What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-02-01 03:15:16 | New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers (lien direct) | A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research.
Deployed by the China-based cybercrime group Rocke, the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors |
Malware Threat | APT 32 | |
 |
2021-01-31 11:27:14 | New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs (lien direct) | The Rocke group is using a new piece of cryptojacking malware dubbed Pro-Ocean to target Apache ActiveMQ, Oracle WebLogic, and Redis installs. The cybercrime group Rocke is using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable Apache ActiveMQ, Oracle WebLogic, and Redis intalls. The malware is an evolution of a Monero cryptocurrency […] | Malware | APT 32 | |
|
2021-01-29 14:49:07 | Microsoft: North Korea-linked Zinc APT targets security experts (lien direct) | Microsoft, like Google TAG, observed a cyber espionage campaign aimed at vulnerability researchers that attributed to North Korea-linked Zinc APT group. Researchers from Microsoft monitored a cyber espionage campaign aimed at vulnerability researchers and attributed the attacks to North Korea-linked Zinc APT group. “In recent months, Microsoft has detected cyberattacks targeting security researchers by an […] | Vulnerability Medical | APT 38 | |
 |
2021-01-29 14:06:49 | New Pro-Ocean malware worms through Apache, Oracle, Redis servers (lien direct) | The financially-motivated Rocke hackers are using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable instances of Apache ActiveMQ, Oracle WebLogic, and Redis. [...] | Malware | APT 32 | |
 |
2021-01-29 13:29:10 | Lazarus Affiliate \'ZINC\' Blamed for Campaign Against Security Researcher (lien direct) | New details emerge of how North Korean-linked APT won trust of experts and exploited Visual Studio to infect systems with 'Comebacker' malware. | APT 38 | ||
|
2021-01-28 20:06:57 | Rocke Group\'s Malware Now Has Worm Capabilities (lien direct) | The Pro-Ocean cryptojacking malware now comes with the ability to spread like a worm, as well as harboring new detection-evasion tactics. | Malware | APT 32 | |
|
2021-01-28 14:47:45 | Microsoft: DPRK hackers \'likely\' hit researchers with Chrome exploit (lien direct) | Today, Microsoft disclosed that they have also been monitoring the targeted attacks against vulnerability researchers for months and have attributed the attacks to a DPRK group named 'Zinc.' [...] | Vulnerability Medical | APT 38 | |
 |
2021-01-18 13:00:00 | The Autonomous Saildrone Surveyor Preps for Its Sea Voyage (lien direct) | The robo-vessel will map the ocean floor, and its solar-powered sensors will sample fish DNA and collect climate data. | APT 32 | ||
 |
2021-01-15 12:14:17 | Experts Insight On APT35 Recent Phishing Attacks (lien direct) | It has been reported that the Iranian group APT35 (also known as Charming Kitten or Phosphorus) executed sophisticated spear-phishing campaigns that involved not only email attacks but also SMS messages… The ISBuzz Post: This Post Experts Insight On APT35 Recent Phishing Attacks | Conference | APT 35 APT 35 | |
|
2021-01-12 16:00:00 | The Arctic Ocean Is Teeming With Microfibers From Clothes (lien direct) | Scientists find an average of 40 microplastic particles per cubic meter of the northern water. The likely source? The synthetic clothing in our washing machines. | APT 32 | ||
|
2021-01-11 13:00:00 | The Plan to Build a Global Network of Floating Power Stations (lien direct) | A lot of thermal energy is trapped in the ocean. An ex-NASA researcher has figured out how it might generate unlimited clean power for aquatic robots. | APT 32 | ||
 |
2021-01-08 20:19:37 | APT Horoscope (lien direct) | This delightful essay matches APT hacker groups up with astrological signs. This is me: Capricorn is renowned for its discipline, skilled navigation, and steadfastness. Just like Capricorn, Helix Kitten (also known as APT 35 or OilRig) is a skilled navigator of vast online networks, maneuvering deftly across an array of organizations, including those in aerospace, energy, finance, government, hospitality, and telecommunications. Steadfast in its work and objectives, Helix Kitten has a consistent track record of developing meticulous spear-phishing attacks... | Conference | APT 35 APT 35 APT 34 | |
|
2021-01-08 01:54:44 | ALERT: North Korean hackers targeting South Korea with RokRat Trojan (lien direct) | A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government.
Attributing the attack to APT37 (aka Starcruft, Ricochet Chollima, or Reaper), Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote access tool (RAT).
"The |
Tool Cloud | APT 37 | |
|
2021-01-07 18:24:41 | North Korea-linked APT37 targets South with RokRat Trojan (lien direct) | Experts spotted the RokRat Trojan being used by North Korea-linked threat actors in attacks aimed at the South Korean government. On December 7 2020 researchers from Malwarebytes uncovered a campaign targeting the South Korean government with a variant of the RokRat RAT. The experts found a malicious document uploaded to Virus Total related to a […] | Threat | APT 37 | |
 |
2021-01-06 15:14:45 | Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat (lien direct) |
A North Korean threat group has swapped the usual Hangul Office lures for a cleverly packed Office macro.
Categories: Social engineeringThreat analysis
Tags: APT37HangulkoreaOfficerokratVBA
(Read more...)
|
Threat Cloud | APT 37 | |
|
2021-01-05 11:55:57 | North Korean software supply chain attack targets stock investors (lien direct) | North Korean hacking group Thallium aka APT37 has been targeting a private stock investment messenger service in a supply chain attack, as reported this week. [...] | Cloud | APT 37 | |
|
2021-01-03 09:21:19 | (Déjà vu) COVID-19 themed attacks December 19, 2020– January 02, 2021 (lien direct) | This post includes the details of the COVID-19 themed attacks launched from December 19, 2020– January 02, 2021. 25 December, 2020 – North Korea-linked Lazarus APT targets the COVID-19 research The North Korea-linked Lazarus APT group has recently launched cyberattacks against at least two organizations involved in COVID19 research. 30 December, 2020 – US Treasury […] | APT 38 APT 28 | ||
|
2020-12-25 18:45:15 | (Déjà vu) North Korea-linked Lazarus APT targets the COVID-19 research (lien direct) | The North Korea-linked Lazarus APT group has recently launched cyberattacks against at least two organizations involved in COVID-19 research. The North Korea-linked APT group Lazarus has recently launched cyberattacks against two entities involved in COVID-19 research. The activity of the Lazarus APT group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. […] | Malware | APT 38 APT 28 | |
|
2020-12-24 12:00:11 | North Korean state hackers breach COVID-19 research entities (lien direct) | North Korean nation-state hackers tracked as the Lazarus Group have recently compromised organizations involved in COVID-19 research and vaccine development. [...] | Medical | APT 38 APT 28 | |
|
2020-12-23 23:24:40 | North Korean Hackers Trying to Steal COVID-19 Vaccine Research (lien direct) | Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts.
Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a government ministry in September and October leveraging different tools and techniques but exhibiting |
Threat Medical | APT 38 APT 28 | |
|
2020-12-23 19:02:30 | Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack (lien direct) | The nation-state actor is looking to speed up vaccine development efforts in North Korea. | APT 38 | ||
 |
2020-12-23 18:14:00 | Lazarus Attacks Vaccine Research (lien direct) | APT group Lazarus attacks two targets related to COVID-19 vaccine research | APT 38 APT 28 | ||
 |
2020-12-23 11:33:10 | Les recherches du vaccin contre la Covid-19 suscitent toujours autant d\'intérêt Kaspersky identifie deux nouveaux APT ciblant des établissements de recherche et institutions de régulation sanitaire (lien direct) | Au cours de l'automne 2020, les chercheurs de Kaspersky ont identifié deux nouveaux incidents APT visant des établissements de recherche du vaccin contre la Covid-19 - un organisme d'un Ministère de la Santé et une entreprise pharmaceutique. Les experts de Kaspersky ont évalué avec une grande confiance que ces activités peuvent être attribuées au tristement célèbre groupe Lazarus. Alors que la pandémie et les mesures pour ralentir la diffusion du virus se poursuivent dans le monde entier, de nombreux (...) - Malwares | APT 38 | ||
 |
2020-12-23 10:00:08 | Lazarus covets COVID-19-related intelligence (lien direct) | As the COVID-19 crisis grinds on, some threat actors are trying to speed up vaccine development by any means available. We have found evidence that actors, such as the Lazarus group, are going after intelligence that could help these efforts by attacking entities related to COVID-19 research. | Threat Medical | APT 38 APT 28 | |
|
2020-12-21 17:04:00 | The Oldest Crewed Deep Sea Submarine Just Got a Big Makeover (lien direct) | The 60-year-old sub is preparing to take its deepest plunge yet. But in the age of autonomous machines, why are humans exploring the ocean floor at all? | APT 32 | ||
|
2020-12-11 17:49:36 | Facebook links cyberespionage group APT32 to Vietnamese IT firm (lien direct) | Facebook has suspended some accounts linked to APT32 that were involved in cyber espionage campaigns to spread malware. Facebook has suspended several accounts linked to the APT32 cyberespionage that abused the platform to spread malware. Vietnam-linked APT group APT32, also known as OceanLotus and APT-C-00, carried out cyber espionage campaigns against Chinese entities to gather intelligence on […] | APT 32 | ||
|
2020-12-11 17:05:37 | Facebook Shutters Accounts Used in APT32 Cyberattacks (lien direct) | Facebook shut down accounts and Pages used by two separate threat groups to spread malware and conduct phishing attacks. | Malware Threat | APT 32 | |
|
2020-12-11 10:06:12 | Facebook unmasks Vietnam\'s APT32 hacking group (lien direct) | The Facebook security team has revealed today the real identity of APT32, a Vietnam-backed hacking group active in cyberespionage campaigns targeting foreign government, multi-national corporations, and journalists since at least 2014. [...] | APT 32 | ||
 |
2020-12-11 01:56:06 | Facebook doxes APT32, links Vietnam\'s primary hacking group to local IT firm (lien direct) | Facebook suspends accounts linked to APT32, says the group used its platform to spread malware. | APT 32 | ||
|
2020-12-10 23:42:22 | Facebook Tracks APT32 OceanLotus Hackers to IT Company in Vietnam (lien direct) | Cybersecurity researchers from Facebook today formally linked the activities of a Vietnamese threat actor to an IT company in the country after the group was caught abusing its platform to hack into people's accounts and distribute malware.
Tracked as APT32 (or Bismuth, OceanLotus, and Cobalt Kitty), the state-aligned operatives affiliated with the Vietnam government have been known for |
Hack Threat | APT 32 | |
|
2020-12-08 12:00:00 | Friends, Fleetwood Mac, and the Viral Comfort of Nostalgia (lien direct) | If there's one thing that brings people together now, it's old shows, old songs, and drinking Ocean Spray Cran-Raspberry juice to a 1977 hit. | APT 32 | ||
 |
2020-12-03 04:01:42 | How to Protect Your Business From Multi-Platform Malware Systems (lien direct) | The Lazarus Group (also known as Guardians of Peace or Whois) is a notorious cybercrime gang made up of unknown individuals. According to the United States Federal Bureau of Investigations, the group is a North Korean “state-sponsored hacking organization.” However, some believe that their connections to North Korea might be a false flag intending to […]… Read More | Malware Medical | APT 38 | |
|
2020-12-02 19:00:00 | The Journey of Electronic Bottles and the Ocean Plastic Crisis (lien direct) | Researchers loaded containers with trackers and released them in the Ganges and the Bay of Bengal, giving new insight into how plastic pollution travels. | APT 32 | ||
 |
2020-12-02 16:26:10 | Mac users warned of more Ocean Lotus malware targeted attacks (lien direct) | Security researchers have warned of the latest incarnation of a backdoor trojan horse that has been used in the past to target Mac users. If you're a Mac user, I really hope you're running anti-virus software. | Malware | APT 32 | |
|
2020-12-01 11:56:54 | Vietnam-linked Bismuth APT leverages coin miners to stay under the radar (lien direct) | Microsoft warns of Vietnam-linked Bismuth group that is deploying cryptocurrency miner while continues its cyberespionage campaigns Researchers from Microsoft reported that the Vietnam-linked Bismuth group, aka OceanLotus, Cobalt Kitty, or APT32, is deploying cryptocurrency miners while continues its cyberespionage campaigns. Cryptocurrency miners are typically associated with financially motivated attacks, but BISMUTH is attempting to take […] | APT 32 | ||
 |
2020-12-01 11:11:20 | MacOS users targeted with updated malware (lien direct) | A new form of malware has been discovered to be targeting Apple MacOS user, with researches saying that it is tied to a state-backed hacking operation. The malware campaign has been identified by cybersecurity analysts at Trend Micro, who have linked campaign back to the Vietnamese backed group OceanLotus, also known as APT32. OceanLotus has […] | Malware | APT 32 | |
|
2020-11-30 17:52:50 | MacOS Users Targeted By OceanLotus Backdoor (lien direct) | The new backdoor comes with multiple payloads and new detection evasion tactics. | APT 32 | ||
|
2020-11-18 09:09:22 | ESET Research décode les procédés du groupe Lazarus (lien direct) | Les chercheurs d'ESET ont récemment découvert des tentatives de déploiement du malware Lazarus via un la technique dite d'attaque de la chaîne d'approvisionnement (Supply chain attack) en Corée du Sud. Afin d'installer leur malware, les attaquants ont utilisé un mécanisme inhabituel, détournant un logiciel de sécurité sud-coréen légitime et des certificats volés à deux sociétés différentes. Dans ce contexte, l'attaque a été facilitée car les internautes sud-coréens sont souvent invités à installer des logiciels (...) - Malwares | Malware | APT 38 | |
|
2020-11-17 14:14:34 | (Déjà vu) Experts Reacted On Lazarus Malware Strikes South Korean Supply Chains (lien direct) | It has been reported that Lazarus malware has been tracked in new campaigns against South Korean supply chains, made possible through stolen security certificates. Today, cybersecurity researchers from ESET revealed the abuse of the… The ISBuzz Post: This Post Experts Reacted On Lazarus Malware Strikes South Korean Supply Chains | Malware | APT 38 | |
|
2020-11-17 14:10:55 | Hackers Pose As WHO Officials To Attack COVID-19 Vaccines (lien direct) | Pharmaceutical companies researching treatments and vaccines for COVID-19 are being actively targeted by prominent nation state-backed hackers from Russia and North Korea, according to IT Pro. Groups including Strontium, Zinc… The ISBuzz Post: This Post Hackers Pose As WHO Officials To Attack COVID-19 Vaccines | Medical | APT 38 APT 28 | |
|
2020-11-17 11:19:05 | COVID-19 vaccine research firms targeted by Russian and North Korean hackers (lien direct) | Microsoft has recently alerted governments across the globe that the North Korean hacker groups Cerium and Zinc, as well as the Russian hacker group Strontium, have been targeting organisations involved in COVID-19 vaccine research using brute-force, credential stuffing and spear-phishing attacks. Tom Burt, Microsoft’s Corporate Vice President for Customer Security & Trust, said in a […] | Medical | APT 38 APT 28 APT 43 | |
|
2020-11-16 18:23:36 | Hacked Security Software Used in Novel South Korean Supply-Chain Attack (lien direct) | Lazarus Group is believed to be behind a spate of attacks that leverage stolen digital certificates tied to browser software that secures communication with government and financial websites in South Korea. | Medical | APT 38 | |
|
2020-11-16 15:18:44 | Lazarus malware delivered to South Korean users via supply chain attacks (lien direct) | North Korea-linked Lazarus APT group is behind new campaigns against South Korean supply chains that leverage stolen security certificates. Security experts from ESET reported that North-Korea-linked Lazarus APT (aka HIDDEN COBRA) is behind cyber campaigns targeting South Korean supply chains. According to the experts the nation-state actors leverage stolen security certificates from two separate, legitimate South […] | Malware Medical | APT 38 | |
|
2020-11-16 12:34:50 | Lazarus Group Used Supply Chain Attack to Target South Korean Users with Malware (lien direct) | The Lazarus group leveraged a supply chain attack to target users located in South Korea with custom malware. On November 16, ESET disclosed that the Lazarus group conducted its supply chain attack by abusing WIZVERA VeraPort. This application helps users in South Korea manage the installation of additional computer security software when they visit a […]… Read More | Malware Medical | APT 38 | |
 |
2020-11-16 10:30:03 | Lazarus supply‑chain attack in South Korea (lien direct) | ESET researchers uncover a novel Lazarus supply-chain attack leveraging WIZVERA VeraPort software | APT 38 | ||
|
2020-11-16 10:30:03 | Lazarus malware strikes South Korean supply chains (lien direct) | The malware is passing security checks through the abuse of stolen software certificates. | Malware | APT 38 | |
|
2020-11-16 02:29:40 | Trojanized Security Software Hits South Korea Users in Supply-Chain Attack (lien direct) | Cybersecurity researchers took the wraps off a novel supply chain attack in South Korea that abuses legitimate security software and stolen digital certificates to distribute remote administration tools (RATs) on target systems.
Attributing the operation to the Lazarus Group, also known as Hidden Cobra, Slovak internet security company ESET said the state-sponsored threat actor leveraged the |
Threat Medical | APT 38 | |
|
2020-11-13 17:18:12 | Three APT groups have targeted at least seven COVID-19 vaccine makers (lien direct) | At least the three nation-state actors have targeted seven COVID-19 vaccine makers, they are Strontium, Lazarus Group, and Cerium, Microsoft warns. Microsoft revealed that at least three APT groups have targeted seven companies involved in COVID-19 vaccines research and treatments. “In recent months, we've detected cyberattacks from three nation-state actors targeting seven prominent companies directly […] | Medical | APT 38 APT 28 APT 43 | |
|
2020-11-13 14:00:00 | Microsoft says three APTs have targeted seven COVID-19 vaccine makers (lien direct) | The three state-sponsored hacker groups (APTs) are Russia's Strontium (Fancy Bear) and North Korea's Zinc (Lazarus Group) and Cerium. | Medical | APT 38 APT 28 APT 43 | |
 |
2020-11-12 05:52:48 | CRAT wants to plunder your endpoints (lien direct) | By Asheer Malhotra.
Cisco Talos has observed a new version of a remote access trojan (RAT) family known as CRAT.Apart from the prebuilt RAT capabilities, the malware can download and deploy additional malicious plugins on the infected endpoint.One of the plugins is a ransomware known as "Hansom."CRAT has been attributed to the Lazarus APT Group in the past.The RAT consists of multiple obfuscation techniques to hide strings, API names, command and control (C2) URLs and instrumental functions,...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Ransomware Malware | APT 38 |
To see everything:
Our RSS (filtrered)
