What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-05-16 12:10:52 | Le sénateur Vance émet un avertissement sur le typhon de volt soutenu par la Chine pour les infrastructures critiques américaines Senator Vance issues warning on China-backed Volt Typhoon threat to US critical infrastructure (lien direct) |
Dans une lettre à la Cybersecurity and Infrastructure Security Agency (CISA), un sénateur américain a mis en garde contre la menace ...
In a letter to the Cybersecurity and Infrastructure Security Agency (CISA), a U.S. Senator warned of the threat... |
Threat | Guam | ★★★ |
 |
2024-04-19 17:05:09 | Le directeur du FBI met en garde contre les préparatifs de la Chine pour les attaques d'infrastructure perturbatrices FBI director warns of China\\'s preparations for disruptive infrastructure attacks (lien direct) |
> Wray a indiqué que le FBI considère la Chine comme une menace plus imminente pour les infrastructures américaines alors que des groupes de piratage comme Volt Typhoon Position Resources pour une perturbation avant une confrontation potentielle avec les États-Unis au-dessus de Taïwan dès 2027.
>Wray indicated the FBI sees China as a more imminent threat to U.S. infrastructure as hacking groups like Volt Typhoon position resources for disruption ahead of a potential confrontation with the U.S. over Taiwan as early as 2027. |
Threat | Guam | ★★★ |
 |
2024-04-10 23:00:00 | Japon, Philippines, &US FORGE CYBER MENONAGE ALLIANCE INTEL-SORARGE Japan, Philippines, & US Forge Cyber Threat Intel-Sharing Alliance (lien direct) |
À la suite des attaques de Typhoon de Volt contre les infrastructures critiques dans la région par la Chine, les États-Unis partageront des informations sur les menaces de cybersécurité avec les deux pays.
Following the Volt Typhoon attacks on critical infrastructure in the region by China, the US reportedly will share cybersecurity threat information with both countries. |
Threat | Guam | ★★ |
 |
2024-04-05 13:39:39 | Même cibles, nouveaux manuels: les acteurs de la menace en Asie de l'Est utilisent des méthodes uniques Same targets, new playbooks: East Asia threat actors employ unique methods (lien direct) |
## Snapshot Microsoft has observed several notable cyber and influence trends from China and North Korea since June 2023 that demonstrate not only doubling down on familiar targets, but also attempts to use more sophisticated influence techniques to achieve their goals. Chinese cyber actors broadly selected three target areas over the last seven months. - One set of Chinese actors extensively targeted entities across the South Pacific Islands. - A second set of Chinese activity continued a streak of cyberattacks against regional adversaries in the South China Sea region. - Meanwhile, a third set of Chinese actors compromised the US defense industrial base. Chinese influence actors-rather than broadening the geographic scope of their targets-honed their techniques and experimented with new media. Chinese influence campaigns continued to refine AI-generated or AI-enhanced content. The influence actors behind these campaigns have shown a willingness to **both amplify AI-generated media that benefits their strategic narratives, as well as create their own video, memes, and audio content**. Such tactics have been used in campaigns stoking divisions within the United States and exacerbating rifts in the Asia-Pacific region-including Taiwan, Japan, and South Korea. These campaigns achieved varying levels of resonance with no singular formula producing consistent audience engagement. North Korean cyber actors made headlines for **increasing software supply chain attacks and cryptocurrency heists over the past year**. While strategic spear-phishing campaigns targeting researchers who study the Korean Peninsula remained a constant trend, North Korean threat actors appeared to make greater use of legitimate software to compromise even more victims. ## Activity Overview ### Chinese cyber operations target strategic partners and competitors #### Gingham Typhoon targets government, IT, and multinational entities across the South Pacific Islands **** *Figure 1: Observed events from Gingham Typhoon from June 2023 to January 2024 highlights their continued focus on South Pacific Island nations. However, much of this targeting has been ongoing, reflecting a yearslong focus on the region. Geographic locations and diameter of symbology are representational. * During the summer of 2023, Microsoft Threat Intelligence observed extensive activity from China-based espionage group Gingham Typhoon that targeted nearly every South Pacific Island country. Gingham Typhoon is the most active actor in this region, hitting international organizations, government entities, and the IT sector with complex phishing campaigns. Victims also included vocal critics of the Chinese government. Diplomatic allies of China who were victims of recent Gingham Typhoon activity include executive offices in government, trade-related departments, internet service providers, as well as a transportation entity. Heightened geopolitical and diplomatic competition in the region may be motivations for these offensive cyber activities. China pursues strategic partnerships with South Pacific Island nations to expand economic ties and broker diplomatic and security agreements. Chinese cyber espionage in this region also follows economic partners. For example, Chinese actors engaged in large-scale targeting of multinational organizations in Papua New Guinea, a longtime diplomatic partner that is benefiting from multiple Belt and Road Initiative (BRI) projects including the construction of a major highway which links a Papua New Guinea government building to the capital city\'s main road. (1) #### Chinese threat actors retain focus on South China Sea amid Western military exercises China-based threat actors continued to target entities related to China\'s economic and military interests in a | Malware Tool Vulnerability Threat Studies Industrial Prediction Technical | Guam | ★★★ |
 |
2024-04-04 14:00:00 | Cutting avant, partie 4: Ivanti Connect Secure VPN Post-Exploitation Mouvement latéral Études de cas Cutting Edge, Part 4: Ivanti Connect Secure VPN Post-Exploitation Lateral Movement Case Studies (lien direct) |
Written by: Matt Lin, Austin Larsen, John Wolfram, Ashley Pearson, Josh Murchie, Lukasz Lamparski, Joseph Pisano, Ryan Hall, Ron Craft, Shawn Chew, Billy Wong, Tyler McLellan
Since the initial disclosure of CVE-2023-46805 and CVE-2024-21887 on Jan. 10, 2024, Mandiant has conducted multiple incident response engagements across a range of industry verticals and geographic regions. Mandiant\'s previous blog post, Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts, details zero-day exploitation of CVE-2024-21893 and CVE-2024-21887 by a suspected China-nexus espionage actor that Mandiant tracks as UNC5325. This blog post, as well as our previous reports detailing Ivanti exploitation, help to underscore the different types of activity that Mandiant has observed on vulnerable Ivanti Connect Secure appliances that were unpatched or did not have the appropriate mitigation applied. Mandiant has observed different types of post-exploitation activity across our incident response engagements, including lateral movement supported by the deployment of open-source tooling and custom malware families. In addition, we\'ve seen these suspected China-nexus actors evolve their understanding of Ivanti Connect Secure by abusing appliance-specific functionality to achieve their objectives. As of April 3, 2024, a patch is readily available for every supported version of Ivanti Connect Secure affected by the vulnerabilities. We recommend that customers follow Ivanti\'s latest patching guidance and instructions to prevent further exploitation activity. In addition, Ivanti released a new enhanced external integrity checker tool (ICT) to detect potential attempts of malware persistence across factory resets and system upgrades and other tactics, techniques, and procedures (TTPs) observed in the wild. We also released a remediation and hardening guide |
Malware Tool Vulnerability Threat Studies Mobile Cloud | Guam | ★★★ |
 |
2024-03-20 17:00:00 | CISA avertit les chefs d'infrastructure critiques de Volt Typhoon CISA Warns Critical Infrastructure Leaders of Volt Typhoon (lien direct) |
L'agence a publié une fiche d'information sur l'acteur de menace, soulignant l'importance du cyber-risque en tant que préoccupation commerciale principale
The agency has issued a fact sheet about the threat actor, emphasizing the importance of cyber-risk as a core business concern |
Threat | Guam | ★★★ |
|
2024-03-20 15:28:59 | Les agences de sécurité transnationale mettent en garde contre le cyberon de volt-typhon, mettant l'accent sur le cyber-risque comme risque commercial de base Transnational security agencies warn of Volt Typhoon cyber threat, emphasize cyber risk as core business risk (lien direct) |
Les agences de sécurité transnationale ont de nouveau collaboré pour émettre une feuille d'information alertant les leaders d'infrastructure critiques au ... imminent ...
Transnational security agencies collaborated once more to issue a fact sheet alerting critical infrastructure leaders to the imminent... |
Threat | Guam | ★★ |
 |
2024-02-22 14:52:59 | Tenable: les professionnels de la cybersécurité devraient s'inquiéter des cyberattaques parrainées par l'État Tenable: Cyber Security Pros Should Worry About State-Sponsored Cyber Attacks (lien direct) |
La sortie de l'acteur de menace soutenu par la Chine Volt Typhoon et du compromis de Microsoft \\ par la blizzard de minuit soutenue par la Russie fournissent d'importantes leçons de stratégie de cybersécurité pour l'Australie, explique Tenable.
The outing of China-backed threat actor Volt Typhoon and Microsoft\'s compromise by Russia-backed Midnight Blizzard provide important cyber security strategy lessons for Australia, says Tenable. |
Threat | Guam | ★★★ |
 |
2024-02-22 13:00:00 | Voltzite Threat Group \\ est sous le cyber-espionnage radar sur les systèmes critiques américains VOLTZITE Threat Group\\'s Under the Radar Cyber Espionage on U.S. Critical Systems (lien direct) |
> Voltzite est un groupe de menaces actif suivi par Dragos Intelligence.Ce groupe partage des chevauchements avec Volt Typhoon (Microsoft) et le ...
The Post groupe de menaces voltzite \\Sous le cyber-espionnage radar sur les systèmes critiques américains est apparu pour la première fois sur dragos .
>VOLTZITE is an active threat group tracked by Dragos Intelligence. This group shares overlaps with Volt Typhoon (Microsoft) and the... The post VOLTZITE Threat Group\'s Under the Radar Cyber Espionage on U.S. Critical Systems first appeared on Dragos. |
Threat Industrial | Guam | ★★ |
 |
2024-02-08 18:35:00 | Les pirates chinois opèrent non détectés dans les infrastructures critiques des États-Unis pendant une demi-décennie Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade (lien direct) |
Mercredi, le gouvernement américain a déclaré que le groupe de piratage parrainé par l'État chinois connu sous le nom de & nbsp; Volt Typhoon & nbsp; avait été intégré à des réseaux d'infrastructure critiques dans le pays depuis au moins cinq ans.
Les cibles de l'acteur de menace comprennent les secteurs des communications, de l'énergie, des transports et des systèmes d'eau et des eaux usées aux États-Unis et à Guam.
"Volt Typhoon \'s Choix de cibles et de motifs
The U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into some critical infrastructure networks in the country for at least five years. Targets of the threat actor include communications, energy, transportation, and water and wastewater systems sectors in the U.S. and Guam. "Volt Typhoon\'s choice of targets and pattern |
Threat | Guam | ★★★ |
|
2024-02-01 20:30:00 | La Chine s'infiltre les infrastructures critiques américaines en accélération au conflit China Infiltrates US Critical Infrastructure in Ramp-up to Conflict (lien direct) |
Les acteurs de la menace liés à la République de Chine du peuple, comme Volt Typhoon, continuent de "préposition" eux-mêmes dans l'infrastructure critique des États-Unis, selon des responsables militaires et des forces de l'ordre.
Threat actors linked to the People\'s Republic of China, such as Volt Typhoon, continue to "pre-position" themselves in the critical infrastructure of the United States, according to military and law enforcement officials. |
Threat | Guam | ★★★ |
 |
2024-02-01 20:23:00 | Le FBI perturbe Volt Typhoon soutenu par l'État chinois \\ 's kv botnet FBI Disrupts Chinese State-Backed Volt Typhoon\\'s KV Botnet (lien direct) |
par waqas
Le KV Botnet, un groupe d'acteurs de menaces parrainé par l'État chinois a attiré une attention généralisée pour compromettre des centaines de routeurs de petit bureau / bureau à domicile basés aux États-Unis (SOHO).
Ceci est un article de HackRead.com Lire la publication originale: Le FBI perturbe le Typhoon Volt soutenu par l'État chinois & # 8217; s kv botnet
By Waqas The KV Botnet, a Chinese state-sponsored threat actor group gained widespread attention for compromising hundreds of U.S.-based small office/home office (SOHO) routers. This is a post from HackRead.com Read the original post: FBI Disrupts Chinese State-Backed Volt Typhoon’s KV Botnet |
Threat | Guam | ★★★ |
|
2024-02-01 17:07:00 | Les fédéraux américains ont fermé "KV-Botnet" lié à la Chine ciblant les routeurs SOHO U.S. Feds Shut Down China-Linked "KV-Botnet" Targeting SOHO Routers (lien direct) |
Le gouvernement américain a déclaré mercredi qu'il avait pris des mesures pour neutraliser un botnet comprenant des centaines de routeurs de petits bureaux et du ministère de l'Intérieur basé aux États-Unis (SOHO) détournés par un acteur de menace parrainé par l'État lié à la Chine appelée Volt Typhoon et émoussé l'impact posé par le piratagecampagne.
L'existence du botnet, surnommé & nbsp; kv-botnet, était & nbsp; d'abord divulgué & nbsp; par l'équipe Black Lotus Labs à
The U.S. government on Wednesday said it took steps to neutralize a botnet comprising hundreds of U.S.-based small office and home office (SOHO) routers hijacked by a China-linked state-sponsored threat actor called Volt Typhoon and blunt the impact posed by the hacking campaign. The existence of the botnet, dubbed KV-botnet, was first disclosed by the Black Lotus Labs team at |
Threat Legislation | Guam | ★★★ |
 |
2024-01-30 12:54:27 | Les États-Unis ont perturbé l'opération de piratage chinois destiné à l'infrastructure critique: rapport US Disrupted Chinese Hacking Operation Aimed at Critical Infrastructure: Report (lien direct) |
> Le gouvernement américain aurait désactivé des parties d'une cyber campagne de botnet menée par l'acteur de menace chinoise Volt Typhoon.
>US government reportedly disabled parts of a botnet-powered cyber campaign conducted by the Chinese threat actor Volt Typhoon. |
Threat | Guam | ★★★ |
 |
2024-01-25 11:00:00 | Le côté obscur de la cybersécurité 2023: évolution des logiciels malveillants et cyber-menaces The dark side of 2023 Cybersecurity: Malware evolution and Cyber threats (lien direct) |
In the ever-evolving cybersecurity landscape, 2023 witnessed a dramatic surge in the sophistication of cyber threats and malware. AT&T Cybersecurity Alien Labs reviewed the big events of 2023 and how malware morphed this year to try new ways to breach and wreak havoc. This year\'s events kept cybersecurity experts on their toes, from expanding malware variants to introducing new threat actors and attack techniques. Here are some of the most compelling developments, highlighting malware\'s evolving capabilities and the challenges defenders face. Highlights of the year: Emerging trends and notable incidents As the year unfolded, several trends and incidents left an indelible mark on the cybersecurity landscape: Exploiting OneNote for malicious payloads Cybercriminals leveraged Microsoft OneNote to deliver many malicious payloads to victims, including Redline, AgentTesla, Quasar RAT, and others. This previously underutilized Office program became a favored tool due to its low suspicion and widespread usage. SEO poisoning and Google Ads Malicious actors resorted to SEO poisoning tactics, deploying phishing links through Google Ads to deceive unsuspecting victims. These links led to cloned, benign web pages, avoiding Google\'s detection and remaining active for extended periods. Prominent malware families, including Raccoon Stealer and IcedID, capitalized on this strategy. Exploiting geopolitical events Cybercriminals exploited the geopolitical climate, particularly the Middle East conflict, as a lure for their attacks. This trend mirrored the previous year\'s Ukraine-related phishing campaigns and crypto scams. APTs: State-sponsored espionage continues to present challenges Advanced Persistent Threats (APTs) continued to pose a significant threat in 2023: Snake: CISA reported on the Snake APT, an advanced cyber-espionage tool associated with the Russian Federal Security Service (FSB). This malware had been in use for nearly two decades. Volt Typhoon: A campaign targeting critical infrastructure organizations in the United States was attributed to Volt Typhoon, a state-sponsored actor based in China. Their focus lay on espionage and information gathering. Storm-0558: This highly sophisticated intrusion campaign, orchestrated by the Storm-0558 APT from China, infiltrated the email accounts of approximately 25 organizations, including government agencies. Ransomware\'s relentless rise Ransomware remained a prevalent and lucrative threat throughout the year: Cuba and Snatch: Ransomware groups like Cuba and Snatch targeted critical infrastructure in the United States, causing concern for national security. ALPHV/BlackCat: Beyond SEO poisoning, this group compromised the computer systems of Caesar and MGM casinos. They also resorted to filing complaints with the US Securities and Exchange Commission (SEC) against their victims, applying additional pressure to pay ransoms. Exploiting new vulnerabilities: Cybercriminals wasted no time exploiting newly discovered vulnerabilities, such as CVE-2023-22518 in Atlassian\'s Confluence, CVE-2023-4966 (Citrix bleed), and others. These vulnerabilities became gateways for ransomware attacks. Evolving ransom | Ransomware Spam Malware Tool Vulnerability Threat Prediction | Guam | ★★★ |
|
2024-01-11 22:49:00 | Volt Typhoon augmente l'activité malveillante contre les infrastructures critiques Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure (lien direct) |
L'APT parrainé par l'État chinois a compromis jusqu'à 30% des routeurs Cisco Legacy sur un botnet SoHo que plusieurs groupes de menaces utilisent.
The Chinese state-sponsored APT has compromised as many as 30% of Cisco legacy routers on a SOHO botnet that multiple threat groups use. |
Threat | Guam | ★★★ |
 |
2024-01-11 15:24:12 | SecurityScoreCard Research: Volt Typhoon compromet 30% des appareils Cisco RV320 / 325 en 37 jours SecurityScorecard Threat Research: Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days (lien direct) |
Recherche de menace de sécurité de sécurité: Volt Typhoon compromet 30% des appareils Cisco RV320 / 325 en 37 jours
-
mise à jour malveillant
SecurityScorecard Threat Research: Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days - Malware Update |
Vulnerability Threat Studies | Guam | ★★★★ |
|
2023-12-15 19:47:00 | Nouveau KV-Botnet ciblant les appareils Cisco, Draytek et Fortinet pour des attaques furtives New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks (lien direct) |
Un nouveau botnet composé de pare-feu et de routeurs de Cisco, Draytek, Fortinet et Netgear est utilisé comme réseau de transfert de données secrètes pour les acteurs avancés de menace persistante, y compris l'acteur de menace lié à la Chine appelée & nbsp; volt typhoon.
Surnommé & nbsp; kv-botnet & nbsp; par l'équipe Black Lotus Labs chez Lumen Technologies, le réseau malveillant est une fusion de deux activités complémentaires
A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon. Dubbed KV-botnet by the Black Lotus Labs team at Lumen Technologies, the malicious network is an amalgamation of two complementary activity |
Threat | Guam | ★★ |
 |
2023-12-13 17:47:20 | KV-Botnet détourné les routeurs SoHo et les appareils VPN Stealthy KV-botnet hijacks SOHO routers and VPN devices (lien direct) |
Le groupe de piratage APT parrainé par l'État chinois connu sous le nom de Volt Typhoon (Bronze Silhouette) a été lié à un botnet sophistiqué nommé \\ 'KV-Botnet \' depuis au moins 2022 pour attaquer les routeurs Soho dans des cibles à grande valeur.[...]
The Chinese state-sponsored APT hacking group known as Volt Typhoon (Bronze Silhouette) has been linked to a sophisticated botnet named \'KV-botnet\' since at least 2022 to attack SOHO routers in high-value targets. [...] |
Threat | Guam | ★★★ |
|
2023-07-07 02:33:29 | Rapport de tendance des menaces sur les groupes APT & # 8211;Mai 2023 Threat Trend Report on APT Groups – May 2023 (lien direct) |
Les cas de grands groupes APT pour le mai 2023 réunis à partir de documents rendus publics par des sociétés de sécurité et des institutions sont comme commesuit.& # 8211;Agrius & # 8211;Andariel & # 8211;APT28 & # 8211;APT29 & # 8211;APT-C-36 (Blind Eagle) & # 8211;Camaro Dragon & # 8211;CloudWizard & # 8211;Earth Longzhi (APT41) & # 8211;Goldenjackal & # 8211;Kimsuky & # 8211;Lazarus & # 8211;Lancefly & # 8211;Oilalpha & # 8211;Red Eyes (Apt37, Scarcruft) & # 8211;Sidecopy & # 8211;Sidewinder & # 8211;Tribu transparente (APT36) & # 8211;Volt Typhoon (Silhouette de bronze) ATIP_2023_MAY_TRADEAT Rapport sur les groupes APT_20230609
The cases of major APT groups for May 2023 gathered from materials made public by security companies and institutions are as follows. – Agrius – Andariel – APT28 – APT29 – APT-C-36 (Blind Eagle) – Camaro Dragon – CloudWizard – Earth Longzhi (APT41) – GoldenJackal – Kimsuky – Lazarus – Lancefly – OilAlpha – Red Eyes (APT37, ScarCruft) – SideCopy – SideWinder – Transparent Tribe (APT36) – Volt Typhoon (Bronze Silhouette) ATIP_2023_May_Threat Trend Report on APT Groups_20230609 |
Threat Prediction | APT 41 APT 38 APT 37 APT 37 APT 29 APT 29 APT 28 APT 28 APT 36 APT 36 Guam Guam APT-C-17 APT-C-17 GoldenJackal GoldenJackal APT-C-36 | ★★★ |
|
2023-06-26 21:05:13 | China\'s \'Volt Typhoon\' APT Turns to Zoho ManageEngine for Fresh Cyberattacks (lien direct) | Une campagne récente montre que l'acteur de menace politiquement motivé a plus de trucs dans sa manche que celle précédemment connue, ciblant un exploit critique et des journaux d'essuyage pour couvrir leurs pistes.
A recent campaign shows that the politically motivated threat actor has more tricks up its sleeve than previously known, targeting a critical exploit and wiping logs to cover their tracks. |
Threat | Guam | ★★ |
|
2023-06-26 21:05:13 | Chine \\ 'S \\' Volt Typhoon \\ 'APT se tourne vers Zoho ManageEngine pour les cyberattaques fraîches China\\'s \\'Volt Typhoon\\' APT Turns to Zoho ManageEngine for Fresh Cyberattacks (lien direct) |
Une campagne récente montre que l'acteur de menace politiquement motivé a plus de trucs dans sa manche que celle précédemment connue, ciblant un exploit critique et des journaux d'essuyage pour couvrir leurs pistes.
A recent campaign shows that the politically motivated threat actor has more tricks up its sleeve than previously known, targeting a critical exploit and wiping logs to cover their tracks. |
Threat | Guam | ★★ |
 |
2023-06-22 18:12:12 | Affaire comme d'habitude: Falcon Complete Mdr contrecarne le roman Vanguard Panda (Volt Typhoon) Tradecraft Business as Usual: Falcon Complete MDR Thwarts Novel VANGUARD PANDA (Volt Typhoon) Tradecraft (lien direct) |
Vanguard Panda Contexte Le 24 mai 2023, les sources de l'industrie et du gouvernement ont détaillé l'activité China-Nexus dans laquelle l'acteur de menace a surnommé Volt Typhoon ciblé des entités d'infrastructures critiques basées aux États-Unis.Crowdsstrike Intelligence suit cet acteur comme Vanguard Panda.Depuis au moins la mi-2020, le Crowdsstrike Falcon & Reg;Équipe complète de détection et de réponse gérée (MDR) et The Crowdsstrike & Reg;Falcon Overwatch ™ menace [& # 8230;]
VANGUARD PANDA Background On May 24, 2023, industry and government sources detailed China-nexus activity in which the threat actor dubbed Volt Typhoon targeted U.S.-based critical infrastructure entities. CrowdStrike Intelligence tracks this actor as VANGUARD PANDA. Since at least mid-2020, the CrowdStrike Falcon® Complete managed detection and response (MDR) team and the CrowdStrike® Falcon OverWatch™ threat […] |
Threat | Guam Guam | ★★★ |
 |
2023-05-31 17:19:00 | Anomali Cyber Watch: Shadow Force cible les serveurs coréens, Volt Typhoon abuse des outils intégrés, Cosmicenergy Tests Electric Distribution Perturbation Anomali Cyber Watch: Shadow Force Targets Korean Servers, Volt Typhoon Abuses Built-in Tools, CosmicEnergy Tests Electric Distribution Disruption (lien direct) |
Les différentes histoires de l'intelligence des menaces dans cette itération de la cyber-montre anomali discutent des sujets suivants: Chine, chargement de DLL, vivant de la terre, technologie opérationnelle, ransomware, et Russie .Les CIO liés à ces histoires sont attachés à Anomali Cyber Watch et peuvent être utilisés pour vérifier vos journaux pour une activité malveillante potentielle.
Figure 1 - Diagrammes de résumé du CIO.Ces graphiques résument les CIO attachés à ce magazine et donnent un aperçu des menaces discutées.
Cyber News et Intelligence des menaces
shadowVictiticoor et Coinmin de Force Group \\
(Publié: 27 mai 2023)
Force Shadow est une menace qui cible les organisations sud-coréennes depuis 2013. Il cible principalement les serveurs Windows.Les chercheurs d'AHNLAB ont analysé l'activité du groupe en 2020-2022.Les activités de force fantôme sont relativement faciles à détecter car les acteurs ont tendance à réutiliser les mêmes noms de fichiers pour leurs logiciels malveillants.Dans le même temps, le groupe a évolué: après mars, ses fichiers dépassent souvent 10 Mo en raison de l'emballage binaire.Les acteurs ont également commencé à introduire divers mineurs de crypto-monnaie et une nouvelle porte dérobée surnommée Viticdoor.
Commentaire de l'analyste: Les organisations doivent garder leurs serveurs à jour et correctement configurés avec la sécurité à l'esprit.Une utilisation et une surchauffe du processeur inhabituellement élevées peuvent être un signe du détournement de ressources malveillantes pour l'exploitation de la crypto-monnaie.Les indicateurs basés sur le réseau et l'hôte associés à la force fantôme sont disponibles dans la plate-forme Anomali et il est conseillé aux clients de les bloquer sur leur infrastructure.
mitre att & amp; ck: [mitre att & amp; ck] t1588.003 - obtenir des capacités:Certificats de signature de code | [mitre att & amp; ck] t1105 - transfert d'outils d'entrée | [mitre att & amp; ck] t1027.002 - fichiers ou informations obscurcies: emballage logiciel | [mitre att & amp; ck] t1569.002: exécution du service | [mitre att & amp; ck] T1059.003 - Commande et script Interpréteur: Windows Command Shell | [mitre att & amp; ck] T1547.001 - Exécution de botter ou de connexion automatique: Registre Run Keys / Startup Folder | [mitre att & amp; ck] t1546.008 - Événement Exécution déclenchée: caractéristiques de l'accessibilité | [mitre att & amp; ck] t1543.003 - créer ou modifier le processus système: service Windows | [mitre att & amp; ck] t1554 - compromis le logiciel client binaire | [mitreAtt & amp; ck] t1078.001 - Comptes valides: comptes par défaut | [mitre att & amp; ck] t1140 - désobfuscate / décode ou infor |
Ransomware Malware Tool Vulnerability Threat | APT 38 Guam CosmicEnergy | ★★ |
 |
2023-05-31 13:00:00 | Cyberheistnews Vol 13 # 22 [Eye on Fraud] Un examen plus approfondi de la hausse massive de 72% des attaques de phishing financier CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks (lien direct) |
CyberheistNews Vol 13 #22 | May 31st, 2023
[Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks
With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all.
When you want tires, where do you go? Right – to the tire store. Shoes? Yup – shoe store. The most money you can scam from a single attack? That\'s right – the financial services industry, at least according to cybersecurity vendor Armorblox\'s 2023 Email Security Threat Report.
According to the report, the financial services industry as a target has increased by 72% over 2022 and was the single largest target of financial fraud attacks, representing 49% of all such attacks. When breaking down the specific types of financial fraud, it doesn\'t get any better for the financial industry:
51% of invoice fraud attacks targeted the financial services industry
42% were payroll fraud attacks
63% were payment fraud
To make matters worse, nearly one-quarter (22%) of financial fraud attacks successfully bypassed native email security controls, according to Armorblox. That means one in five email-based attacks made it all the way to the Inbox.
The next layer in your defense should be a user that\'s properly educated using security awareness training to easily identify financial fraud and other phishing-based threats, stopping them before they do actual damage.
Blog post with links:https://blog.knowbe4.com/financial-fraud-phishing
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
|
Ransomware Malware Hack Tool Threat Conference | Uber ChatGPT ChatGPT Guam | ★★ |
|
2023-05-25 21:53:00 | \\ 'Volt Typhoon \\' innove le terrain frais pour les cyber campagnes soutenues en Chine \\'Volt Typhoon\\' Breaks Fresh Ground for China-Backed Cyber Campaigns (lien direct) |
Il s'agit du premier incident où un acteur de menace du pays semble jeter les bases d'attaques perturbatrices à l'avenir, selon les chercheurs.
This is the first incident where a threat actor from the country appears to be laying the groundwork for disruptive attacks in the future, researchers say. |
Threat | Guam | ★★ |
|
2023-05-25 13:58:00 | Les pirates furtifs de la Chine infiltraient les infrastructures critiques des États-Unis et de Guam non détectées China\\'s Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected (lien direct) |
Un groupe furtif basé en Chine a réussi à établir un pied persistant dans des organisations d'infrastructures critiques aux États-Unis et à Guam sans être détectées, ont déclaré mercredi Microsoft et les «cinq yeux».
L'équipe de renseignement sur les menaces du géant de la technologie suit l'activité, qui comprend l'accès post-compromis et la découverte du système de réseau, sous le nom de Volt Typhoon.
Le
A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected, Microsoft and the "Five Eyes" nations said on Wednesday. The tech giant\'s threat intelligence team is tracking the activity, which includes post-compromise credential access and network system discovery, under the name Volt Typhoon. The |
Threat | Guam | ★★ |
|
2023-05-24 22:09:00 | \\ 'Volt Typhoon \\' APT soutenu par la Chine Infiltre les organes d'infrastructure critique \\'Volt Typhoon\\' China-Backed APT Infiltrates US Critical Infrastructure Orgs (lien direct) |
Selon Microsoft et les chercheurs, l'acteur de menace parrainé par l'État pourrait très bien mettre en place un plan d'urgence d'attaques perturbatrices contre les États-Unis à la suite d'un conflit armé en mer de Chine méridionale.
According to Microsoft and researchers, the state-sponsored threat actor could very well be setting up a contingency plan for disruptive attacks on the US in the wake of an armed conflict in the South China Sea. |
Threat | Guam | ★★ |
 |
2022-08-18 08:00:00 | Ukraine and the fragility of agriculture security (lien direct) |  By Joe Marshall.The war in Ukraine has had far-reaching global implications and one of the most immediate effects felt will be on the global supply chain for food. This war-induced fragility has exposed the weaknesses of how we feed ourselves globally. Ransomware cartels and other adversaries are well aware of this and are actively exploiting that fragility. For the past six years, Cisco Talos has been actively involved in assisting public and private institutions in Ukraine to defend themselves against state-sponsored actors. Our involvement stretches the gamut from commercial to critical infrastructure, to election security. Our presence has afforded us unique opportunities and observations about cybersecurity in a macro and micro way. Ukraine has been a frequent victim of state-sponsored cyber attacks aimed at critical infrastructures like power and transportation. Talos is proud to stand with our partners in Ukraine and help defend their critical networks and help users there maintain access to necessary services. Now that Russia has invaded Ukraine, those threats have escalated to kinetic attacks that are wreaking havoc on a critical element of our world: agriculture and our global food supply chain. Even worse is the implications this war will have for future cyber attacks, as fragility is considered a lucrative element in deciding victimology by threat actors like ransomware cartels. To truly grasp the implications of the war in Ukraine, we have to examine how vital Ukrainian agriculture feeds the world, the current state of affairs, and what this means for the global cybersecurity posture to protect agricultural assets. Where there is weakness, there is opportunityRansomware cartels and their affiliates are actively targeting the agricultural industry. Moreover, these actors have done their homework and are targeting agricultural companies during the two times of the year where they cannot suffer disruptions: planting and harvesting. Per the published FBI PIN Alert: “Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production.” This is far from unusual for these adversaries - they are shrewd and calculating, and understand their victims' weaknesses and industries. H |
Ransomware Threat Guideline Cloud | NotPetya Uber APT 37 APT 32 APT 28 APT 10 APT 21 Guam | |
 |
2022-08-06 10:46:21 | CISO workshop slides (lien direct) | A glossy, nicely-constructed and detailed PowerPoint slide deck by Microsoft Security caught my beady this morning. The title 'CISO Workshop: Security Program and Strategy' with 'Your Name Here' suggests it might be a template for use in a workshop/course bringing CISOs up to speed on the governance, strategic and architectural aspects of information security, but in fact given the amount of technical detail, it appears to be aimed at informing IT/technology managers about IT or cybersecurity, specifically. Maybe it is intended for newly-appointed CISOs or more junior managers who aspire to be CISOs, helping them clamber up the pyramid (slide 87 of 142): | Malware Vulnerability Threat Patching Guideline Medical Cloud | Uber APT 38 APT 37 APT 28 APT 19 APT 15 APT 10 APT 34 Guam |
1
We have: 30 articles.
We have: 30 articles.
To see everything:
Our RSS (filtrered)
