Incident_Response

APT37, also known as Reaper, Group123, Ricochet Chollima, StarCruft, and Scarcruft, is a cyber espionage group that

Introduction APT36, also known as Earth Karkaddan, is a cyber-espionage group that has been active since at least 2016. The group is believed to be based in Pakistan and has…

APT35, also known as Phosphorus, Charming Kitten, and Ajax Security Team, is an Iranian threat actor that has been active since at least 2014. The group has targeted organisations across…

Introduction In a recent blog post by VulnCheck, a vulnerability in MikroTik RouterOS was discussed in detail. The vulnerability, identified as CVE-2023-30799, affects MikroTik RouterOS up until version 6.49.8 (July…

The cybersecurity landscape is a complex and ever-evolving space, with Advanced Persistent Threat (APT) actors and ransomware attackers continuously developing their skills and learning from their mistakes and peers. As…

APT34, also known as OilRig, is a suspected Iranian cyber espionage threat group that has been operational since at least 2014. The group is believed to work on behalf of…

APT32, also known as OceanLotus Group, is a Vietnam-based threat group that has been active since at least 2014. This group is known for its sophisticated attacks on several private…

On July 24, 2023, the Norwegian government announced that its ICT platform, used by 12 of its ministries, had been compromised in a cyberattack. The attack was carried out by…

APT28, also known as Fancy Bear, Pawn Storm, Strontium, Sofacy, Sednit, and Tsar Team, is a highly sophisticated threat actor that has been active since at least 2007. This group…

The UK Further and Higher Education sectors are increasingly becoming targets for cyber-attacks. These attacks range from opportunistic ransomware operations to more sophisticated Advanced Persistent Threat (APT) groups. This report…