Updated on 2022-12-28 Kaspersky has an analysis of recent MOTW bypass techniques used by the BlueNoroff North Korean APT in attacks since this September. This includes hiding malware inside ISO or VHD files and the use of Batch scripts and various LOLbins. Overview The financially motivated BlueNoroff group was found using a new malware strain …
Updated on 2022-12-16 QiAnXin reported on recent SideWinder APT spear-phishing operations Updated on July 2022: Sidewinder compromises Pakistani Air Force On a similar note, Check Point said it had “evidence suggesting that Pakistan Air Force’s Headquarters was a victim of a successful attack conducted by Sidewinder, a suspected India-based APT group.” The compromise allegedly took …
Updated on 2022-12-15: Operation LiberalFace ESET has a report on a campaign launched by MirrorFace, a suspected Chinese APT, that targeted Japanese political entities a few weeks before the House of Councillors elections. Read more: Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities Overview The MirrorFace hacking group was found targeting Japanese politicians for weeks …
Updated on 2022-12-12: MuddyWater APT Deep Instinct researchers have a report out on a recent spear-phishing campaign carried out by the MuddyWater Iranian APT. This particular campaign was of note because of two things. First, the group used compromised corporate accounts to send out emails to their targets. Second, the final payload was Syncro, a …
Updated on 2022-12-07: Fantasy Wiper Used in Attacks Against Diamond Industry and Others While researchers at ESET were analyzing a supply chain attack affecting Israeli software developer, they detected a wiper being used by the Agrius APT group. The wiper, Fantasy, and its execution tool, known as Sandals, were used after Agrius gained access to …
Updated on 2022-12-07: Callisto APT PwC’s threat intelligence team published a report last week on the spear-phishing operations carried out by Blue Callisto, a Russian cyber-espionage group, throughout 2022. PwC said the campaign focused on obtaining credentials from US and European government officials and organizations linked to national security matters. In addition, since Russia’s invasion …
Updated on 2022-12-07 Bitdefender says they’ve seen the BackdoorDiplomacy Chinese APT group targeting entities in the Middle East. The attacks, which started in August 2021, exploited the ProxyShell vulnerability to compromise Exchange servers with the IRAFAU and Quarian backdoors and various open-source proxy and remote access tools. Read more: BackdoorDiplomacy Wields New Tools in Fresh …
Updated on 2022-11-29 Chinese security firm QiAnXin has published a report on the Lyceum APT, reviewing recent spear-phishing and malware delivery TTPs, most of which have used military-themed lures for distribution. Read more: 瞄准能源企业:Lyceum组织以军事热点事件为诱饵针对中东地区的定向攻击 Overview ClearSky said it discovered new malware associated with the Iranian SiameseKitten (Lyceum) group. The malware is dropped by a PDF …
Updated on 2022-12-29 The Log4Shell vulnerability remains a big threat to organizations even after a year since it received security patches. It is found that around 40% of software continues to use vulnerable versions of Apache Log4j. Read more: Lessons Learned: The Log4J Vulnerability 12 Months On Updated on 2022-12-12: Log4Shell one-year anniversary Happy birthday …
Updated on 2022-11-21: China-backed hackers targeted certificate authority Chinese government-backed hackers have been caught targeting an unnamed authority, per Symantec. The threat group it calls Billbug also targeted government defense agencies, a satellite communications operator, and three different telecom companies. Read more: Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries State-sponsored …
Updated on 2022-12-06 Microsoft warned against Russian cyberattacks targeting NATO allies and Ukrainian infrastructure throughout the winter, especially by the Sandworm APT gang. Read more: Microsoft warns of Russian cyberattacks throughout the winter Russia has intensified its hybrid war against Ukraine – targeting civilians. Here’s what we anticipate Russia’s cyber and influence operations might look …
Updated on 2022-11-11 Avast researchers have published their own analysis on the tools used by Worok, a relatively new APT first documented in an ESET report this September, linked to attacks that targeted energy companies in Central Asia and public sector entities in Southeast Asia. Read more: PNG Steganography Hides Backdoor Worok: The big picture …
The French government has exhibited a rare showing of truthfulness and clarity and has admitted in a national security planning document published this week that cyber deterence doesn’t work and government officials should plan accordingly. “There is no way to envisage a cyber shield that would thwart any cyber-attack on France, but strengthening its level …
Although APT groups use zero-day vulnerabilities as part of their attack kill-chains, in its yearly Digital Defense Report last week, Microsoft said it spotted Chinese threat actors using an increased number of zero-days over the past year. Microsoft believes this sudden spike in zero-day exploits from Chinese threat actors comes as a direct result of …
Updated on 2022-11-04: OPERA1ER group hits African banks for $30 million Over the past decade, banks have not escaped the rising tide of ever-increasing sophisticated cyberattacks, and many of them have been hacked and lost billions of US dollars in serious intrusions, with the most famous threat actors that pulled off successful bank heists including …
