Safeguard
Tag

apt

Safeguard articles tagged "apt" — guides, analysis, and best practices for software supply chain and application security.

24 articles

Threat Intelligence

RansomHub Ransomware and EDR Bypass (2024)

RansomHub absorbed affiliates displaced by BlackCat and ran one of the most prolific extortion operations of 2024. Here is what made its tradecraft effective and how to counter it.

Feb 2, 20267 min read
Threat Intelligence

Salt Typhoon Telecom Supply Chain Campaign 2024

Salt Typhoon's 2024 intrusions into U.S. telecoms reframed supply chain risk as a routing and lawful-intercept problem. Here is what the campaign looked like from a defender's seat.

Feb 2, 20267 min read
Threat Intelligence

Scattered Spider: Identity as Supply Chain 2024-25

Scattered Spider showed that help-desk processes, SaaS federation, and MSPs are the new software supply chain. Here is how to think about it and what to actually change.

Jan 30, 20267 min read
Threat Intelligence

Clop/Cl0p Supply Chain Exploitation Patterns

Clop has industrialized third-party file-transfer exploitation. Here is how the group operates, what it keeps repeating, and how defenders can stop repeating their own mistakes.

Jan 23, 20266 min read
Vulnerability Analysis

CVE analysis: nation-state supply chain attacks on defens...

CVE analysis of nation-state supply chain attacks on defense contractors: SolarWinds SUNBURST and Ivanti Connect Secure exploitation, CVSS, KEV, and fixes.

Dec 26, 20258 min read
Infrastructure Security

Debian Repository Security: A Practical Hardening Guide

Debian APT is powerful but riddled with trust assumptions. Here is how to lock it down for production environments.

Oct 12, 20226 min read
Nation-State Threats

News Corp Breach: Chinese Espionage Targeted Journalists for Two Years

A China-linked espionage operation infiltrated News Corp's systems for nearly two years, targeting journalists covering topics sensitive to Beijing — a stark example of state-sponsored cyber espionage against the press.

Feb 4, 20225 min read
Data Breach

Red Cross Data Breach: Attackers Targeted the World's Most Vulnerable People

A sophisticated cyberattack on the International Committee of the Red Cross compromised personal data of over 515,000 highly vulnerable people, including victims of conflict, missing persons, and detained individuals.

Jan 20, 20226 min read
Data Breach

Panasonic Data Breach: Four Months of Undetected Network Access

Panasonic disclosed a data breach in November 2021, revealing that attackers had maintained access to its network for over four months before detection — highlighting the persistent challenge of dwell time.

Nov 26, 20215 min read
Zero-Day Exploits

Zoho ManageEngine CVE-2021-44077: When IT Management Tools Get Owned

APT actors exploited CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus to breach critical infrastructure. An unauthenticated RCE in the software that manages your IT.

Nov 20, 20216 min read
Zero-Day Exploits

Pulse Secure VPN Zero-Day CVE-2021-22893: When Your Security Gateway Becomes the Backdoor

Chinese APT groups exploited CVE-2021-22893 in Pulse Secure VPN to breach defense contractors and government agencies. The irony of a security product being the entry point.

Jun 15, 20216 min read
Incident Analysis

ASUS Live Update and ShadowHammer: The Backdoor

Operation ShadowHammer pushed a signed backdoor to roughly half a million ASUS laptops, targeting a list of 600 specific MAC addresses.

Mar 28, 20197 min read
apt (Page 2) — Safeguard Blog