SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2024-06-27 14:00:00	Le renouveau mondial du hacktivisme nécessite une vigilance accrue des défenseurs Global Revival of Hacktivism Requires Increased Vigilance from Defenders (lien direct)	Written by: Daniel Kapellmann Zafra, Alden Wahlstrom, James Sadowski, Josh Palatucci, Davyn Baumann, Jose Nazario Since early 2022, Mandiant has observed the revival and intensification of threat activity from actors leveraging hacktivist tactics and techniques. This comes decades after hacktivism first emerged as a form of online activism and several years since many defenders last considered hacktivism to be a serious threat. However, this new generation of hacktivism has grown to encompass a more complex and often impactful fusion of tactics different actors leverage for their specific objectives. Today\'s hacktivists exhibit increased capabilities in both intrusion and information operations demonstrated by a range of activities such as executing massive disruptive attacks, compromising networks to leak information, conducting information operations, and even tampering with physical world processes. They have leveraged their skills to gain notoriety and reputation, promote political ideologies, and actively support the strategic interests of nation-states. The anonymity provided by hacktivist personas coupled with the range of objectives supported by hacktivist tactics have made them a top choice for both state and non-state actors seeking to exert influence through the cyber domain. This blog post presents Mandiant\'s analysis of the hacktivism threat landscape, and provides analytical tools to understand and assess the level of risk posed by these groups. Based on years of experience tracking hacktivist actors, their claims, and attacks, our insight is meant to help organizations understand and prioritize meaningful threat activity against their own networks and equities. Figure 1: Sample of imagery used by hacktivists to promote their threat activity Proactive Monitoring of Hacktivist Threats Necessary for Defenders to Anticipate Cyberattacks Mandiant considers activity to be hacktivism when actors claim to or conduct attacks with the publicly stated intent of engaging in political or social activism. The large scale of hacktivism\'s resurgence presents a critical challenge to defenders who need to proactively sift through the noise and assess the risk posed by a multitude of actors with ranging degrees of sophistication. While in many cases hacktivist activity represents a marginal threat, in the most significant hacktivist operations Mandiant has tracked, threat actors have deliberately layered multiple tactics in hybrid operations in such a way that the effect of each component magnified the others. In some cases, hacktivist tactics have been deliberately employed by nation-state actors to support hybrid operations that can seriously harm victims. As the volume and complexity of activity grows and new actors leverage hacktivist tactics, defenders must determine how to filter, assess, and neutralize a range of novel and evolving threats. The proactive moni	Malware Tool Threat Legislation Industrial Cloud Commercial	APT 38
	2024-05-29 16:05:00	Microsoft Uncovers \\ 'Moonstone Sheet \\' - Nouveau groupe de pirates nord Microsoft Uncovers \\'Moonstone Sleet\\' - New North Korean Hacker Group (lien direct)	Un acteur de menace nord-coréen jamais vu auparavant, le nom de manche de Moonstone Sleet a été attribué comme derrière les cyberattaques ciblant les individus et les organisations dans les secteurs de base industrielle des technologies et des technologies de l'information, de l'éducation et de la défense avec un ransomware et un malware sur mesure auparavant associé au célèbre groupe Lazarus Lazare. "On observe que le grésil de la pierre de lune installe de fausses entreprises et A never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacks targeting individuals and organizations in the software and information technology, education, and defense industrial base sectors with ransomware and bespoke malware previously associated with the infamous Lazarus Group. "Moonstone Sleet is observed to set up fake companies and	Ransomware Malware Threat Industrial	APT 38	★★
	2023-12-22 11:04:00	Microsoft met en garde contre le nouveau \\ 'falsefont \\' Backdoor ciblant le secteur de la défense Microsoft Warns of New \\'FalseFont\\' Backdoor Targeting the Defense Sector (lien direct)	Les organisations du secteur de la base industrielle de la défense (DIB) sont dans la réticule d'un acteur de menace iranien dans le cadre d'une campagne conçue pour livrer une porte dérobée inédite appelée Falsefont. Les résultats proviennent de Microsoft, qui suit l'activité sous son surnom et NBSP sur le thème des conditions météorologiques; Peach Sandstorm & NBSP; (anciennement Holmium), qui est également connu sous le nom d'APT33, ElfiN et Kitten raffiné. " Organizations in the Defense Industrial Base (DIB) sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach Sandstorm (formerly Holmium), which is also known as APT33, Elfin, and Refined Kitten. "	Threat Industrial	APT33 APT 33	★★★
	2023-12-21 20:46:58	La porte de la pêche de l'Iran \\ Déploie de la porte dérobée Falsefont dans le secteur de la défense Iran\\'s Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector (lien direct)	par waqas PEACH SANDSTORM, également reconnu comme l'Holmium, s'est récemment concentré sur les cibles de la base industrielle de la défense mondiale (DIB). Ceci est un article de HackRead.com Lire le post original: L'Iran & # 8217; s Peach Sandstorm Deploy Deploy Falsefont Backdoor dans le secteur de la défense By Waqas Peach Sandstorm, also recognized as HOLMIUM, has recently focused on global Defense Industrial Base (DIB) targets. This is a post from HackRead.com Read the original post: Iran’s Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector	Industrial	APT 33	★★
	2023-10-18 20:15:00	Les entreprises d'énergie et de défense d'Europe de l'Est destinées à la porte dérobée MATA Eastern European energy and defense firms targeted with MATA backdoor (lien direct)	Les pirates ont ciblé plus d'une douzaine d'entreprises de pétrole, de gaz et de défense en Europe de l'Est avec une version mise à jour du cadre de la porte dérobée MATA, selon récent Research .La porte dérobée MATA était auparavant attribué au groupe de pirates nord-coréen Lazarus.Les chercheurs de la société de cybersécurité Kaspersky, qui ont découvert cette campagne, ne se sont pas directement liés Hackers have targeted more than a dozen oil, gas and defense firms in Eastern Europe with an updated version of the MATA backdoor framework, according to recent research. The MATA backdoor was previously attributed to the North Korean hacker group Lazarus. Researchers at the cybersecurity firm Kaspersky, who uncovered this campaign, did not directly link	Threat Industrial	APT 38	★★★★
	2023-09-29 19:43:27	Lazarus apt exploitant Linkedin à cibler l'entreprise aérospatiale espagnole Lazarus APT Exploiting LinkedIn to Target Spanish Aerospace Firm (lien direct)	> Par deeba ahmed Auparavant, lorsque le groupe a exploité LinkedIn, il a réussi à piloter 625 millions de dollars stupéfiants du réseau de blockchain Ronin Network (RON). Ceci est un article de HackRead.com Lire le post original: Lazarus apt exploitant Linkedin à cibler la société aérospatiale espagnole >By Deeba Ahmed Previously, when the group exploited LinkedIn, it managed to pilfer a staggering $625 million from the Ronin Network (RON) blockchain network. This is a post from HackRead.com Read the original post: Lazarus APT Exploiting LinkedIn to Target Spanish Aerospace Firm	Industrial	APT 38	★★★★
	2023-08-11 15:42:00	Les chercheurs mettent en lumière les déposées avancées et les tactiques d'exfiltration des données d'APT31 \\ Researchers Shed Light on APT31\\'s Advanced Backdoors and Data Exfiltration Tactics (lien direct)	L'acteur de menace chinois connue sous le nom d'APT31 (alias Bronze Vinewood, Judgment Panda ou Violet Typhoon) a été lié à un ensemble de déambulations avancées qui sont capables d'exfiltration d'informations sensibles récoltées à Dropbox. Le malware fait partie d'une collection plus large de plus de 15 implants qui ont été utilisés par l'adversaire dans les attaques ciblant les organisations industrielles en Europe de l'Est The Chinese threat actor known as APT31 (aka Bronze Vinewood, Judgement Panda, or Violet Typhoon) has been linked to a set of advanced backdoors that are capable of exfiltrating harvested sensitive information to Dropbox. The malware is part of a broader collection of more than 15 implants that have been put to use by the adversary in attacks targeting industrial organizations in Eastern Europe	Malware Threat Industrial	APT 31 APT 31	★★
	2023-08-10 16:00:00	APT31 lié aux récentes attaques industrielles en Europe de l'Est APT31 Linked to Recent Industrial Attacks in Eastern Europe (lien direct)	Kaspersky a publié le troisième épisode de leur enquête sur cette campagne plus tôt dans la journée Kaspersky published the third installment of their investigation on this campaign earlier today	Industrial	APT 31 APT 31	★★★
	2023-08-01 14:31:00	L'APT31 de la Chine soupçonnée dans les attaques contre des systèmes à air en Europe de l'Est China\\'s APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe (lien direct)	Un acteur de l'État-nation avec des liens avec la Chine est soupçonné d'être derrière une série d'attaques contre des organisations industrielles en Europe de l'Est qui ont eu lieu l'année dernière pour siphon les données stockées sur des systèmes à air. La société de cybersécurité Kaspersky a attribué les intrusions avec une confiance moyenne à élevée à une équipe de piratage appelée APT31, qui est également suivie sous les surnoms en bronze, A nation-state actor with links to China is suspected of being behind a series of attacks against industrial organizations in Eastern Europe that took place last year to siphon data stored on air-gapped systems. Cybersecurity company Kaspersky attributed the intrusions with medium to high confidence to a hacking crew called APT31, which is also tracked under the monikers Bronze Vinewood,	Industrial	APT 31	★★
	2023-07-31 17:30:00	Les implants APT31 ciblent les organisations industrielles APT31 Implants Target Industrial Organizations (lien direct)	Les attaquants ont établi un canal d'exfiltration de données, y compris à partir de systèmes à air The attackers established a channel for data exfiltration, including from air-gapped systems	Industrial	APT 31	★★
	2021-07-20 15:00:00	Anomali Cyber Watch: China Blamed for Microsoft Exchange Attacks, Israeli Cyber Surveillance Companies Help Oppressive Governments, and More (lien direct)	The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, APT, Espionage, Ransomware, Targeted Campaigns, DLL Side-Loading, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed. Trending Cyber News and Threat Intelligence UK and Allies Accuse China for a Pervasive Pattern of Hacking, Breaching Microsoft Exchange Servers (published: July 19, 2021) On July 19th, 2021, the US, the UK, and other global allies jointly accused China in a pattern of aggressive malicious cyber activity. First, they confirmed that Chinese state-backed actors (previously identified under the group name Hafnium) were responsible for gaining access to computer networks around the world via Microsoft Exchange servers. The attacks took place in early 2021, affecting over a quarter of a million servers worldwide. Additionally, APT31 (Judgement Panda) and APT40 (Kryptonite Panda) were attributed to Chinese Ministry of State Security (MSS), The US Department of Justice (DoJ) has indicted four APT40 members, and the Cybersecurity and Infrastructure Security Agency (CISA) shared indicators of compromise of the historic APT40 activity. Analyst Comment: Network defense-in-depth and adherence to information security best practices can assist organizations in reducing the risk. Pay special attention to the patch and vulnerability management, protecting credentials, and continuing network hygiene and monitoring. When possible, enforce the principle of least privilege, use segmentation and strict access control measures for critical data. Organisations can use Anomali Match to perform real time forensic analysis for tracking such attacks. MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 \| [MITRE ATT&CK] Exploit Public-Facing Application - T1190 \| [MITRE ATT&CK] External Remote Services - T1133 \| [MITRE ATT&CK] Server Software Component - T1505 \| [MITRE ATT&CK] Exploitation of Remote Services - T1210 Tags: Hafnium, Judgement Panda, APT31, TEMP.Jumper, APT40, Kryptonite Panda, Zirconium, Leviathan, TEMP.Periscope, Microsoft Exchange, CVE-2021-26857, CVE-2021-26855, CVE-2021-27065, CVE-2021-26858, Government, EU, UK, North America, China NSO’s Spyware Sold to Authoritarian Regimes Used to Target Activists, Politicians and Journalists (published: July 18, 2021) Israeli surveillance company NSO Group supposedly sells spyware to vetted governments bodies to fight crime and terrorism. New research discovered NSO’s tools being used against non-criminal actors, pro-democracy activists and journalists investigating corruption, political opponents and government critics, diplomats, etc. In some cases, the timeline of this surveillance coincided with journalists' arrests and even murders. The main penetration tool used by NSO is malware Pegasus that targets both iPho	Ransomware Malware Tool Vulnerability Threat Studies Guideline Industrial	APT 41 APT 40 APT 28 APT 31

Last update at: 2024-06-28 05:07:59
See our sources.

To see everything: Our RSS (filtrered)