What's new arround internet
Last one

Src Date (GMT) Titre Description Tags Stories Notes
Mandiant.webp 2024-07-25 14:00:00 APT45: Machine militaire numérique de la Corée du Nord
APT45: North Korea\\'s Digital Military Machine (lien direct)		 Written by: Taylor Long, Jeff Johnson, Alice Revelli, Fred Plan, Michael Barnhart
  Executive Summary APT45 is a long-running, moderately sophisticated North Korean cyber operator that has carried out espionage campaigns as early as 2009. APT45 has gradually expanded into financially-motivated operations, and the group\'s suspected development and deployment of ransomware sets it apart from other North Korean operators.  APT45 and activity clusters suspected of being linked to the group are strongly associated with a distinct genealogy of malware families separate from peer North Korean operators like TEMP.Hermit and APT43.  Among the groups assessed to operate from the Democratic People\'s Republic of Korea (DPRK), APT45 has been the most frequently observed targeting critical infrastructure. Overview Mandiant assesses with high confidence that APT45 is a moderately sophisticated cyber operator that supports the interests of the DPRK. Since at least 2009, APT45 has carried out a range of cyber operations aligned with the shifting geopolitical interests of the North Korean state. Although the group\'s earliest observed activities consisted of espionage campaigns against government agencies and defense industries, APT45 has expanded its remit to financially-motivated operations, including targeting of the financial vertical; we also assess with moderate confidence that APT45 has engaged in the development of ransomware. Additionally, while multiple DPRK-nexus groups focused on healthcare and pharmaceuticals during the initial stages of the COVID-19 pandemic, APT45 has continued to target this vertical longer than other groups, suggesting an ongoing mandate to collect related information. Separately, the group has conducted operations against nuclear-related entities, underscoring its role in supporting DPRK priorities. apt45 logo Shifts in Targeting and Expanding Operations Similar to other cyber threat activity attributed to North Korea-nexus groups, shifts in APT45 operations have reflected the DPRK\'s changing priorities. Malware samples indicate the group was active as early as 2009, although an observed focus on government agencies and the defense industry was observed beginning in 2017. Identified activity in 2019 aligned with Pyongyang\'s continued interest in nuclear issues and energy. Although it is not clear if financially-motivated operations are a focus of APT45\'s current mandate, the group is distinct from other North Korean operators in its suspected interest in ransomware. Given available information, it is possible that APT45 is carrying out financially-motivated cybercrime not only in support of its own operations but to generate funds for other North Korean state priorities. Financial Sector Like other North Korea		 Ransomware Malware Tool Threat Medical APT 37 APT 43
itsecurityguru.webp 2020-11-17 11:19:05 COVID-19 vaccine research firms targeted by Russian and North Korean hackers (lien direct) Microsoft has recently alerted governments across the globe that the North Korean hacker groups Cerium and Zinc, as well as the Russian hacker group Strontium, have been targeting organisations involved in COVID-19 vaccine research using brute-force, credential stuffing and spear-phishing attacks. Tom Burt, Microsoft’s Corporate Vice President for Customer Security & Trust, said in a […] Medical APT 38 APT 28 APT 43
SecurityAffairs.webp 2020-11-13 17:18:12 Three APT groups have targeted at least seven COVID-19 vaccine makers (lien direct) At least the three nation-state actors have targeted seven COVID-19 vaccine makers, they are Strontium, Lazarus Group, and Cerium, Microsoft warns. Microsoft revealed that at least three APT groups have targeted seven companies involved in COVID-19 vaccines research and treatments. “In recent months, we've detected cyberattacks from three nation-state actors targeting seven prominent companies directly […] Medical APT 38 APT 28 APT 43
ZDNet.webp 2020-11-13 14:00:00 Microsoft says three APTs have targeted seven COVID-19 vaccine makers (lien direct) The three state-sponsored hacker groups (APTs) are Russia's Strontium (Fancy Bear) and North Korea's Zinc (Lazarus Group) and Cerium. Medical APT 38 APT 28 APT 43
Last update at: 2024-07-25 20:19:42
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter