What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-09 14:30:00 | Recherche Unarths Assaut multi-mineur de Rumbycarp \\ sur crypto Research Unearths RUBYCARP\\'s Multi-Miner Assault on Crypto (lien direct) |
Sysdig a déclaré qu'en déploiement de plusieurs mineurs, le groupe a diminué le temps d'attaque et le risque de détection
Sysdig stated that by deploying multiple miners, the group decreased attack time and detection risk |
APT 40 | ★★★ | |
 |
2024-02-14 22:14:54 | Microsoft, Openai: les États-nations armement l'IA dans les cyberattaques Microsoft, OpenAI: Nation-States Are Weaponizing AI in Cyberattacks (lien direct) |
Ce n'est plus théorique: les principaux pouvoirs du monde sont des modèles de grands langues pour améliorer leurs cyber-opérations offensives.
It\'s not theoretical anymore: the world\'s major powers are working with large language models to enhance their offensive cyber operations. |
APT 40 | ★★ | |
 |
2022-10-11 19:22:42 | Google Pixel 7 and Pixel 7 Pro: The next evolution in mobile security (lien direct) | Dave Kleidermacher, Jesse Seed, Brandon Barbello, Sherif Hanna, Eugene Liderman, Android, Pixel, and Silicon Security Teams Every day, billions of people around the world trust Google products to enrich their lives and provide helpful features – across mobile devices, smart home devices, health and fitness devices, and more. We keep more people safe online than anyone else in the world, with products that are secure by default, private by design and that put you in control. As our advancements in knowledge and computing grow to deliver more help across contexts, locations and languages, our unwavering commitment to protecting your information remains. That's why Pixel phones are designed from the ground up to help protect you and your sensitive data while keeping you in control. We're taking our industry-leading approach to security and privacy to the next level with Google Pixel 7 and Pixel 7 Pro, our most secure and private phones yet, which were recently recognized as the highest rated for security when tested among other smartphones by a third-party global research firm.1 Pixel phones also get better every few months with Feature Drops that provide the latest product updates, tips and tricks from Google. And Pixel 7 and Pixel 7 Pro users will receive at least five years of security updates2, so your Pixel gets even more secure over time. Your protection, built into PixelYour digital life and most sensitive information lives on your phone: financial information, passwords, personal data, photos – you name it. With Google Tensor G2 and our custom Titan M2 security chip, Pixel 7 and Pixel 7 Pro have multiple layers of hardware security to help keep you and your personal information safe. We take a comprehensive, end-to-end approach to security with verifiable protections at each layer - the network, application, operating system and multiple layers on the silicon itself. If you use Pixel for your business, this approach helps protect your company data, too.  Google Tensor G2 is Pixel's newest powerful processor custom built with Google AI, and makes Pixel 7 faster, more efficient and secure3. Every aspect of Tensor G2 was designed to improve Pixel's performance and efficiency for great battery life, amazing photos and videos. Tensor's built-in security core works with our Titan M2 security chip to keep your personal information, PINs and passwords safe. Titan family chips are also used to protect Google Cloud data centers and Chromebooks, so the same hardware that protects Google servers also secures your sensitive information stored on Pixel. And, in a first for Google, Titan M2 hardware has now been certified under Common Criteria PP0084: the international gold standard for hardware security components also used for identity, SIM cards, and bankcard security chips. |
Spam Malware Vulnerability Guideline Industrial | APT 40 | |
 |
2022-08-31 13:03:30 | China-linked APT40 used ScanBox Framework in a long-running espionage campaign (lien direct) | >Experts uncovered a cyber espionage campaign conducted by a China-linked APT group and aimed at several entities in the South China Sea. Proofpoint's Threat Research Team uncovered a cyber espionage campaign targeting entities across the world that was orchestrated by a China-linked threat actor. The campaign aimed at entities in Australia, Malaysia, and Europe, as […] | Threat | APT 40 | |
 |
2022-08-31 05:02:05 | China-linked APT40 gang targets wind farms, Australian government (lien direct) | ScanBox installed after victims lured to fake Murdoch news sites with phishing emails Researchers at security company Proofpoint and PricewaterhouseCoopers (PWC) said on Tuesday they had identified a cyber espionage campaign that delivers the ScanBox exploitation framework through a malicious fake Australian news site.… | APT 40 | ||
 |
2022-08-30 16:00:43 | Watering Hole Attacks Push ScanBox Keylogger (lien direct) | Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. | Industrial | APT 40 | |
 |
2022-06-30 13:49:56 | China lured graduate jobseekers into digital espionage (lien direct) | Student translators were targeted by front company for Beijing-backed hacking group APT40. | Industrial | APT 40 | |
 |
2021-07-23 22:03:21 | Episode 221: Biden Unmasked APT 40. But Does It Matter? (lien direct) | Andrew Sellers, the Chief Technology Officer at QOMPLX joins us to unpack the revelations this week about APT 40, the Chinese group that the US has accused of a string of attacks aimed at stealing sensitive trade secrets. Also: is Salesforce the next SolarWinds | Industrial | APT 40 | |
|
2021-07-21 17:31:16 | Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers Say (lien direct) | Researchers are skeptical that much will come from calling out China for the Microsoft Exchange attacks and APT40 activity, but the move marks an important foreign-policy change. | Industrial | APT 40 | |
 |
2021-07-20 15:00:00 | Anomali Cyber Watch: China Blamed for Microsoft Exchange Attacks, Israeli Cyber Surveillance Companies Help Oppressive Governments, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, APT, Espionage, Ransomware, Targeted Campaigns, DLL Side-Loading, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
UK and Allies Accuse China for a Pervasive Pattern of Hacking, Breaching Microsoft Exchange Servers
(published: July 19, 2021)
On July 19th, 2021, the US, the UK, and other global allies jointly accused China in a pattern of aggressive malicious cyber activity. First, they confirmed that Chinese state-backed actors (previously identified under the group name Hafnium) were responsible for gaining access to computer networks around the world via Microsoft Exchange servers. The attacks took place in early 2021, affecting over a quarter of a million servers worldwide. Additionally, APT31 (Judgement Panda) and APT40 (Kryptonite Panda) were attributed to Chinese Ministry of State Security (MSS), The US Department of Justice (DoJ) has indicted four APT40 members, and the Cybersecurity and Infrastructure Security Agency (CISA) shared indicators of compromise of the historic APT40 activity.
Analyst Comment: Network defense-in-depth and adherence to information security best practices can assist organizations in reducing the risk. Pay special attention to the patch and vulnerability management, protecting credentials, and continuing network hygiene and monitoring. When possible, enforce the principle of least privilege, use segmentation and strict access control measures for critical data. Organisations can use Anomali Match to perform real time forensic analysis for tracking such attacks.
MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 | [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Exploitation of Remote Services - T1210
Tags: Hafnium, Judgement Panda, APT31, TEMP.Jumper, APT40, Kryptonite Panda, Zirconium, Leviathan, TEMP.Periscope, Microsoft Exchange, CVE-2021-26857, CVE-2021-26855, CVE-2021-27065, CVE-2021-26858, Government, EU, UK, North America, China
NSO’s Spyware Sold to Authoritarian Regimes Used to Target Activists, Politicians and Journalists
(published: July 18, 2021)
Israeli surveillance company NSO Group supposedly sells spyware to vetted governments bodies to fight crime and terrorism. New research discovered NSO’s tools being used against non-criminal actors, pro-democracy activists and journalists investigating corruption, political opponents and government critics, diplomats, etc. In some cases, the timeline of this surveillance coincided with journalists' arrests and even murders. The main penetration tool used by NSO is malware Pegasus that targets both iPho |
Ransomware Malware Tool Vulnerability Threat Studies Guideline Industrial | APT 41 APT 40 APT 28 APT 31 | |
|
2021-07-19 20:36:16 | US DoJ indicts four members of China-linked APT40 cyberespionage group (lien direct) | US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. The U.S. Justice Department (DoJ) indicted four members of the China-linked cyber espionage group APT40 (aka TEMP.Periscope, TEMP.Jumper, and Leviathan) for hacking tens of government organizations, private businesses and universities around the world between 2011 and 2018. […] | Industrial | APT 40 | |
 |
2021-07-19 13:44:03 | U.S., Allies Officially Accuse China of Microsoft Exchange Attacks (lien direct) | U.S. Charges Four Alleged Members of Chinese Hacking Group APT40 The United States and its allies have officially attributed the Microsoft Exchange server attacks disclosed in early March to hackers affiliated with the Chinese government. | Industrial | APT 40 | |
 |
2021-07-19 10:44:21 | US indicts members of Chinese-backed hacking group APT40 (lien direct) | Today, the US Department of Justice (DOJ) indicted four members of the Chinese state-sponsored hacking group known as APT40 for hacking various companies, universities, and government entities in the US and worldwide between 2011 and 2018. [...] | Industrial | APT 40 | |
 |
2020-10-07 18:31:39 | Amazon Wants to \'Win at Games.\' So Why Hasn\'t It? (lien direct) | After brute-forcing its way to dominance in so many industries, the tech leviathan may finally have met its match. | Industrial | APT 40 | |
|
2020-10-04 09:35:41 | Security Affairs newsletter Round 284 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Apple addresses four vulnerabilities in macOS Google removes 17 Joker -infected apps from the Play Store Microsoft took down 18 Azure AD apps used by Chinese Gadolinium APT Mount Locker […] | Industrial | APT 40 | |
|
2020-09-27 09:28:15 | Microsoft took down 18 Azure AD apps used by Chinese Gadolinium APT (lien direct) | Microsoft removed 18 Azure Active Directory applications from its Azure portal that were created by a Chinese-linked APT group Gadolinium. Microsoft announced this week to have removed 18 Azure Active Directory applications from its Azure portal that were created by a China-linked cyber espionage group tracked as APT group Gadolinium (aka APT40, or Leviathan). The 18 […] | Industrial | APT 40 | |
 |
2020-09-24 21:09:50 | Microsoft removed 18 Azure AD apps used by Chinese state-sponsored hacker group (lien direct) | Azure AD apps were abused by the Gadolinium (APT40) group to attack Microsoft Azure customers. | Industrial | APT 40 | |
|
2020-02-10 08:28:13 | Malaysia\'s MyCERT warns cyber espionage campaign carried out by APT40 (lien direct) | Malaysia’s MyCERT issued a security alert to warn of a hacking campaign targeting government officials that was carried out by the China-linked APT40 group. Malaysia’s Computer Emergency Response Team (MyCERT) warns of a cyber espionage campaign carried out by the China-linked APT40 group aimed at Malaysian government officials. The attackers aimed at stealing confidential documents […] | Industrial | APT 40 | |
|
2020-02-07 01:25:41 | Malaysia warns of Chinese hacking campaign targeting government projects (lien direct) | MyCERT security alert points the finger at APT40, a Chinese state-sponsored hacking crew. | Industrial | APT 40 | |
 |
2020-01-20 16:32:45 | A week in security (January 13 – 19) (lien direct) |
Our weekly security roundup for January 13-19, with a look at elastic servers, data enrichment, rootkits, regulation for deepfakes, and more.
Categories:
A week in security
Tags: apt40Ciscocitrixdata enrichmentdeepfakeselastic serversemotetrootkittravelexweleakinfo
(Read more...)
|
Industrial | APT 40 | |
|
2020-01-13 17:01:05 | Report: Chinese hacking group APT40 hides behind network of front companies (lien direct) | A group of anonymous security analysts have tracked down 13 front companies operating in the island of Hainan through which they say the Chinese state has been recruiting hackers. | APT 40 | ★★★★ | |
|
2019-03-06 07:59:00 | APT40 cyberespionage group supporting growth of China\'s naval sector (lien direct) | A cyber-espionage group, tracked as APT40, apparently linked to the Chinese government is focused on targeting countries important to the country's Belt and Road Initiative. The cyber-espionage group tracked as APT40 (aka TEMP.Periscope, TEMP.Jumper, and Leviathan), apparently linked to the Chinese government, is focused on targeting countries important to the country's Belt and Road Initiative […] | Industrial | APT 40 | |
|
2019-03-05 13:19:03 | State-Sponsored Hackers Supporting China\'s Naval Modernization Efforts: Report (lien direct) | APT40 Hackers Appear to be Supporting China's Belt and Road Initiative | Industrial | APT 40 | |
 |
2019-03-04 13:00:00 | APT40: Examiner un acteur d'espionnage en Chine-Nexus APT40: Examining a China-Nexus Espionage Actor (lien direct) |
Fireeye met en évidence une opération de cyber-espionnage ciblant les technologies cruciales et les cibles de renseignement traditionnelles d'un acteur parrainé par l'État de Chine-Nexus que nous appelons APT40.L'acteur a mené des opérations depuis au moins 2013 à l'appui de l'effort de modernisation navale de la Chine.Le groupe a spécifiquement ciblé l'ingénierie, le transport et l'industrie de la défense, en particulier lorsque ces secteurs chevauchent les technologies maritimes.Plus récemment, nous avons également observé un ciblage spécifique des pays stratégiquement importants pour l'initiative Belt and Road, notamment le Cambodge, la Belgique, l'Allemagne
FireEye is highlighting a cyber espionage operation targeting crucial technologies and traditional intelligence targets from a China-nexus state sponsored actor we call APT40. The actor has conducted operations since at least 2013 in support of China\'s naval modernization effort. The group has specifically targeted engineering, transportation, and the defense industry, especially where these sectors overlap with maritime technologies. More recently, we have also observed specific targeting of countries strategically important to the Belt and Road Initiative including Cambodia, Belgium, Germany |
APT 40 APT 40 | ★★★★ | |
|
2018-11-15 11:04:02 | Chinese TEMP.Periscope cyberespionage group was using TTPs associated with Russian APTs (lien direct) | Chinese TEMP.Periscope cyberespionage group targeted a UK-based engineering company using TTPs associated with Russia-linked APT groups. Attribution of cyber attacks is always a hard task, in many cases attackers use false flags to masquerade their identities. Chinese hackers have targeted a UK-based engineering company using techniques and artifacts attributed to the Russia-linked APT groups Dragonfly and […] | Industrial | APT 40 | |
 |
2018-07-20 09:33:00 | TEMP.Periscope : Des pirates Chinois, amateurs d\'éléctions présidentielles ? (lien direct) | Il n’y aurait pas que les pirates Russes amateurs d’éléctions ? Le groupe d'espionnage chinois TEMP.Periscope cible... L'article TEMP.Periscope : Des pirates Chinois, amateurs d’éléctions présidentielles ? est apparu en premier sur Data Security Breach. | Industrial | APT 40 | |
|
2018-07-12 08:22:03 | China-based TEMP.Periscope APT targets Cambodia\'s elections (lien direct) | FireEye uncovered a large-scale Chinese phishing and hacking campaign powered by Temp.periscope APT aimed at Cambodia’s elections. Security researchers at FireEye have uncovered a large-scale Chinese phishing and hacking campaign aimed at Cambodia’s elections. The hackers distributed a remote access trojan (RAT) and data exfiltration operation targeting the poll. The experts from FireEye attributed the attacks to an APT group tracked […] | Industrial | APT 40 | |
|
2018-07-10 07:00:00 | Le groupe d'espionnage chinois Temp.Periscope cible le Cambodge avant les élections de juillet 2018 et révèle de larges opérations à l'échelle mondiale Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally (lien direct) |
Introduction
Fireeye a examiné une gamme d'activités de périccope révélant un intérêt étendu pour la politique du Cambodge \\, avec des compromis actifs de plusieurs entités cambodgiennes liées au système électoral du pays.Cela comprend les compromis des entités gouvernementales cambodgienes chargées de superviser les élections, ainsi que le ciblage des chiffres de l'opposition.Cette campagne se déroule dans la mise en ligne vers les élections générales du 29 juillet 2018 du pays.Temp.Periscope a utilisé la même infrastructure pour une gamme d'activités contre d'autres cibles plus traditionnelles, y compris la base industrielle de la défense
Introduction FireEye has examined a range of TEMP.Periscope activity revealing extensive interest in Cambodia\'s politics, with active compromises of multiple Cambodian entities related to the country\'s electoral system. This includes compromises of Cambodian government entities charged with overseeing the elections, as well as the targeting of opposition figures. This campaign occurs in the run up to the country\'s July 29, 2018, general elections. TEMP.Periscope used the same infrastructure for a range of activity against other more traditional targets, including the defense industrial base |
Industrial | APT 40 | ★★★★ |
 |
2018-07-05 17:10:01 | Threat Model Thursdays: Crispin Cowan (lien direct) | Over at the Leviathan blog, Crispin Cowan writes about “The Calculus Of Threat Modeling.” Crispin and I have collaborated and worked together over the years, and our approaches are explicitly aligned around the four question frame. What are we working on? One of the places where Crispin goes deeper is definitional. He’s very precise about … Continue reading "Threat Model Thursdays: Crispin Cowan" | Threat Industrial | APT 40 | |
 |
2018-03-20 09:52:03 | Un groupe de cyber-espionnage chinois s\'attaque à des entreprises américaines (lien direct) |  Un groupe de cyber-espionnage chinois (TEMP.Periscope) s'attaque à des entreprises américaines dans les secteurs de l'ingénierie et du maritime. |
Industrial | APT 40 | |
|
2018-03-17 16:49:02 | Chinese APT Group TEMP.Periscope targets US Engineering and Maritime Industries (lien direct) | The China-linked APT group Leviathan. aka TEMP.Periscope, has increased the attacks on engineering and maritime entities over the past months. Past attacks conducted by the group aimed at targets connected to South China Sea issues, most of them were research institutes, academic organizations, and private firms in the United States. The group has also targeted professional/consulting services, high-tech industry, […] | Industrial | APT 40 | |
|
2018-03-16 20:36:03 | (Déjà vu) China-linked Hackers Target Engineering and Maritime Industries (lien direct) | A China-related cyberespionage group that has been active for half a decade has increased its attacks on engineering and maritime entities over the past months, FireEye reports. Referred to as Leviathan or TEMP.Periscope, the group has been historically interested in targets connected to South China Sea issues, which hasn't changed in the recently observed attacks. Targets include research institutes, academic organizations, and private firms in the United States. “The current campaign is a sharp escalation of detected activity since summer 2017. Like multiple other Chinese cyber espionage actors, TEMP.Periscope has recently re-emerged and has been observed conducting operations with a revised toolkit,” FireEye says. | Industrial | APT 40 | |
|
2018-03-15 23:00:00 | Group de cyber-espionnage chinois suspecté (Temp.Periscope) ciblant les industries de l'ingénierie américaine et maritime Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries (lien direct) |
Les intrusions se concentrent sur le secteur de l'ingénierie et de la maritime
Depuis le début de 2018, Fireeye (y compris notre Fireeye as a Service (FAAS), Mandiant Consulting et Isight Intelligence Teams) a suivi une vague continue d'intrusions ciblant les entités d'ingénierie et de maritime, en particulier celles liées aux problèmes de la mer de Chine méridionale.La campagne est liée à un groupe d'acteurs de cyber-espionnage chinois présumés que nous avons suivis depuis 2013, surnommé Temp.Periscope.Le groupe a également été signalé comme « Leviathan ”par d'autres sociétés de sécurité.
La campagne actuelle est une forte escalade de l'activité détectée
Intrusions Focus on the Engineering and Maritime Sector Since early 2018, FireEye (including our FireEye as a Service (FaaS), Mandiant Consulting, and iSIGHT Intelligence teams) has been tracking an ongoing wave of intrusions targeting engineering and maritime entities, especially those connected to South China Sea issues. The campaign is linked to a group of suspected Chinese cyber espionage actors we have tracked since 2013, dubbed TEMP.Periscope. The group has also been reported as “Leviathan” by other security firms. The current campaign is a sharp escalation of detected activity |
APT 40 | ★★★★ | |
 |
2017-10-19 09:50:25 | Group launches Cyber Attacks against Maritime and Defense sectors (lien direct) | >Leviathan, an espionage group active since 2014, is launching cyber attacks against the maritime and defense sectors- focusing specifically on contractors and associated University Research institutions. View Full Story ORIGINAL SOURCE: ZDNet | Industrial | APT 40 |
1
We have: 34 articles.
We have: 34 articles.
To see everything:
Our RSS (filtrered)
