What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-10-15 14:00:00 | COVID-19 Attacks – Defending Your Organization (lien direct) | Overview The Coronavirus 2019 (COVID-19) global pandemic has caused widespread fear of the unknown and deadly aspects of this novel virus, generated growth in certain industries to combat it, and created a shift toward remote work environments to slow the spread of the disease. Defending Your Organization Against COVID-19 Cyber Attacks. In this webinar, AJ, and I describe COVID-19 attacks in January through March, the groups behind them, and key MITRE ATT&CK techniques being employed. We then discuss ways an organization can keep themselves safe from these types of attacks. Pandemic Background COVID-19 is a pandemic viral respiratory disease, originally identified in Wuhan, China in December 2019. At the time of the webinar, it had infected around 1.5 million people worldwide. Within the first month, cyber actors capitalized on the opportunity. COVID Attack Timeline December 2019 - January 2020 At the end of December 2019, China alerted the World Health Organization (WHO) that there was an outbreak in Wuhan, China. Within a month, the first cyber events were being recorded. Around January 31, 2020, malicious emails (T1566.001) using the Emotet malware (S0367) and a phishing campaign (T1566.001) using LokiBot (S0447) were tied to TA542 alias Mummy Spider. Emotet, in particular, was prolific. It originally started as a banking Trojan, then evolved into a delivery mechanism for an initial payload that infected systems to download additional malware families such as TrickBot (S0266). Around this same time, there was a marked increase in the registration of domain names with COVID-19 naming conventions, a key indicator of an uptick in phishing campaigns. February 2020 In early February, the progression of adversaries using uncertainty about and thirst for information regarding the COVID-19 pandemic became apparent. New malware variants and malware families were reported employing coronavirus related content, including NanoCore RAT (S0336) and Parallax RAT, a newer remote-access Trojan, to infect unsuspecting users. Throughout February, cybercrime actors launched several phishing campaigns (T1566.001) to deliver information stealer AZORult (S0344). With worldwide government health agencies giving advice on cyber and physical health, threat actors aligned with nation-states such as Russia (Hades APT), China (Mustang Panda), and North Korea (Kimsuky - G0094) used this messaging to lure individuals to download and/or execute malicious files disguised as legitimate documents. These state-sponsored groups used convincing lures to impersonate organizations such as the United Nations (UN), the World Health Organization (WHO), and various public health government agencies to achieve short- and long-term national objectives. March 2020 In March, we observed a flurry of nation-state and cybercrime attributed malicious activity seeking to exploit the COVID-19 pandemic. Cybercrime actors distributed a range of malware families, including NanoCore (S0336), | Ransomware Spam Malware Threat | APT 36 | ★★★ |
 |
2020-08-26 18:30:00 | \'Transparent Tribe\' APT Group Deploys New Android Spyware for Cyber Espionage (lien direct) | The group, which has been around since at least 2013, has impacted thousands of organizations, mostly in India. | APT 36 | ||
 |
2020-08-26 10:00:44 | Transparent Tribe: Evolution analysis,part 2 (lien direct) | In the second article, we describe a new Android implant used by Transparent Tribe for spying on mobile devices and present new evidence confirms a link between ObliqueRAT and Transparent Tribe. | APT 36 | ||
 |
2020-08-24 06:51:36 | Transparent Tribe APT hit 1000+ victims in 27 countries in the last 12 months (lien direct) | The Transparent Tribe cyber-espionage group continues to improve its arsenal while targets Military and Government entities. The Transparent Tribe APT group is carrying out an ongoing cyberespionage campaign aimed at military and diplomatic targets worldwide. The group upgraded its Crimson RAT by adding a management console and implementing a USB worming capability that allows it […] | APT 36 | ||
 |
2020-08-20 12:03:21 | Transparent Tribe APT targets government, military by infecting USB devices (lien direct) | The hacking group is focused on campaigns in India and Afghanistan. | APT 36 | ||
|
2020-08-20 10:00:13 | Transparent Tribe: Evolution analysis, part 1 (lien direct) | Transparent Tribe, also known as PROJECTM and MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. | APT 36 | ||
 |
2020-03-23 16:44:58 | A week in security (March 16 – 22) (lien direct) |
A roundup of the previous week's most notable security stories and events, including COVID-19-themed threats, child identity theft, and securely working from home.
Categories:
A week in security
Tags: APT36awiscovid-19emotetfake newsmoney muleMonitorMinorphishing scamromance scamshadow IoTSlackstalkerwaretrickbotweek in securityweekly blog roundupWHOWorld Health Organization
(Read more...)
|
APT 36 | ||
 |
2020-03-18 10:48:32 | (Déjà vu) Crimson RAT spread via Coronavirus Phishing (lien direct) | A state-sponsored threat actor is attempting to deploy the Crimson Remote Administration Tool (RAT) onto the systems of targets via a spear-phishing campaign using Coronavirus-themed document baits disguised as health advisories. This nation-backed cyber-espionage is suspected to be Pakistan-based and it is currently tracked under multiple names including APT36, Transparent Tribe, ProjectM, Mythic Leopard, and […] | Tool Threat | APT 36 | ★★ |
|
2020-03-16 15:00:00 | APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT (lien direct) |
We look at a spear phishing attack from APT36, an Advanced Persistent Threat group posing as the government of India and offering guidance on coronavirus. Instead, users are infected with a Crimson RAT that steals data.
Categories:
Threat analysis
Tags: APTAPT36coronaviruscoronavirus malwarecovid-19credential stealercrimson ratexploitexploitsinfo-stealermacromalicious macromalwarenation-state attackratremote administration toolSocial Engineeringspear phishingspear phishing attacktransparent tribe
(Read more...)
|
Threat | APT 36 | |
|
2020-03-03 18:48:42 | The North Korean Kimsuky APT threatens South Korea evolving its TTPs (lien direct) | Cybaze-Yoroi ZLab analyzed a new implant employed by a North Korea-linked APT group, tracked as Kimsuky, in attacks on South Korea. Introduction Recently we have observed a significant increase in state-sponsored operations carried out by threat actors worldwide. APT34, Gamaredon, and Transparent Tribe are a few samples of the recently uncovered campaigns, the latter was spotted after four […] | Threat | APT 34 APT 36 | |
|
2020-02-21 13:48:11 | Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later (lien direct) | Exclusive: Pakistan and India to armaments. Researchers from Cybaze-Yoroi ZLab gathered intelligence on the return of Operation Transparent Tribe is back 4 years later Introduction The Operation Transparent Tribe was first spotted by Proofpoint Researchers in Feb 2016, in a series of espionages operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. […] | APT 36 | ||
|
2018-07-06 15:00:00 | Can we trust our online project management tools? (lien direct) |
Online project management tools can be not only useful, but a lifeline for developers and PMs who juggle multiple tasks with competing deadlines. How can we use them in a secure way?
Categories:
Business
Security world
Tags: breachcloudmanagementonline project managementPieter ArntzPMssecurity
(Read more...)
|
APT 36 | ||
 |
2016-04-18 14:07:50 | “Operation C-Major” Actors Also Used Android, BlackBerry Mobile Spyware Against Targets (lien direct) | Last March, we reported on Operation C-Major, an active information theft campaign that was able to steal sensitive information from high profile targets in India. The campaign was able to steal large amounts of data despite using relatively simple malware because it used clever social engineering tactics against its targets. In this post, we will focus on the mobile part of their operation and discuss in detail several Android and BlackBerry apps they are using. Based on our investigation, the actors behind Operation C-Major were able to keep their Android malware on Google Play for months and they advertised their apps on Facebook pages which have thousands of likes from high profile targets.Post from: Trendlabs Security Intelligence Blog - by Trend Micro“Operation C-Major” Actors Also Used Android, BlackBerry Mobile Spyware Against Targets | APT 36 |
To see everything:
Our RSS (filtrered)
