One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 419823 |
| Date de publication | 2017-10-17 13:00:00 (vue: 2017-10-17 13:00:00) |
| Titre | Newly Discovered Iranian APT Group Brings State-sponsored Cyber Espionage into Focus |
| Texte | State-sponsored cyber espionage has been rising steadily in recent years. Whether it’s high-profile attacks such as North Korea’s hack of Sony in 2014, China’s alleged hack of the US’s Office of Personnel Management in 2015, or Russia’s alleged hack of the Democratic National Committee in 2016, the stories are mounting. Iran has also been in the cyber espionage news, with major suspected attacks ranging from the Las Vegas Sands attack in 2014 to the DDOS attack on numerous US banks in 2016. Beyond these high-profile attacks, there are also countless examples of low-profile attacks. While these attacks don’t make the major headlines, they may actually be more relevant to your organization. In this blog, we zero in on this lesser-publicized activity, focusing on a recently discovered Iranian hacker group, dubbed APT33, the tools they have developed, and how AlienVault can help you detect this activity in your environment. What is state-sponsored cyber espionage and what are the typical goals? First, a quick primer on state-sponsored cyber espionage. State-sponsored cyber espionage is the act of obtaining secrets and information from individuals, competitors, rivals, groups, governments, and enemies, without the permission and knowledge of the holder of the information, usually for economic, political, or military advantage. The goals of these state-sponsored groups or individuals range from basic theft or sabotage to collecting military and diplomatic information to enabling domestic organizations to compete on a global economic level. Why should you care? Should you be concerned about state-sponsored cyber hacks? In a word, yes. And, it’s really the low-profile attacks from state-sponsored hackers that should be most concerning. This is because the tools and methods that these hackers develop and utilize can be leveraged by other nefarious hackers against your organization. You need to be alerted to and protected against these tools. Who is APT33? This leads us to Iranian group Advanced Persistent Threat 33 (APT33), a group recently chronicled by security firm FireEye. FireEye assessed that APT33 works at the behest of the Iranian government, and they attribute to APT33 many breaches of Saudi Arabian, South Korean, and US organizations ranging from the aviation sector to the energy sector. The primary goals of APT33 appear to be to enhance Iran’s domestic aviation capabilities or to support Iran’s military decision making against Saudi Arabia. Notably, FireEye has found signs of APT33 activity in some of its own clients' networks, but suspects the APT33 intrusions have been on a wider scale. APT33 has unveiled new tools, including a new backdoor. APT33 has developed numerous tools, including a new backdoor called TURNEDUP. TURNEDUP is capable of uploading and downloading files, creating a reverse shell, taking screenshots, and gathering system information. FireEye found that APT33 has also leveraged Dropshot, a drop |
| Envoyé | Oui |
| Condensat | 000 2014 2015 2016 2017 about access act action actionable activity actors actually addition additionally advanced advantage against alerted alienvault alienvault® alleged also always amongst analyzes appear apt apt33 arabia arabian are assessed assesses assessment asset attack attacks attribute automatic automatically available aviation backdoor backdoors backed banks based basic because been behest best beyond blog both breaches brings but call called can capabilities capable care carrying china’s chronicled clients' collaborative collecting committee community compared compete competitors concerned concerning continuous contribute correlation countless covering creating custom cyber daily data ddos decision defense delivered delivering delivers demo democratic destroying destructive detect detection develop developed development diplomatic directly discovered discovery distinct documented domestic don’t downloading dropper dropping dropshot dubbed economic effort emerge enables enabling enemies energy enhance environment espionage essential even evolve examples exchange existing files finally fireeye firm first focus focusing form formats: found free from gathering get given global goals government governments group group’s groups guidance hack hacker hackers hacks has have head headlines help helps high holder how human ids incident including indicators individuals information infosec infrastructure intelligence interactive interestingly intrusion intrusions iran iran’s iranian it’s its join kaspersky knowledge known korea’s korean labs las latest launching leads learning lesser level leveraged leverages like log low machine major make making malware management management™ many march may methods military million more most mounting multiple national need needed nefarious networks new newly news north not notably numerous observed obtaining office one online open operationalizing operations organization organizations other otx out over own participate permission persistent personnel pieces platform political possible power powered primary primer product profile protected publicized publicly quick quickly range ranging ready really recent recently related released relevant remediation report research researching resources respond response reverse rising rivals rules russia’s sabotage sands saudi saving scale screenshots secrets sector security see shamoon shared shell should siem sign signatures signs similarity since some sony sourced sources south spent sponsored state steadily stonedrill stories such suggests support surfaced suspected suspects system taking team theft therefore these those threat threats through time today together tools truly turnedup typical unified unveiled updated updates uploading us’s use user users using usm usually utilize validation variant vegas vicious vulnerability well what whether which who why wider within without word works world’s would years you’re your zero |
| Tags | Guideline |
| Stories | APT33 APT 33 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.