apt
Safeguard articles tagged "apt" — guides, analysis, and best practices for software supply chain and application security.
24 articles
RansomHub Ransomware and EDR Bypass (2024)
RansomHub absorbed affiliates displaced by BlackCat and ran one of the most prolific extortion operations of 2024. Here is what made its tradecraft effective and how to counter it.
Salt Typhoon Telecom Supply Chain Campaign 2024
Salt Typhoon's 2024 intrusions into U.S. telecoms reframed supply chain risk as a routing and lawful-intercept problem. Here is what the campaign looked like from a defender's seat.
Scattered Spider: Identity as Supply Chain 2024-25
Scattered Spider showed that help-desk processes, SaaS federation, and MSPs are the new software supply chain. Here is how to think about it and what to actually change.
Clop/Cl0p Supply Chain Exploitation Patterns
Clop has industrialized third-party file-transfer exploitation. Here is how the group operates, what it keeps repeating, and how defenders can stop repeating their own mistakes.
CVE analysis: nation-state supply chain attacks on defens...
CVE analysis of nation-state supply chain attacks on defense contractors: SolarWinds SUNBURST and Ivanti Connect Secure exploitation, CVSS, KEV, and fixes.
Debian Repository Security: A Practical Hardening Guide
Debian APT is powerful but riddled with trust assumptions. Here is how to lock it down for production environments.
News Corp Breach: Chinese Espionage Targeted Journalists for Two Years
A China-linked espionage operation infiltrated News Corp's systems for nearly two years, targeting journalists covering topics sensitive to Beijing — a stark example of state-sponsored cyber espionage against the press.
Red Cross Data Breach: Attackers Targeted the World's Most Vulnerable People
A sophisticated cyberattack on the International Committee of the Red Cross compromised personal data of over 515,000 highly vulnerable people, including victims of conflict, missing persons, and detained individuals.
Panasonic Data Breach: Four Months of Undetected Network Access
Panasonic disclosed a data breach in November 2021, revealing that attackers had maintained access to its network for over four months before detection — highlighting the persistent challenge of dwell time.
Zoho ManageEngine CVE-2021-44077: When IT Management Tools Get Owned
APT actors exploited CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus to breach critical infrastructure. An unauthenticated RCE in the software that manages your IT.
Pulse Secure VPN Zero-Day CVE-2021-22893: When Your Security Gateway Becomes the Backdoor
Chinese APT groups exploited CVE-2021-22893 in Pulse Secure VPN to breach defense contractors and government agencies. The irony of a security product being the entry point.
ASUS Live Update and ShadowHammer: The Backdoor
Operation ShadowHammer pushed a signed backdoor to roughly half a million ASUS laptops, targeting a list of 600 specific MAC addresses.