Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2023-12-22 16:45:00 |
Iran \\ 'S \\' Peach Sandstorm \\ 'Les cyberattaques ciblent le réseau de défense mondiale Iran\\'s \\'Peach Sandstorm\\' Cyberattackers Target Global Defense Network (lien direct) |
La porte dérobée Falsefont permet aux opérateurs d'accéder à distance à un système infecté et de lancer des fichiers supplémentaires.
The FalseFont backdoor allows operators to remotely access an infected system and launch additional files. |
|
APT 33
|
★★★
|
|
2023-12-22 11:04:00 |
Microsoft met en garde contre le nouveau \\ 'falsefont \\' Backdoor ciblant le secteur de la défense Microsoft Warns of New \\'FalseFont\\' Backdoor Targeting the Defense Sector (lien direct) |
Les organisations du secteur de la base industrielle de la défense (DIB) sont dans la réticule d'un acteur de menace iranien dans le cadre d'une campagne conçue pour livrer une porte dérobée inédite appelée Falsefont.
Les résultats proviennent de Microsoft, qui suit l'activité sous son surnom et NBSP sur le thème des conditions météorologiques; Peach Sandstorm & NBSP; (anciennement Holmium), qui est également connu sous le nom d'APT33, ElfiN et Kitten raffiné.
"
Organizations in the Defense Industrial Base (DIB) sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont.
The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach Sandstorm (formerly Holmium), which is also known as APT33, Elfin, and Refined Kitten.
" |
Threat
Industrial
|
APT33
APT 33
|
★★★
|
|
2023-12-21 20:46:58 |
La porte de la pêche de l'Iran \\ Déploie de la porte dérobée Falsefont dans le secteur de la défense Iran\\'s Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector (lien direct) |
par waqas
PEACH SANDSTORM, également reconnu comme l'Holmium, s'est récemment concentré sur les cibles de la base industrielle de la défense mondiale (DIB).
Ceci est un article de HackRead.com Lire le post original: L'Iran & # 8217; s Peach Sandstorm Deploy Deploy Falsefont Backdoor dans le secteur de la défense
By Waqas
Peach Sandstorm, also recognized as HOLMIUM, has recently focused on global Defense Industrial Base (DIB) targets.
This is a post from HackRead.com Read the original post: Iran’s Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector |
Industrial
|
APT 33
|
★★
|
|
2023-12-21 15:28:06 |
Microsoft: les pirates ciblent les entreprises de défense avec de nouveaux logiciels malveillants Falsefont Microsoft: Hackers target defense firms with new FalseFont malware (lien direct) |
Microsoft affirme que le groupe de cyber-espionnage iranien de l'APT33 utilise des logiciels malveillants de porte dérobée de Falsefont récemment découverts pour attaquer les entrepreneurs de défense dans le monde entier.[...]
Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide. [...] |
Malware
|
APT33
APT 33
|
★★★
|
|
2023-09-15 09:44:00 |
Les acteurs iraniens de l'État-nation utilisent des attaques en pulvérisation de mot de passe ciblant plusieurs secteurs Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors (lien direct) |
Les acteurs iraniens de l'État-nation ont mené des attaques en pulvérisation de mot de passe contre des milliers d'organisations dans le monde entre février et juillet 2023, révèlent de nouvelles découvertes de Microsoft.
Le géant de la technologie, qui suit l'activité sous le nom de Peach Sandstorm (anciennement Holmium), a déclaré que l'adversaire a poursuivi ses organisations dans les secteurs satellite, la défense et la pharmaceutique pour faciliter probablement la facilitation
Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new findings from Microsoft reveal.
The tech giant, which is tracking the activity under the name Peach Sandstorm (formerly Holmium), said the adversary pursued organizations in the satellite, defense, and pharmaceutical sectors to likely facilitate |
Threat
|
APT 33
|
★★★
|
|
2023-09-15 09:00:00 |
Le groupe de menaces iranien atteint des milliers avec une campagne de pulvérisation de mot de passe Iranian Threat Group Hits Thousands With Password Spray Campaign (lien direct) |
L'activité APT33 a entraîné un vol de données d'un petit nombre de victimes
APT33 activity resulted in data theft from small number of victims |
Threat
|
APT33
APT33
APT 33
APT 33
|
★★
|
|
2023-06-19 01:15:08 |
CVE-2023-35840 (lien direct) |
_joinPath dans elFindervolumelocalFileSystem.class.php dans ElFinder avant 2.1.62 Permet la traversée de chemin dans le connecteur PHP localVolumedriver.
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector. |
|
APT 33
|
|
|
2023-03-14 14:15:13 |
CVE-2023-24180 (lien direct) |
Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmap_loader.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted elf file. |
Vulnerability
|
APT 33
|
|
|
2022-08-15 00:00:00 |
Oil and Gas Cybersecurity: Recommendations Part 3 (lien direct) |
In the final part of our series, we look at the APT33 case study and several recommendations from our expert team. |
|
APT33
APT33
APT 33
|
|
|
2022-08-09 08:37:38 |
Nutanix promeut Andrew Brinded au poste de Chief Revenue Officer (lien direct) |
Nutanix annonce la promotion d'Andrew Brinded au poste de Chief Revenue Officer, avec effet immédiat. Il succède à Dominick Delfino. Andrew Brinded a rejoint Nutanix en 2017 et a occupé un certain nombre de rôles de vente de haut niveau, ayant plus récemment occupé le poste de Senior Vice President & Worldwide Sales Chief Operating Officer. Avant d'occuper ce poste, il a dirigé l'activité EMEA chez Nutanix. Andrew Brinded était auparavant Sales & Marketing Director chez QiO et a également (...)
-
Business |
|
APT 33
|
|
|
2022-04-11 15:15:09 |
CVE-2022-27115 (lien direct) |
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload. |
Vulnerability
|
APT 33
|
|
|
2022-04-07 17:15:08 |
CVE-2021-43421 (lien direct) |
A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, which allows a remote malicious user to upload arbitrary files and execute PHP code. |
Vulnerability
|
APT 33
|
★★
|
|
2022-04-04 16:15:09 |
CVE-2022-0403 (lien direct) |
The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users, such as subscriber to call it. Furthermore, as the options passed to the elFinder library does not restrict any file type, users with a role as low as subscriber can Create/Upload/Delete Arbitrary files and folders. |
|
APT 33
|
|
|
2022-03-21 17:15:07 |
CVE-2022-26960 (lien direct) |
connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths. |
|
APT 33
|
|
|
2022-02-24 19:15:09 |
CVE-2021-44663 (lien direct) |
A Remote Code Execution (RCE) vulnerability exists in the Xerte Project Xerte through 3.8.4 via a crafted php file through elfinder in connetor.php. |
Vulnerability
|
APT 33
|
|
|
2022-02-08 23:15:07 |
CVE-2021-45919 (lien direct) |
Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. |
|
APT 33
|
|
|
2022-02-02 14:00:05 |
Finding elFinder: Who is looking for your files?, (Wed, Feb 2nd) (lien direct) |
elFinder is an interesting open-source project implementing a file manager in JavaScript and PHP. The file manager promises a user experience similar to the "Finder" in macOS. Once you have elFinder installed, uploading/downloading files to your web server will be a lot easier.
|
|
APT 33
|
|
|
2021-10-07 11:15:07 |
CVE-2021-32172 (lien direct) |
Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin. |
|
APT 33
|
|
|
2021-09-01 15:15:08 |
CVE-2021-23428 (lien direct) |
This affects all versions of package elFinder.NetCore. The Path.Combine(...) method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the generated path its possible to escape the Files directory via path traversal |
|
APT 33
|
|
|
2021-09-01 15:15:08 |
CVE-2021-23427 (lien direct) |
This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation. |
|
APT 33
|
|
|
2021-08-04 15:15:08 |
CVE-2020-24827 (lien direct) |
A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. |
Vulnerability
|
APT 33
|
★★
|
|
2021-08-04 15:15:08 |
CVE-2020-24821 (lien direct) |
A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. |
Vulnerability
|
APT 33
|
★★★★
|
|
2021-08-04 15:15:08 |
CVE-2020-24826 (lien direct) |
A vulnerability in the elf::section::as_strtab function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. |
Vulnerability
|
APT 33
|
★★★★★
|
|
2021-08-04 15:15:08 |
CVE-2020-24823 (lien direct) |
A vulnerability in the dwarf::to_string function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. |
Vulnerability
|
APT 33
|
★★★★★
|
|
2021-08-04 15:15:08 |
CVE-2020-24824 (lien direct) |
A global buffer overflow issue in the dwarf::line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS). |
|
APT 33
|
★★★★★
|
|
2021-08-04 15:15:08 |
CVE-2020-24825 (lien direct) |
A vulnerability in the line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. |
Vulnerability
|
APT 33
|
★★★★★
|
|
2021-07-28 16:15:07 |
CVE-2021-23415 (lien direct) |
This affects the package elFinder.AspNet before 1.1.1.
The user-controlled file name is not properly sanitized before it is used to create a file system path. |
|
APT 33
|
|
|
2021-07-14 17:15:07 |
CVE-2021-23407 (lien direct) |
This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path. |
|
APT 33
|
|
|
2021-06-14 17:15:07 |
CVE-2021-32682 (lien direct) |
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication. |
|
APT 33
|
★★★
|
|
2021-06-13 11:15:14 |
CVE-2021-23394 (lien direct) |
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP. |
|
APT 33
|
|
|
2021-05-17 11:15:07 |
CVE-2021-29053 (lien direct) |
Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2) CommerceChannelRelFinder.findByC_C. |
|
APT 33
|
|
|
2021-02-26 23:15:11 |
CVE-2020-36079 (lien direct) |
Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory. |
Guideline
|
APT 33
|
|
|
2020-01-09 18:59:03 |
Iranian Hackers Have Been \'Password-Spraying\' the US Grid (lien direct) |
A state-sponsored group called Magnallium has been probing American electric utilities for the past year. |
|
APT 33
|
|
|
2019-11-20 12:00:00 |
Iran\'s APT33 Hackers Are Targeting Industrial Control Systems (lien direct) |
The recent focus on ICS raises the possibility that Iran's APT33 is exploring physically disruptive cyberattacks. |
|
APT33
APT 33
|
|
|
2019-11-14 11:49:25 |
Tracking Iran-linked APT33 group via its own VPN networks (lien direct) |
APT33, the Iran-linked APT group, has been using multiple layers of obfuscation to run a dozen live C2 servers for extremely targeted attacks. APT33, the Iran-linked APT group, has been using multiple layers of obfuscation to run a dozen live C2 servers involved in extremely targeted malware attacks. The targeted malware campaigns aimed at organizations […]
|
Malware
|
APT33
APT 33
|
|
|
2019-11-14 07:01:25 |
More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting (lien direct) |
The threat group APT33 is known to target the oil and aviation industries aggressively. Our recent findings show that the group uses about a dozen live Command and Control (C&C) servers for extremely narrow targeted malware campaigns against organizations in the Middle East, the U.S., and Asia.
|
Malware
Threat
|
APT33
APT 33
|
|
|
2019-11-14 07:00:08 |
Iranian hacking group built its own VPN network (lien direct) |
Security researchers identify APT33's private network of 21 VPN nodes. |
|
APT33
APT 33
|
|
|
2019-07-09 08:42:00 |
(Déjà vu) Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016 (lien direct) |
The malware samples shared by USCYBERCOM last week were first detected in December 2016 in attacks attributed to Iran-linked APT33. Last week the United States Cyber Command (USCYBERCOM) uploaded to VirusTotal a malware used by Iran-linked APT33 group in attacks in Dec 2016 and Jan 2017. Now experts at Kaspersky confirmed that the malware was […]
|
Malware
|
APT33
APT 33
|
|
|
2019-07-04 12:48:03 |
(Déjà vu) Mise en garde contre la vulnérabilité d\'Outlook par FireEye (lien direct) |
“FireEye a observé et communiqué publiquement la preuve de l'exploitation par de multiples 'hackers' iraniens de la vulnérabilité Outlook CVE-2017-11774 depuis l'année dernière. FireEye attribue la nouvelle alerte malware diffusée par le US Cyber Command (U.S. CYBERCOM) concernant l'exploitation de CVE-2017-11774 au groupe de menaces iranien APT33. Les techniques utilisées sont en ligne avec le comportement d'APT33 décrit dans notre blog post “OVERRULED” en Décembre 2018 – ainsi qu'avec la campagne (...)
-
Vulnérabilités
|
Malware
|
APT33
APT 33
|
|
|
2019-07-03 15:31:02 |
Outlook Flaw Exploited by Iranian APT33, US CyberCom Issues Alert (lien direct) |
US Cyber Command issued a malware alert on Twitter regarding the active exploitation of the CVE-2017-11774 Outlook vulnerability to attack US government agencies, allowing the attackers to execute arbitrary commands on compromised systems. [...] |
Malware
Vulnerability
|
APT33
APT 33
|
|
|
2019-07-01 06:49:03 |
Iran-linked APT33 updates infrastructure following its public disclosure (lien direct) |
The Iran-linked cyberespionage group APT33 has updated its infrastructure after the publication of a report detailing its activities. In March, Symantec published a report detailing the activities of Iran-linked cyberespionage group APT33 that was targeting organizations in Saudi Arabia and the United States. The APT33 group has been around since at least 2013, since mid-2016, the […]
|
|
APT33
APT 33
|
|
|
2019-06-27 14:56:04 |
Iranian Cyberspies Update Infrastructure Following Recent Report (lien direct) |
The Iran-linked cyberespionage group APT33 has updated its infrastructure following a March 2019 report detailing its activities, according to researchers from Recorded Future.
|
|
APT33
APT 33
|
|
|
2019-06-25 11:03:01 |
FireEye a identifié des activités de " spearphishing " (harponnage) conduites par le groupe de menaces iranien APT33 (lien direct) |
FireEye a identifié des activités de 'spearphishing' (harponnage) conduites par le groupe de menaces iranien APT33. |
|
APT33
APT 33
|
|
|
2019-03-28 09:11:00 |
APT group Elfin switches from data destruction to data stealing via WinRAR vulnerability (lien direct) |
Elfin (aka APT33), a hacker group affiliated with the Iranian government, is described by Symantec as “one of the most active groups currently operating in the Middle East.” They have been linked with a string of attacks on U.S. and Saudi Arabian companies, particularly in the aerospace and energy sectors.
[ How much does a data breach cost? Here's where the money goes. | Get the latest from CSO by signing up for our newsletters. ] |
Data Breach
Vulnerability
|
APT33
APT 33
|
|
|
2019-03-28 01:18:01 |
Elfin Hacking Group Targets Multiple U.S. and Saudi Arabian Firms (lien direct) |
An Iran-linked cyber-espionage group that has been found targeting critical infrastructure, energy and military sectors in Saudi Arabia and the United States two years ago continues targeting organizations in the two nations, Symantec reported on Wednesday.
Widely known as APT33, which Symantec calls Elfin, the cyber-espionage group has been active since as early as late 2015 and targeted a wide |
|
APT33
APT 33
|
|
|
2019-03-27 14:00:02 |
Iran-Linked Cyberspy Group APT33 Continues Attacks on Saudi Arabia, U.S. (lien direct) |
An Iran-linked cyberespionage group tracked as Elfin and APT33 continues targeting organizations in Saudi Arabia and the United States, Symantec reported on Wednesday.
|
|
APT33
APT 33
|
|
|
2019-01-29 11:00:00 |
APT39: Un groupe de cyber-espionnage iranien s'est concentré sur les informations personnelles APT39: An Iranian Cyber Espionage Group Focused on Personal Information (lien direct) |
Mise à jour (30 janvier): La figure 1 a été mise à jour pour refléter plus précisément le ciblage APT39.Plus précisément, l'Australie, la Norvège et la Corée du Sud ont été supprimées.
En décembre 2018, Fireeye a identifié l'APT39 comme un groupe de cyber-espionnage iranien responsable du vol généralisé d'informations personnelles.Nous avons suivi l'activité liée à ce groupe depuis novembre 2014 afin de protéger les organisations de l'activité APT39 à ce jour.APT39 \\ est l'accent mis sur le vol répandu d'informations personnelles le distingue des autres groupes iraniens Fireeye, qui ont été liés à opérations d'influence , perturbateurs
UPDATE (Jan. 30): Figure 1 has been updated to more accurately reflect APT39 targeting. Specifically, Australia, Norway and South Korea have been removed.
In December 2018, FireEye identified APT39 as an Iranian cyber espionage group responsible for widespread theft of personal information. We have tracked activity linked to this group since November 2014 in order to protect organizations from APT39 activity to date. APT39\'s focus on the widespread theft of personal information sets it apart from other Iranian groups FireEye tracks, which have been linked to influence operations, disruptive |
|
APT33
APT 39
APT 39
APT 33
|
★★★★
|
|
2018-12-21 19:00:00 |
Rejeté: contenant un adversaire potentiellement destructeur OVERRULED: Containing a Potentially Destructive Adversary (lien direct) |
mise à jour (3 juillet 2019): Le 16 mai 2019, l'équipe Advanced Practices de Fireeye \\ a attribué la "activité APT33 présumée" (appelée GroupB dans cet article de blog) à APT33, opérantà la demande du gouvernement iranien.Les logiciels malveillants et les métiers de cet article de blog sont conformes aux Juin 2019 Campagne d'intrusion Les secteurs financiers, de vente au détail, des médias et de l'éducation & # 8211;ainsi que U.S.Cyber Command \'s Juillet 2019 CVE-2017-11774 Indicateurs , que Fireeye attribue également à APT33.Le processus rigoureux de FireEye \\ pour le regroupement et l'attribution de ce
UPDATE (Jul. 3, 2019): On May 16, 2019 FireEye\'s Advanced Practices team attributed the remaining "suspected APT33 activity" (referred to as GroupB in this blog post) to APT33, operating at the behest of the Iranian government. The malware and tradecraft in this blog post are consistent with the June 2019 intrusion campaign targeting U.S. federal government agencies and financial, retail, media, and education sectors – as well as U.S. Cyber Command\'s July 2019 CVE-2017-11774 indicators, which FireEye also attributes to APT33. FireEye\'s rigorous process for clustering and attributing this |
Malware
|
APT33
APT 33
APT 33
|
★★★★
|
|
2018-12-20 05:16:00 |
Shamoon data-wiping malware believed to be the work of Iranian hackers (lien direct) |
Researchers say the Iranian hacker group APT33 is responsible for recent attacks in the Middle East and Europe. |
Malware
|
APT33
APT 33
|
|
|
2018-11-02 13:00:00 |
Photo Gallery: Look Inside the Scrap Yards Sending Copper to China (lien direct) |
When Christian Delfino's father ended up working as a sorter at the Tampa facility, the photographer saw an apt metaphor. |
|
APT 33
|
|