious, North Korea linked hacking organization often described as an advanced persistent threat (APT38) group that has been active since at least 2009. Believed to be run or heavily sponsored by the North Korean government, Lazarus has been implicated in a wide array of high-profile cyber operations ranging from cyber
-
US Department of the Treasury (USDT) breached through BeyondTrust remote support platform
On December 8, 2024, the Department of the Treasury (USDT) detected a cybersecurity breach involving BeyondTrust, a third-party remote support platform. Chinese state-sponsored threat actors exploited this platform to access several Treasury employee workstations and unclassified documents.BeyondTrust, a privileged access management company, offers a Remote Support SaaS platform for remote computer access. The attackers utilized
-
List of Advanced Persistent Threats (APTs)
See more details on:
-
APT27
APT27, also known as Advanced Persistent Threat 27, is a Chinese cyber espionage group known for conducting sophisticated cyberattacks primarily targeting organizations for intelligence gathering. The group, which is also referred to as Emissary Panda, LuckyMouse, and Bronze Union, has been active since at least 2010 and is believed to be associated with the Chinese
-
APT29
APT29, also known as Advanced Persistent Threat 29, is a cyber espionage group believed to be associated with the Russian government, specifically Russia’s Foreign Intelligence Service (SVR). The group is also known by various other names, including Cozy Bear, The Dukes, and Office Monkeys. Here are detailed aspects of APT29: APT29 represents a significant threat
-
APT31
APT31, also known as Zirconium or Judgment Panda, is a sophisticated cyber espionage group believed to be associated with the Chinese government. The group has been active since at least 2013 and is known for conducting targeted cyber espionage campaigns against a variety of sectors, including government, technology, defense, healthcare, and finance, primarily to gather
-
APT28
APT28, also known as Fancy Bear, Sofacy Group, Sednit, and Pawn Storm, is a highly sophisticated and prolific cyber espionage group believed to be associated with the Russian government. It has been active since at least 2007 and is notorious for conducting long-term, targeted attacks against a wide range of government, military, security, and diplomatic
-
Advanced Persistent Threat (APT)
An Advanced Persistent Threat (APT) is a sophisticated and stealthy cyber attack in which an unauthorized user gains access to a network and remains undetected for an extended period. APTs are typically orchestrated by skilled and well-funded adversaries, such as states or state-sponsored groups, organized crime groups, or advanced hacking collectives, with the intent of