What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-10-31 16:15:13 | Experts Reactions On North Korean Malware Found On Indian Nuclear Plants Network (lien direct) | It has been reported the network of one of India’s nuclear power plants was infected with malware created by North Korea’s state-sponsored hackers, the Nuclear Power Corporation of India Ltd (NPCIL) confirmed today. Several security researchers identified the malware as a version of Dtrack, a backdoor trojan developed by the Lazarus Group, North Korea’s elite hacking unit. There … The ISBuzz Post: This Post Experts Reactions On North Korean Malware Found On Indian Nuclear Plants Network | Malware Medical | APT 38 | |
 |
2019-10-25 06:49:12 | Experts attribute NukeSped RAT to North Korea-Linked hackers (lien direct) | Experts at Fortinet analyzed NukeSped malware samples that share multiple similarities with malware associated with North Korea-linked APTs. Fortinet has analyzed the NukeSped RAT that is believed to be a malware in the arsenal of the Lazarus North-Korea linked APT group. The attribution to the Lazarus group is based on the similarities with other malware […] | Malware Medical | APT 38 | |
 |
2019-09-24 18:56:47 | North Korean-Linked Dtrack RAT Discovered (lien direct) | An investigation into banking malware targeting India has led to the discovery of a new remote access Trojan (RAT) employed by the North Korean-linked Lazarus group, Kaspersky reports. | Malware Medical | APT 38 | |
|
2019-09-13 20:21:12 | The US Treasury placed sanctions on North Korea linked APT Groups (lien direct) | The US Treasury placed sanctions on three North Korea-linked hacking groups, the Lazarus Group, Bluenoroff, and Andarial. The US Treasury sanctions on three North Korea-linked hacking groups, the Lazarus Group, Bluenoroff, and Andarial. The groups are behind several hacking operations that resulted in the theft of hundreds of millions of dollars from financial institutions and cryptocurrency exchanges […] | Medical | APT 38 | |
 |
2019-09-13 16:47:00 | US Treasury sanctions three North Korean hacking groups (lien direct) | US wants to seize financial assets associated with the Lazarus Group, Bluenoroff, and Andarial. | Medical | APT 38 | |
 |
2019-09-13 15:00:00 | US Sanctions 3 Cyber Attack Groups Tied to DPRK (lien direct) | Lazarus Group, Bluenoroff, and Andariel were named and sanctioned by the US Treasury for ongoing attacks on financial systems. | Medical | APT 38 | |
|
2019-05-13 18:50:03 | US Government Unveils New North Korean Hacking Tool (lien direct) | It has been reported that yesterday the Department of Homeland Security and the FBI publicly identified a new North Korean malware capable of funnelling information from a victim’s computer network. Dubbed ElectricFish by government officials, the malware is the latest tool in North Korea’s hacking program, referred to as Hidden Cobra. The U.S. Cyber Emergency Response Team published a report warning the public … The ISBuzz Post: This Post US Government Unveils New North Korean Hacking Tool | Malware Tool Medical | APT 38 | |
|
2019-05-10 13:53:03 | DHS and FBI published a Malware Analysis Report on North Korea-linked tool ELECTRICFISH (lien direct) | The U.S. Department of Homeland Security (DHS) and the FCI published a new joint report on ELECTRICFISH, a malware used by North Korea. US DHS and the Federal Bureau of Investigation (FBI) conducted a joint analysis of a traffic tunneling tool dubbed ELECTRICFISH used by North Korea-linked APT group tracked as Hidden Cobra (aka Lazarus). It […] | Malware Tool Medical | APT 38 | |
 |
2019-05-10 03:04:03 | North Korean Hackers Using ELECTRICFISH Tunnels to Exfiltrate Data (lien direct) | The U.S. Department of Homeland Security (DHS) and the FBI have issued another joint alert about a new piece of malware that the prolific North Korean APT hacking group Hidden Cobra has actively been using in the wild.
Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by North Korean government and known to launch cyber attacks against media |
Malware Medical | APT 38 | |
 |
2019-04-11 12:28:03 | New Hoplight malware marks re-emergence of Lazarus Group. (lien direct) | The Lazarus Group hacking operation, thought to be controlled by the North Korean government, has a new malware toy to pitch at potential targets and the US is getting worried about it. This according to a report from US-Cert, which say that the group (also known as “Hidden Cobra”) has a new piece of spyware […] | Malware Medical | APT 38 | |
|
2019-03-28 08:20:04 | Lazarus APT continues to target cryptocurrency businesses with Mac malware (lien direct) | North Korea-linked Lazarus group made the headlines again, it has been leveraging PowerShell to target both Windows and macOS machines. The North Korea-linked Lazarus APT group made has been leveraging PowerShell to target both Windows and macOS machines in a new wave of attacks. The discovery was made by experts at Kaspersky Lab, the campaign […] | Malware Medical | APT 38 | |
|
2019-03-27 15:00:02 | North Korea-Linked Hackers Target macOS Users (lien direct) | New Lazarus Operation Targets Windows, macOS Systems The North Korea-linked Lazarus group has been leveraging PowerShell to target both Windows and macOS machines as part of an attack campaign that has been ongoing since at least November 2018, Kaspersky Lab reports. | Medical | APT 38 | |
|
2019-03-27 10:52:01 | North Korean hackers continue attacks on cryptocurrency businesses (lien direct) | Lazarus Group hackers seamlessly integrate Mac malware into their normal attack routine. | Malware Medical | APT 38 | |
 |
2019-03-18 14:57:01 | A week in security (March 11 – 17) (lien direct) |
A roundup of security news from March 11–17 covering our most recent blogs and other news, including Lazarus Group, Emotet, PSD2, reputation management, Google's Nest, and Firefox Send.
Categories:
Security world
Week in security
Tags: Apex LegendsChinese DNAemotetfacebookFacebook outageFirefox SendGoogle NestGoogle PlayLazarus Groupnetflixpsd2Spotify
(Read more...)
|
Medical | APT 38 | |
|
2019-03-12 16:27:00 | The Advanced Persistent Threat files: Lazarus Group (lien direct) |
Lazarus Group, the threat actors likely behind the Sony breach and WannaCry outbreak, are in the news again. Here's what you need to know about this North Korean organization, and what you should do to protect against such nation-state attacks.
Categories:
Criminals
Threat analysis
Tags: APTLazarusNorth Korea
(Read more...)
|
Threat Medical | Wannacry APT 38 | |
|
2019-03-05 14:15:00 | Lazarus Research Highlights Threat from North Korea (lien direct) | A widespread attack against companies and government agencies have been linked to the North Korean Lazarus group, underscoring that the countries hackers are becoming more brazen. | Threat Medical | APT 38 | |
|
2019-03-04 11:43:02 | Researchers granted server by gov officials link Sharpshooter attacks to North Korea (lien direct) | Analysis of the server revealed links to North Korea's Lazarus Group. | Medical | APT 38 | |
|
2019-01-31 10:29:01 | (Déjà vu) FBI Maps and Further Disrupts North Korean Jonap Botnet. (lien direct) | The United States Department of Justice (DoJ) announced its effort to “map and further disrupt” a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade.Dubbed Joanap, the botnet is believed to be part of “Hidden Cobra”-an Advanced Persistent Threat (APT) actors’ group often known as […] | Threat Medical | APT 38 | |
|
2019-01-31 00:03:04 | FBI Mapping \'Joanap Malware\' Victims to Disrupt the North Korean Botnet (lien direct) | The United States Department of Justice (DoJ) announced Wednesday its effort to "map and further disrupt" a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade.
Dubbed Joanap, the botnet is believed to be part of "Hidden Cobra"-an Advanced Persistent Threat (APT) actors' group often known as Lazarus Group and Guardians of
|
Threat Medical | APT 38 | |
 |
2018-12-12 11:26:05 | Op \'Sharpshooter\' Uses Lazarus Group Tactics, Techniques, and Procedures (lien direct) | A new advanced threat actor has emerged on the radar, targeting organizations in the defense and the critical infrastructure sectors with fileless malware and an exploitation tool that borrows code from a trojan associated with the Lazarus group [...] | Malware Tool Threat Medical | APT 38 | |
|
2018-11-24 10:23:02 | North Korea-linked group Lazarus targets Latin American banks (lien direct) | According to security reearchers at Trend Micro, the North Korea-linked APT group Lazarus recently targeted banks in Latin America. The North Korea-linked APT group Lazarus recently targeted banks in Latin America, Trend Micro experts reported. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts […] | Malware Medical | APT 38 | |
|
2018-11-10 14:47:00 | (Déjà vu) Symantec shared details of North Korean Lazarus\'s FastCash Trojan used to hack banks (lien direct) | North Korea-linked Lazarus Group has been using FastCash Trojan to compromise AIX servers to empty tens of millions of dollars from ATMs. Security experts from Symantec have discovered a malware, tracked as FastCash Trojan, that was used by the Lazarus APT Group, in a string of attacks against ATMs. The ATP group has been using this malware […] | Malware Hack Medical | APT 38 | |
|
2018-11-08 17:45:00 | Symantec Uncovers North Korean Group\'s ATM Attack Malware (lien direct) | Lazarus Group has been using FastCash Trojan on obsolete AIX servers to empty tens of millions of dollars from ATMs. | Malware Medical | APT 38 | |
 |
2018-11-06 08:56:00 | Worst malware and threat actors of 2018 so far (lien direct) | What's the worst malware so far into 2018? The worst botnets and banking trojans, according to Webroot, were Emotet, Trickbot, and Zeus Panda. Crysis/Dharma, GandCrab, and SamSam were the worst among ransomware. The top three in cryptomining/cryptojacking were GhostMiner, Wanna Mine, and Coinhive.And included in the list of top 10 threat actors so far this year, we find Lazarus Group, Sofacy and MuddyWater coming in the top three spots, according to AlienVault. Lazarus Group took the top spot from Sofacy this year. The reported locations for the top 10 threat actors are North Korea, with two groups; Russia, with three groups; Iran, with two groups; China, with two groups; and India, with one. Microsoft Office was the most exploited application, but Adobe Flash, WebLogic, Microsoft Windows, Drupal and GPON routers were also listed in the top 10. | Malware Threat Medical | APT 38 | |
|
2018-10-04 06:55:00 | APT38 is behind financially motivated attacks carried out by North Korea (lien direct) | Security experts from FireEye published a report on the activity of financially motivated threat actors, tracked as APT38, linked to the North Korean government. The attacks aimed at financial institutions, FireEye estimates APT38 has stolen at least a hundred million dollars from banks worldwide. APT38 appears to be a North Korea-linked group separate from the […] | Threat Medical | APT 38 | |
|
2018-10-03 20:02:03 | Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide (lien direct) | A joint technical alert from the DHS, the FBI, and the Treasury warning about a new ATM cash-out scheme, dubbed “FASTCash,” used by Hidden Cobra APT. The US-CERT has released a joint technical alert from the DHS, the FBI, and the Treasury warning about a new ATM cash-out scheme, dubbed “FASTCash,” being used by the […] | Medical | APT 38 | |
|
2018-10-03 04:18:05 | Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash (lien direct) | The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra.
Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and has previously launched attacks against a number of media organizations,
|
Medical | APT 38 | |
|
2018-09-07 17:29:00 | (Déjà vu) Industry Reactions to U.S. Charging North Korean Hacker: Feedback Friday (lien direct) | A North Korean national has been charged by U.S. authorities over his alleged involvement in the cyberattacks carried out by the notorious Lazarus Group. | Medical | APT 38 | |
|
2018-09-07 09:00:01 | Opsec Mistakes Allowed U.S. to Link North Korean Man to Hacks (lien direct) | A 34-year-old North Korean national has been charged by U.S. authorities over his alleged involvement in the cyberattacks carried out by the Lazarus Group. An affidavit filed by an FBI special agent reveals how investigators linked the man to the notorious threat actor. | Threat Medical | APT 38 | |
|
2018-09-06 21:43:04 | How US authorities tracked down the North Korean hacker behind WannaCry (lien direct) | US authorities put together four years worth of malware samples, domain names, email and social media accounts to track down one of the Lazarus Group hackers. | Malware Medical | Wannacry APT 38 | |
|
2018-09-06 18:04:01 | U.S. Charges North Korean Over Lazarus Group Hacks (lien direct) | The U.S. Department of Justice on Thursday announced charges against a North Korean national who is believed to be a member of the notorious Lazarus Group, to which governments and the cybersecurity industry have attributed several high profile attacks. | Medical | APT 38 | |
 |
2018-08-28 13:00:00 | AlienVault Product Roundup July / August 2018 (lien direct) |
It’s been a busy summer at AlienVault! Amid some major company announcements, we continue to evolve USM Anywhere and USM Central with new features and capabilities that help you to defend against the latest threats and to streamline your security operations. You can keep up with our regular product releases by reading the release notes in the AlienVault Product Forum. Here are a few of the highlights from our July and August 2018 releases:
New EDR capabilities with the new AlienVault Agent
On July 31, 2018, we publicly launched new endpoint detection and response (EDR) capabilities in USM Anywhere, extending the platform’s powerful threat detection and response capabilities to the endpoint. Read the blog post here. By deploying the AlienVault Agent - a lightweight and adaptable endpoint agent based on osquery - you can expand your security visibility to detect modern threats and monitor critical files (FIM) on your Windows and Linux endpoints, whether in the cloud, in your data center, or remote.
The new EDR capabilities were made available automatically and seamlessly to all USM Anywhere customers, without requiring any subscription upgrades, system updates, or the purchase of add-on products to access the capabilities.
AlienApp for ConnectWise
The AlienApp for ConnectWise is now included in the Standard and Premium editions of USM Anywhere. Service management teams that use ConnectWise Manage can leverage automated service ticket creation from USM Anywhere alarms and vulnerabilities as well as synchronization of asset information.
Slaying Defects and Optimizing the UX
In addition to these new capabilities and apps, in every update this summer, the team has rolled out enhancements to the user interface and / or has addressed multiple defects and inefficiencies. Make sure to read the product release notes for all the details.
USM Central Roundup and Look Ahead
Earlier this month, Skylar Talley, AlienVault Senior Product Manager for USM Central, wrote a blog post recapping the recent improvements to USM Central and outlining his vision for the product in the next few months. You can read the full post here. The highlights include:
Two-way alarm status and label synchronization
Orchestration rules management across USM Anywhere deployments
USM Central API availability (You can find the API documentation here.)
Threat Intelligence Highlights
USM Anywhere receives continuously updated rules and (new!) endpoint queries to detect not only the latest signatures but also higher-level attack tools, tactics, and procedures – all curated for you by the machine and human intelligence of the AlienVault Labs Security Research Team.
The AlienVault Labs Security Research team publishes a weekly threat intelligence newsletter, keeping you informed of the threats they are rese |
Threat Medical | APT 38 | |
|
2018-08-27 17:06:01 | A week in security (August 20 – 26) (lien direct) |
A roundup of the security news from August 20 – 26, including a look at insider threats, several breaches, and what tech giants Google and Facebook are doing about their privacy issues.
Categories:
Security world
Week in security
Tags: a week in securitybadgelifecobalt dickenscybersecuritycybersecurity awarenessdigital entropy of deathelectionsfacebookGooglegreen card scamprivacyproject insecurityransomwarerecapryuksearch browser extensionssuperdrugthe lazarus grouptwitchvulnerabilitiesweekly blog roundup
(Read more...)
|
Medical | APT 38 | |
|
2018-08-23 15:07:00 | Lazarus Group Builds its First MacOS Malware (lien direct) | This isn't the first time Lazarus Group has infiltrated a cryptocurrency exchange as the hacking team has found new ways to achieve financial gain. | Malware Medical | APT 38 | |
|
2018-08-10 16:15:03 | The analysis of the code reuse revealed many links between North Korea malware (lien direct) | Security researchers at Intezer and McAfee have conducted a joint investigation that allowed them to collect evidence that links malware families attributed to North Korean APT groups such as the notorious Lazarus Group and Group 123. The experts focused their analysis on the code reuse, past investigations revealed that some APT groups share portions of code […] | Malware Medical Cloud | APT 38 APT 37 | |
 |
2018-08-09 13:00:01 | Examining Code Reuse Reveals Undiscovered Links Among North Korea\'s Malware Families (lien direct) | 
This research is a joint effort by Jay Rosenberg, senior security researcher at Intezer, and Christiaan Beek, lead scientist and senior principal engineer at McAfee. Intezer has also posted this story. Attacks from the online groups Lazarus, Silent Chollima, Group 123, Hidden Cobra, DarkSeoul, Blockbuster, Operation Troy, and 10 Days of Rain are believed to …
|
Malware Guideline Medical Cloud | APT 38 APT 37 | |
|
2018-06-25 18:30:00 | Malware in South Korean Cyberattacks Linked to Bithumb Heist (lien direct) | Lazarus Group is likely behind a spearphishing campaign containing malicious code to download Manuscrypt malware. | Malware Medical | Bithumb Bithumb APT 38 | |
|
2018-06-25 17:31:04 | North Korean Hackers Exploit HWP Docs in Recent Cyber Heists (lien direct) | A series of malicious Hangul Word Processor (HWP) documents used in recent attacks on cryptocurrency exchanges have been attributed to the North Korea-linked Lazarus group, AlienVault reports. | Medical | APT 38 | |
|
2018-06-18 15:18:04 | DHS, FBI published a join alert including technical details of Hidden Cobra-linked \'Typeframe\' Malware (lien direct) | The US DHS and the FBI have published a new joint report that includes technical details of a piece of malware allegedly used by the Hidden Cobra APT. A new joint report published by US DHS and FBI made the headlines, past document details TTPs associated with North Korea-linked threat groups, tracked by the US government as […] | Medical | TYPEFRAME APT 38 | |
|
2018-06-12 11:14:05 | North Korean Hackers Abuse ActiveX in Recent Attacks (lien direct) | An ActiveX zero-day vulnerability discovered recently on the website of a South Korean think tank focused on national security has been abused by the North Korean-linked Lazarus group in attacks, AlienVault reports. | Medical | APT 38 | |
|
2018-06-12 10:30:01 | Analysis Of Banco De Chile + Continued Cyber Attacks On Banks (lien direct) | As you may have heard, Banco de Chile is the latest victim in a string of cyber attacks targeting payment transfer systems and in a similar vein to the recent Mexico heist, hackers wreaked havoc on banking operations. Ofer Israeli, CEO at Illusive Networks, believes the Lazarus Group, one of the most notorious band of cybercriminals, is behind this, … The ISBuzz Post: This Post Analysis Of Banco De Chile + Continued Cyber Attacks On Banks | Medical | APT 38 | |
|
2018-05-31 10:11:03 | North Korea-Linked Group Stops Targeting U.S. (lien direct) | A threat actor linked to North Korea's Lazarus Group has stopped targeting organizations in the United States, but remains active in Europe and East Asia. | Medical | APT 38 | |
|
2018-05-30 18:30:05 | US-CERT issued an alert on two malware associated with North Korea-linked APT Hidden Cobra (lien direct) | The Department of Homeland Security (DHS) and the FBI issued a joint Technical alert on two strain on malware, the Joanap backdoor Trojan and Brambul Server Message Block worm, associated with the HIDDEN COBRA North Korea-linked APT group. The US-CERT alert reads: “Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators […] | Medical | APT 38 | |
|
2018-05-30 10:44:00 | U.S. Attributes Two More Malware Families to North Korea (lien direct) | The U.S. Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued another joint technical alert on the North Korea-linked threat group known as Hidden Cobra. | Medical | APT 38 | |
|
2018-05-30 07:42:05 | FBI issues alert over two new malware linked to Hidden Cobra hackers (lien direct) | The US-CERT has released a joint technical alert from the DHS and the FBI, warning about two newly identified malware being used by the prolific North Korean APT hacking group known as Hidden Cobra.
Hidden Cobra, often known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and known to launch attacks against media organizations, aerospace,
|
Medical | APT 38 | |
|
2018-04-30 12:25:04 | Thailand seizes server linked to North Korean attack gang (lien direct) | A server hidden in a Thai university and allegedly used as part of a North Korean hacking operation has been seized by ThaiCERT. Thailand’s infosec organisation announced last Wednesday that the box was operated by the Norks-linked Hidden Cobra APT group, and was part of the command-and-control rig for a campaign called GhostSecret. View full ... | Medical | APT 38 | ★★ |
|
2018-04-30 08:06:04 | Op GhostSecret – ThaiCERT seized a server used by North Korea Hidden Cobra APT group in the Sony Picture hack (lien direct) | The Thai authorities with the support of the ThaiCERT and security first McAfee have seized a server used by North Korean Hidden Cobra APT as part of the Op GhostSecret campaign. The Thai authorities with the support of the ThaiCERT have seized a server used by North Korean hackers in the attack against Sony Picture. […] | Medical | APT 38 | |
|
2018-04-25 04:01:02 | (Déjà vu) Global Malware Campaign Pilfers Data from Critical Infrastructure, Entertainment, Finance, Health Care, and Other Industries (lien direct) | 
McAfee Advanced Threat Research analysts have uncovered a global data reconnaissance campaign assaulting a wide number of industries including critical infrastructure, entertainment, finance, health care, and telecommunications. This campaign, dubbed Operation GhostSecret, leverages multiple implants, tools, and malware variants associated with the state-sponsored cyber group Hidden Cobra. The infrastructure currently remains active. (For an extensive …
|
Medical | APT 38 | |
|
2018-04-25 04:01:02 | (Déjà vu) Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide (lien direct) | 
McAfee Advanced Threat Research analysts have uncovered a global data reconnaissance campaign assaulting a wide number of industries including critical infrastructure, entertainment, finance, health care, and telecommunications. This campaign, dubbed Operation GhostSecret, leverages multiple implants, tools, and malware variants associated with the state-sponsored cyber group Hidden Cobra. The infrastructure currently remains active. In this post, …
|
Medical | APT 38 | |
|
2018-04-05 09:22:01 | North Korea-Linked Lazarus APT suspected for online Casino assault (lien direct) | The North Korea-linked APT group known as Lazarus made the headlines again for attacking an online casino in Central America and other targets. The activity of the Lazarus Group (aka Hidden Cobra) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. […] | Medical | APT 38 |
To see everything:
Our RSS (filtrered)
