One Article Review
| Source |  SecurityWeek |
|---|---|
| Identifiant | 535286 |
| Date de publication | 2018-03-22 15:30:01 (vue: 2018-03-22 15:30:01) |
| Titre | Iran-linked Hackers Adopt New Data Exfiltration Methods (Recyclage) |
| Texte | An Iran-linked cyber-espionage group has been using new malware and data exfiltration techniques in recent attacks, security firm Nyotron has discovered. The threat actor, known as OilRig, has been active since 2015, mainly targeting United States and Middle Eastern organizations in the financial and government industries. The group has been already observed using multiple tools and adopting new exploits fast, as well as switching to new Trojans in |
| Notes | |
| Envoyé | Oui |
| Condensat | 2018 addresses adopt apple april bank bay breach check ciso conference cyber data exfiltration exposed forum hackers half hsts ics images industry iran linked links malware methods moon new news oct register says security singapore sponsored tags: tracking usa user webkitfrost |
| Tags | Guideline |
| Stories | APT 34 |
| Move | 
|
Les reprises de l'article (1):
| Source | SecurityWeek |
|---|---|
| Identifiant | 533576 |
| Date de publication | 2018-03-21 16:02:05 (vue: 2018-03-21 16:02:05) |
| Titre | Android Trojan Leverages Telegram for Data Exfiltration (Recyclage) |
| Texte | A newly discovered Android Trojan is abusing Telegram's Bot API to communicate with the command and control (C&C) server and to exfiltrate data, Palo Alto Networks security researchers warn. Dubbed TeleRAT, the malware appears to be originating from and/or to be targeting individuals in Iran. The threat is similar to the previously observed IRRAT Trojan, which uses Telegram's bot API for C&C communication only. Still active in the wild, IRRAT masquerades as applications supposedly informing users on the number of views their Telegram profile received (something that Telegram doesn't actually allow for). After the app's first launch, the malware creates and populates a series of files on the phone's SD card, which it then sends to an upload server. The files contain contact information, a list of Google accounts registered on the phone, SMS history, a picture taken with the front-facing camera, and a picture taken with back-facing camera. The malicious app reports to a Telegram bot, hides its icon from the phone's app menu, and continues to run in the background, waiting for commands. TeleRAT, on the other hand, creates two files on the device, one containing various device information (including system bootloader version number, available memory, and number of processor cores), and another containing a Telegram channel and a list of commands, Palo Alto Net |
| Notes | |
| Envoyé | Oui |
| Condensat | 2018 android bay ciso conference cyber data exfiltration forum half ics industry leverages links malware mobile moon news oct register security sponsored tags: telegram trojan usa |
| Tags | Guideline |
| Stories | |
| Move |
|
L'article ne semble pas avoir été repris sur un précédent.