Skip to content
The Nexus
DossierENTITY

Symantec

Coverage of Symantec in the Nexus archive.

Earliest in view: Apr 22 · 15:28 UTCMost recent: Jun 25 · 08:54 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 25 · 08:54 UTCTHE HACKER NEWS
    New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns

    A new backdoor named Mistic (MLTBackdoor) has been used in financially motivated attacks targeting organizations in insurance, education, IT, and professional services since April 2026. Symantec and Carbon Black's Threat Hunter Team linked it to an initial access broker named KongTuke and campaigns called ClickFix and ModeloRAT.

  • SECURITYJun 18 · 13:30 UTCTHE HACKER NEWS
    DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 Traffic

    Threat actors linked to DragonForce ransomware used Backdoor.Turn, a custom Go-based remote access trojan, to conceal command-and-control traffic via Microsoft Teams relay infrastructure. The malware was deployed against a major U.S. services firm, according to Symantec and Carbon Black.

  • SECURITYJun 4 · 09:33 UTCTHE HACKER NEWS
    Hackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five Months

    Hackers accessed a senior executive's Outlook mailbox at a major global stock exchange for five months, using Dropbox and OneDrive to exfiltrate inbox data in small batches. Symantec and Carbon Black's Threat Hunter Team identified the campaign as espionage-related, not financially motivated.

  • SECURITYMay 26 · 15:48 UTCTHE HACKER NEWS
    MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries

    The Iranian hacking group MuddyWater has been linked to a cyber espionage campaign targeting nine organizations across nine countries in Q1 2026. The campaign used DLL side-loading to compromise industrial, electronics manufacturing, education, public-sector, financial services, and professional services sectors, according to the Threat Hunter Team from Symantec and Carbon Black.

  • SECURITYMay 20 · 12:51 UTCTHE HACKER NEWS
    Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

    Webworm, a China-aligned threat actor, has deployed custom backdoors using Discord and Microsoft Graph API for command-and-control communications, targeting government agencies since at least 2022. The group was first publicly documented by Symantec in September 2022. Webworm's activity has been flagged by cybersecurity researchers in 2025.

  • SECURITYMay 18 · 06:46 UTCTHE HACKER NEWS
    Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations

    The Lua-based fast16 malware was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations, corrupting uranium-compression simulations central to nuclear weapon design. This pre-Stuxnet tool was engineered by unknown actors. The discovery was made by Symantec and Carbon Black teams.

  • SECURITYApr 22 · 15:28 UTCTHE HACKER NEWS
    Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

    The threat actor Harvester has deployed a Linux version of its GoGra backdoor in South Asia, utilizing the Microsoft Graph API and Outlook mailboxes as a covert command-and-control channel to bypass network defenses. Symantec and Carbon Black Threat Hunter attribute the attacks to this group.

Symantec · Dossier · The Nexus