Security Affairs
U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

APT6 compromised the US government networks for years

The federal bureau of investigation issued an alert related the APT6 state-sponsored hacking group that has compromised the US Government networks for years. The FBI revealed that “a group of malicious cyber actors have compromised and stolen sensitive information from various government and commercial networks” since at least 2011. The alert was published online by AlenVault […]

Threat actors breached the Argentina’s airport security police (PSA) payroll

The federal bureau of investigation issued an alert related the APT6 state-sponsored hacking group that has compromised the US Government networks for years.

The FBI revealed that “a group of malicious cyber actors have compromised and stolen sensitive information from various government and commercial networks” since at least 2011.

The alert was published online by AlenVault on the Open Threat Exchange platform.

“The FBI has obtained and validated information regarding a group of malicious cyber actors who have compromised and stolen sensitive information from various government and commercial networks. This group utilized the domains listed herein in furtherance of computer network exploitation (CNE) activities in the United States and abroad since at least 2011. Research and analysis indicate that these domains were associated with the command and control (C2) of customized malicious software. Furthermore, these domains have also been used to host malicious files – often through embedded links in spear phish emails. Any activity related to these domains detected on a network should be considered an indication of a compromise requiring mitigation and contact with law enforcement.” states the FBI CYWATCH A-000067-DM.

APT6 hackers

The nature of the attacks, the usage of custom-made hacking tools, and the targets of the threat actors suggests it is a group of state-sponsored hackers.

The alert includes a list of 59 Indicators of Compromise, it is a collection of websites used by hackers as command and control servers to carry spear phishing campaigns on target organizations. The domains used by the hackers were dismissed in late December 2015. The IoCs provided by the Feds could allow private actors to monitor their networks searching for the presence of the threat.

The group, identified as APT6 compromised the US government infrastructure for years exfiltrating sensitive data.

It wasn’t the first time that US Government networks are breached by foreign hackers, last year a group of nation-state attackers, likely Chinese hackers, breached the systems of the Office of Personnel Management.

The problem is there is no certainty that the US Government completely blocked these hackers, in fact some experts speculate they might still be within Government networks.

Lorenzo Bicchierai from Motherboard reached Kurt Baumgartner, a researcher at the Russian security firm Kaspersky Lab, for a comment on the APT6.

“This is one of the earlier APTs, they definitely go back further than 2011 or whatever—more like 2008 I believe,” said Baumgartner.

Baumgartner hasn’t provided information regarding the origin of the threat, anyway experts believe that China and Russia have the necessary cyber capabilities to infiltrate the government networks.

Be Careful, APT6 is in the wild so report any suspicious activity linked to the IoCs included in the alert.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – APT6 , state-sponsored hackers)