Updated on 2022-12-28 Kaspersky has an analysis of recent MOTW bypass techniques used by the BlueNoroff North Korean APT in attacks since this September. This includes hiding malware inside ISO or VHD files and the use of Batch scripts and various LOLbins. Overview The financially motivated BlueNoroff group was found using a new malware strain …
APT
Updated on 2022-12-16 QiAnXin reported on recent SideWinder APT spear-phishing operations Updated on July 2022: Sidewinder compromises Pakistani Air Force On a similar note, Check Point said it had “evidence suggesting that Pakistan Air Force’s Headquarters was a victim of a successful attack conducted by Sidewinder, a suspected India-based APT group.” The compromise allegedly took …
Updated on 2022-12-15: Operation LiberalFace ESET has a report on a campaign launched by MirrorFace, a suspected Chinese APT, that targeted Japanese political entities a few weeks before the House of Councillors elections. Read more: Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities Overview The MirrorFace hacking group was found targeting Japanese politicians for weeks …
Updated on 2022-12-12: MuddyWater APT Deep Instinct researchers have a report out on a recent spear-phishing campaign carried out by the MuddyWater Iranian APT. This particular campaign was of note because of two things. First, the group used compromised corporate accounts to send out emails to their targets. Second, the final payload was Syncro, a …
Updated on 2022-12-07: Fantasy Wiper Used in Attacks Against Diamond Industry and Others While researchers at ESET were analyzing a supply chain attack affecting Israeli software developer, they detected a wiper being used by the Agrius APT group. The wiper, Fantasy, and its execution tool, known as Sandals, were used after Agrius gained access to …
Updated on 2022-12-07: Callisto APT PwC’s threat intelligence team published a report last week on the spear-phishing operations carried out by Blue Callisto, a Russian cyber-espionage group, throughout 2022. PwC said the campaign focused on obtaining credentials from US and European government officials and organizations linked to national security matters. In addition, since Russia’s invasion …
Updated on 2022-12-29 The Log4Shell vulnerability remains a big threat to organizations even after a year since it received security patches. It is found that around 40% of software continues to use vulnerable versions of Apache Log4j. Read more: Lessons Learned: The Log4J Vulnerability 12 Months On Updated on 2022-12-12: Log4Shell one-year anniversary Happy birthday …
Updated on 2022-11-21: China-backed hackers targeted certificate authority Chinese government-backed hackers have been caught targeting an unnamed authority, per Symantec. The threat group it calls Billbug also targeted government defense agencies, a satellite communications operator, and three different telecom companies. Read more: Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries State-sponsored …
Updated on 2022-12-06 Microsoft warned against Russian cyberattacks targeting NATO allies and Ukrainian infrastructure throughout the winter, especially by the Sandworm APT gang. Read more: Microsoft warns of Russian cyberattacks throughout the winter Updated on 2022-11-30: Sandworm Threat Actors are Launching Ransomware Attacks Against Organizations in Ukraine Researchers from ESET say that the threat actor …
Updated on 2022-11-11 Avast researchers have published their own analysis on the tools used by Worok, a relatively new APT first documented in an ESET report this September, linked to attacks that targeted energy companies in Central Asia and public sector entities in Southeast Asia. Read more: PNG Steganography Hides Backdoor Worok: The big picture …
Although APT groups use zero-day vulnerabilities as part of their attack kill-chains, in its yearly Digital Defense Report last week, Microsoft said it spotted Chinese threat actors using an increased number of zero-days over the past year. Microsoft believes this sudden spike in zero-day exploits from Chinese threat actors comes as a direct result of …
Updated on 2022-12-29 The Kimsuky APT group is behind a phishing attack that targeted nearly 900 foreign policy experts from South Korea. The attack was intended to steal their personal information and later execute ransomware attacks. Read more: 기자·국회의원실등 사칭 전자우편 발송사건, 북 해킹조직 소행으로 확인 Updated on 2022-12-14: When Asking Nicely Is Easier Than …
Updated on 2022-12-08 Latest research by Blackberry revealed that the Chinese state-sponsored Mustang Panda group is leveraging Russia-Ukraine war-related lures to attack Asia Pacific and European entities. Read more: Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets Updated on 2022-12-07 BlackBerry’s security team has a breakdown of a recent Mustang …