#apt
13 articles
This archive collects 14 articles tagged apt published between April 13, 2026 and April 26, 2026, giving security teams a focused view of how this topic has appeared across ZCyberNews coverage. Observed actor references include GopherWhisper, CyberAv3ngers, and Sapphire Sleet, presented only where the underlying article metadata supports the attribution. The affected-scope signals emphasize government, cryptocurrency, and energy across Japan, Mongolia, and Asia, helping readers compare exposure patterns without adding claims beyond the archive data. Severity coverage includes 14 high reports.
HIGHSilver Fox APT Spoofs Japanese Tax Emails in Targeted Campaign
ESET details Silver Fox APT targeting Japanese firms with tax-themed phishing emails delivering malware via weaponized Excel attachments during tax season.
HIGHGopherWhisper APT Targets Mongolian Government in Espionage Campaign
ESET discovered China-aligned APT GopherWhisper targeting Mongolian government institutions with custom Go-based malware, leveraging legitimate services for C2.
HIGHTropic Trooper APT Hijacks Home Routers to Target Japanese Networks
Chinese state-sponsored Tropic Trooper is compromising home routers as proxy footholds to infiltrate Japanese organizations, shifting to novel TTPs and victim sectors.
HIGHUnit 42 Tracks TGR-STA-1030 Activity in Central and South America
Palo Alto Unit 42 reports TGR-STA-1030 remains active in Central and South America, targeting government and energy sectors with custom malware and living-off-the-land techniques.
HIGHChina-Linked GopherWhisper Hits 12 Mongolian Gov Systems
ESET identified GopherWhisper, a China-aligned APT, breaching 12 Mongolian government systems with Go-based backdoors, injectors, and loaders since early 2026.
HIGHGopherWhisper APT Uses Go Tools, Legit Services in Gov Attacks
GopherWhisper, a new state-backed APT, targets government entities with a Go-based toolkit abusing Outlook, Slack, and Discord for C2.
HIGHLotus Wiper Targets Venezuelan Energy Sector Before US Intervention
Lotus Wiper malware targeted Venezuela's state-owned energy firm PDVSA, destroying data by overwriting drives and deleting files before a US-led intervention in March 2026.
HIGHSideWinder APT Deploys Fake Chrome PDF Viewer and Zimbra Clone to Steal
SideWinder APT targets South Asian government bodies with a phishing campaign using a fake Chrome PDF viewer and a cloned Zimbra login portal to steal webmail credentials, active since February 2026.
HIGHNorth Korean Operatives Use AI and Fake Identities to Infiltrate Companies via
North Korean operatives are using AI tools and forged documents to pass remote job interviews, according to Flare research. The tactic aims to place threat actors inside target companies for long-term espionage and network access.
HIGHUNC1069 Targets Crypto Professionals with Fake Zoom and Teams Meetings
North Korean threat actor UNC1069 lures Web3 professionals with fake Zoom and Microsoft Teams meetings to deploy malware that steals cryptocurrency, according to new research.
HIGHUAC-0247 Threat Actor Deploys Data-Stealing Malware Against Ukrainian Targets
The Ukrainian CERT-UA attributes a new campaign to threat actor UAC-0247, which uses phishing lures to deploy malware that steals data from Chromium browsers and WhatsApp on government and healthcare systems.
HIGHSapphire Sleet Targets macOS Users with Fake Zoom SDK Update
North Korean threat actor Sapphire Sleet is distributing a new macOS malware via a fake Zoom SDK installer, stealing passwords, crypto wallets, and personal data through a multi-stage social engineering campaign.
HIGHIranian CyberAv3ngers Escalate Attacks on US Water, Industrial Infrastructure
The Iran-backed threat actor CyberAv3ngers, linked to the IRGC, has evolved from hacktivism to conducting disruptive cyber operations against US water utilities and programmable logic controllers (PLCs).
Stay Updated
Get the latest cybersecurity news delivered to your inbox.