Most Dangerous APT Hacker Group’s Deadly Cyber Attacks of the Year 2019-2020 – Complete Collection

The APT advanced persistent threat is known for launching sophisticated attacks to steal sensitive, financial information and stay undetected within the infrastructure. In this article, we see a list of APT attacks in 2019.

These hacker groups primarily target enterprises regardless of the Industry, their targets include government, defense, financial services, legal services, industrial, telecoms, consumer goods and many more.

The APT group includes experienced cybercriminals who can bypass security provisions and cause damage and disruption as possible. These APT groups have a specific target they spend time to detect them and they exploit them to gain access.

Most of the APT groups use custom malware to fly under the radar. The APT attack classified into different phases including Planning the attack, mapping company data, avoiding detection and compromising network.

Dangerous APT Hacker Group Attacks 2019

January

1Jan/16Latest Target Attack of DarkHydruns Group Against Middle East
2Jan/17Malware Used by “Rocke” Group Evolves to Evade Detection by Cloud Security Products
3Jan/18DarkHydrus delivers new Trojan that can use Google Drive for C2 communications
4Jan/24GandCrab and Ursnif Campaign
5Jan/30Targeted Campaign delivers Orcus Remote Access Trojan
6Jan/30Double Life of SectorA05 Nesting in Agora
7Jan/30Chafer used Remexi malware to spy on Iran-based foreign diplomatic entities

February

1Feb/01Tracking OceanLotus’ new Downloader, KerrDown
2Feb/05Analyzing Digital Quartermasters in Asia – Do Chinese and Indian APTs Have a Shared Supply Chain
3Feb/06APT10 Targeted Norwegian MSP and US Companies in Sustained Campaign
4Feb/14Suspected Molerats’ New Attack in the Middle East
5Feb/18APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations
6Feb/20IT IS IDENTIFIED ATTACKS OF THE CIBERCRIMINAL LAZARUS GROUP DIRECTED TO ORGANIZATIONS IN RUSSIA
7Feb/25Defeating Compiler Level Obfuscations Used in APT10 Malware
8Feb/26The Arsenal Behind the Australian Parliament Hack
9Feb/27A Peek into BRONZE UNION’s Toolbox

March

1Mar/04APT40: Examining a China-Nexus Espionage Actor 
2Mar/06Whitefly: Espionage Group has Singapore in Its Sights
3Mar/06Targeted attack using Taidoor Analysis report 
4Mar/06Operation Pistacchietto
5Mar/07New SLUB Backdoor Uses GitHub, Communicates via Slack
6Mar/08Supply Chain – The Major Target of Cyberespionage Groups 
7Mar/11Gaming industry still in the scope of attackers in Asia
8Mar/12Operation Comando: How to Run a Cheap and Effective Credit Card Business
9Mar/13Operation Sheep: Pilfer-Analytics SDK in Action 
10Mar/13‘DMSniff’ POS Malware Actively Leveraged to Target Small-, Medium-Sized Businesses
11Mar/13GlitchPOS: New PoS malware for sale
12Mar/13LUCKY ELEPHANT CAMPAIGN MASQUERADING
13Mar/22Operation ShadowHammer 
14Mar/25Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
15Mar/27Threat Actor Group using UAC Bypass Module to run BAT File 
16Mar/28Above Us Only Stars: Exposing GPS Spoofing in Russia and Syria
17Mar/28Desktop, Mobile Phishing Campaign Targets South Korean Websites, Steals Credentials Via Watering Hole

April

1Apr/02 OceanLotus Steganography
2Apr/10Gaza Cybergang Group1, operation SneakyPastes
3Apr/10Project TajMahal – a sophisticated new APT framework
4Apr/10The Muddy Waters of APT Attacks
5Apr/17DNS Hijacking Abuses Trust In Core Internet Service
6Apr/17Aggah Campaign: Bit.ly, BlogSpot, and Pastebin Used for C2 in Large Scale Campaign
7Apr/19“Funky malware format” found in Ocean Lotus sample
8Apr/22FINTEAM: Trojanized TeamViewer Against Government Targets 
9Apr/23Operation ShadowHammer: a high-profile supply chain attack
10Apr/24legit remote admin tools turn into threat actors’ tools
11Apr/30SectorB06 using Mongolian language in lure document

May

1May/03Who’s who in the Zoo Cyberespionage operation targets Android users in the Middle East
2May/07Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak
3May/07Turla LightNeuron: An email too far 
4May/07ATMitch: New Evidence Spotted In The Wild
5May/08OceanLotus’ Attacks to Indochinese Peninsula: Evolution of Targets, Techniques and Procedure 
6May/08FIN7.5: the infamous cybercrime rig “FIN7” continues its activities
7May/09Iranian Nation-State APT Groups – “Black Box” Leak
8May/11Chinese Actor APT target Ministry of Justice Vietnamese
9May/13ScarCruft continues to evolve, introduces Bluetooth harvester 
10May/15Winnti: More than just Windows and Gates
11May/18Operation_BlackLion
12May/19HiddenWasp Malware Stings Targeted Linux Systems
13May/22A journey to Zebrocy land
14May/24UNCOVERING NEW ACTIVITY BY APT10
15May/27APT-C-38
16May/28Emissary Panda Attacks Middle East Government Sharepoint Servers
17May/29TA505 is Expanding its Operations
18May/29A dive into Turla PowerShell usage
19May/3010 years of virtual dynamite: A high-level retrospective of ATM malware

June

1June/03Zebrocy’s Multilanguage Malware Salad 
2June/04An APT Blueprint: Gaining New Visibility into Financial Threats
3June/05Scattered Canary The Evolution and Inner Workings of a West African Cybercriminal Startup Turned BEC Enterprise
4June/10MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools
5June/11The Discovery of Fishwrap: A New Social Media Information Operation Methodology
6June/12Threat Group Cards: A Threat Actor Encyclopedia
7June/20New Approaches Utilized by OceanLotus to Target An Environmental Group in Vietnam
8June/21Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments
9June/25OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS
10June/25Analysis of MuddyC3, a New Weapon Used by MuddyWater
11June/26Iranian Threat Actor Amasses Large Cyber Operations Infrastructure Network to Target Saudi Organizations

July

1Jul/01Threat Spotlight: Ratsnif – New Network Vermin from OceanLotus
2Jul/03Operation Tripoli
3Jul/04Multiple Chinese Threat Groups Exploiting CVE-2018-0798 Equation Editor Vulnerability Since Late 2018
4Jul/04Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi
5Jul/09Twas the night before
6Jul/11Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques
7Jul/15Buhtrap group uses zero‑day in latest espionage campaigns
8Jul/16SWEED: Exposing years of Agent Tesla campaigns
9Jul/17SLUB Gets Rid of GitHub, Intensifies Slack Use
10Jul/18EvilGnome: Rare Malware Spying on Linux Desktop Users 
11Jul/18OKRUM AND KETRICAN: AN OVERVIEW OF RECENT KE3CHANG GROUP ACTIVITY 
12Jul/18Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C
13Jul/20Hard Pass: Declining APT34’s Invite to Join Their Professional Network 
14Jul/24Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia
15Jul/24Attacking the Heart of the German Industry

August

1Aug/01Analysis of the Attack of Mobile Devices by OceanLotus
2Aug/05Sharpening the Machete
3Aug/05Latest Trickbot Campaign Delivered via Highly Obfuscated JS File
4Aug/07APT41: A Dual Espionage and Cyber Crime Operation
5Aug/08Suspected BITTER APT Continues Targeting Government of China and Chinese Organizations 
6Aug/12Recent Cloud Atlas activity
7Aug/14In the Balkans, businesses are under fire from a double‑barreled weapon 
8Aug/20Malware analysis about unknown Chinese APT campaign
9Aug/21Silence 2.0
10Aug/21The Gamaredon Group: A TTP Profile Analysis 
11Aug/26APT-C-09 Reappeared as Conflict Intensified Between India and Pakistan
12Aug/27TA505 At It Again: Variety is the Spice of ServHelper and FlawedAmmyy 
13Aug/27China Chopper still active 9 years later
14Aug/27LYCEUM Takes Center Stage in Middle East Campaign
15Aug/27Malware analysis about sample of APT Patchwork 
16Aug/29SectorJ04 Group’s Increased Activity in 2019 
17Aug/29More_eggs, Anyone? Threat Actor ITG08 Strikes Again
18Aug/29Tick Tock – Activities of the Tick Cyber Espionage Group in East Asia Over the Last 10 Years
19Aug/30‘Heatstroke’ Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information
20Aug/31Malware analysis on Bitter APT campaign

September

1Sep/04Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions
2Sep/05UPSynergy: Chinese-American Spy vs. Spy Story 
3Sep/06BITTER APT: Not So Sweet
4Sep/09Thrip: Ambitious Attacks Against High Level Targets Continue
5Sep/11RANCOR APT: Suspected targeted attacks against South East Asia
6Sep/15The Kittens Are Back in Town Charming Kitten Campaign Against Academic Researchers
7Sep/18Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks
8Sep/24Mapping the connections inside Russia’s APT Ecosystem
9Sep/24How Tortoiseshell created a fake veteran hiring website to host malware
10Sep/24DeadlyKiss APT
11Sep/26Chinese APT Hackers Attack Windows Users via FakeNarrator Malware to Implant PcShare Backdoor 
12Sep/30HELO Winnti: Attack or Scan? 

October

1Oct/01New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign
2Oct/01New Adwind Campaign targets US Petroleum Industry 
3Oct/03PKPLUG: Chinese Cyber Espionage Group Attacking Asia 
4Oct/04GEOST BOTNET. THE STORY OF THE DISCOVERY OF A NEW ANDROID BANKING TROJAN FROM AN OPSEC ERROR
5Oct/07China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations
6Oct/07The Kittens Are Back in Town 2 – Charming Kitten Campaign Keeps Going on, Using New Impersonation Methods
7Oct/07Supply chain attacks: threats targeting service providers and design offices
8Oct/10Attor, a spy platform with curious GSM fingerprinting
9Oct/10CONNECTING THE DOTS Exposing the arsenal and methods of the Winnti Group
10Oct/10Mahalo FIN7: Responding to the Criminal Operators’ New Tools and Techniques
11Oct/14HUGE FAN OF YOUR WORK: TURBINE PANDA 
12Oct/14From tweet to rootkit 
13Oct/15LOWKEY: Hunting for the Missing Volume Serial ID
14Oct/17Operation Ghost: The Dukes aren’t back – they never left
15Oct/21Winnti Group’s skip‑2.0: A Microsoft SQL Server backdoor
16Oct/31MESSAGETAP: Who’s Reading Your Text Messages? 

November

1Nov/01Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium 
2Nov/04Higaisa APT
3Nov/05THE LAZARUS’ GAZE TO THE WORLD: WHAT IS BEHIND THE FIRST STONE ? 
4Nov/08Titanium: the Platinum group strikes again
5Nov/13More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
6Nov/20Mac Backdoor Linked to Lazarus Targets Korean Users
7Nov/20Golden Eagle (APT-C-34)
8Nov/25Studying Donot Team
9Nov/26Insights from one year of tracking a polymorphic threat: Dexphot 
10Nov/28RevengeHotels: cybercrime targeting hotel front desks worldwide
11Nov/29Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK 

December

1Dec/03Threat Actor Targeting Hong Kong Pro-Democracy Figures
2Dec/04Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
3Dec/04New Destructive Wiper “ZeroCleare” Targets Energy Sector in the Middle East
4Dec/11Waterbear is Back, Uses API Hooking to Evade Security Product Detection
5Dec/12Operation Gamework: Infrastructure Overlaps Found Between BlueAlpha and Iranian APTs 
6Dec/12GALLIUM: Targeting global telecom
7Dec/12Drilling Deep: A Look at Cyberattacks on the Oil and Gas Industry

2020 Attack list So Far

January

1 Jan/01 [WeiXin] Pakistan Sidewinder APT Attack 
2Jan/06 First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT
3 Jan/07Destructive Attack: DUSTMAN 
4 Jan/07Iranian Cyber Response to Death of IRGC Head Would Likely Use Reported TTPs and Previous Access
5 Jan/08Operation AppleJeus Sequel 
6 Jan/09The State of Threats to Electric Entities in North America 
7 Jan/13APT27 ZxShell RootKit module updates
8 Jan/13 Reviving MuddyC3 Used by MuddyWater (IRAN) APT
9 Jan/16 JhoneRAT: Cloud based python RAT targeting Middle Eastern countries
10 Jan/31 Winnti Group targeting universities in Hong Kong 

February

1Feb/03 Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations
2Feb/10  Outlaw Updates Kit to Kill Older Miner Versions, Targets More Systems 

Listed are the most dangerous APT attacks of the year 2019-2020, we keep the list updated with the new attacks reported.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Also Read: State-Sponsored APT Hackers From China, North Korea, Iran Focusing to Develop Android & iOS Mobile Malware

2 COMMENTS

Leave a Reply