What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-07-24 18:24:00 | APT-doxing group exposes APT17 as Jinan bureau of China\'s Security Ministry (lien direct) | Intrusion Truth's previous two exposes -- for APT3 and APT10 -- resulted in DOJ charges. Will this one as well? | APT 17 APT 10 APT 3 | ||
 |
2019-07-23 14:40:03 | Iranian Hackers Send Out Fake LinkedIn Invitations Laced With Malware (lien direct) | U.S. cybersecurity firm FireEye has warned of a malicious phishing campaign that it has attributed to the Iranian-linked APT34-whose activity has been reported elsewhere as OilRig and Greenbug. The campaign has been targeting LinkedIn users with plausible but bogus invitations to join a professional network and emailed attachments laced with malware that seeks to infect systems with a hidden backdoor … The ISBuzz Post: This Post Iranian Hackers Send Out Fake LinkedIn Invitations Laced With Malware | Malware | APT 34 | |
 |
2019-07-22 12:56:04 | FireEye identifie une nouvelle campagne de cyber-espionnage du groupe iranien APT34 (lien direct) |  Compte tenu des tensions géopolitiques croissantes au Moyen-Orient, FireEye s'attend à ce que l'Iran augmente considérablement le volume et la portée de ses campagnes de cyber-espionnage. |
APT 34 | ||
 |
2019-07-22 08:04:00 | New APT34 campaign uses LinkedIn to deliver fresh malware (lien direct) | The APT24 group continues its cyber espionage activity, its members were posing as a researcher from Cambridge to infect victims with three new malware. Experts at FireEye have uncovered a new espionage campaign carried out by APT34 APT group (OilRig, and HelixKitten. Greenbug) through LinkedIn. Members of the cyberespionage group were posing as a researcher from Cambridge […] | Malware | APT 24 APT 34 | |
 |
2019-07-19 17:46:01 | Iranian Hackers Use New Malware in Recent Attacks (lien direct) | The Iran-linked cyber-espionage group OilRig has started using three new malware families in campaigns observed over the past month, FireEye reports. | Malware | APT 34 | ★★★ |
 |
2019-07-18 10:00:00 | Hard Pass: invitation déclinante APT34 \\ à rejoindre leur réseau professionnel Hard Pass: Declining APT34\\'s Invite to Join Their Professional Network (lien direct) |
arrière-plan
Avec des tensions géopolitiques croissantes au Moyen-Orient, nous nous attendons à ce que l'Iran augmente considérablement le volume et la portée de ses campagnes de cyber-espionnage.L'Iran a un besoin critique d'intelligence stratégique et est susceptible de combler cette lacune en effectuant un espionnage contre les décideurs et les organisations clés qui peuvent avoir des informations qui renforcent les objectifs économiques et de sécurité nationale de l'Iran.L'identification de nouveaux logiciels malveillants et la création d'une infrastructure supplémentaire pour permettre de telles campagnes met en évidence l'augmentation du tempo de ces opérations à l'appui des intérêts iraniens.
fi
Background With increasing geopolitical tensions in the Middle East, we expect Iran to significantly increase the volume and scope of its cyber espionage campaigns. Iran has a critical need for strategic intelligence and is likely to fill this gap by conducting espionage against decision makers and key organizations that may have information that furthers Iran\'s economic and national security goals. The identification of new malware and the creation of additional infrastructure to enable such campaigns highlights the increased tempo of these operations in support of Iranian interests. Fi |
Malware | APT 34 APT 34 | ★★★★ |
 |
2019-07-17 15:00:00 | Developers: Why remote work is the new norm (lien direct) | 86% of developers said they currently work remotely in some capacity, according to a DigitalOcean report. | APT 32 | ||
 |
2019-07-10 12:00:00 | Little Plastic \'Nurdles\' Are Flooding Beaches and Waterways (lien direct) | These lentil-sized pellets are used to make nearly all plastic goods. But they often escape and end up polluting oceans and coastal communities. | APT 32 | ||
|
2019-07-09 08:42:00 | (Déjà vu) Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016 (lien direct) | The malware samples shared by USCYBERCOM last week were first detected in December 2016 in attacks attributed to Iran-linked APT33. Last week the United States Cyber Command (USCYBERCOM) uploaded to VirusTotal a malware used by Iran-linked APT33 group in attacks in Dec 2016 and Jan 2017. Now experts at Kaspersky confirmed that the malware was […] | Malware | APT33 APT 33 | |
|
2019-07-05 12:00:00 | Forget the Moon-We Should Go to Jupiter\'s Idyllic Europa (lien direct) | NASA's Europa mission is struggling, but scientists are keeping the dream alive with exotic approaches to sampling that moon and its mysterious ocean. | APT 32 | ★★★★ | |
 |
2019-07-04 12:48:03 | (Déjà vu) Mise en garde contre la vulnérabilité d\'Outlook par FireEye (lien direct) | “FireEye a observé et communiqué publiquement la preuve de l'exploitation par de multiples 'hackers' iraniens de la vulnérabilité Outlook CVE-2017-11774 depuis l'année dernière. FireEye attribue la nouvelle alerte malware diffusée par le US Cyber Command (U.S. CYBERCOM) concernant l'exploitation de CVE-2017-11774 au groupe de menaces iranien APT33. Les techniques utilisées sont en ligne avec le comportement d'APT33 décrit dans notre blog post “OVERRULED” en Décembre 2018 – ainsi qu'avec la campagne (...) - Vulnérabilités | Malware | APT33 APT 33 | |
 |
2019-07-03 15:31:02 | Outlook Flaw Exploited by Iranian APT33, US CyberCom Issues Alert (lien direct) | US Cyber Command issued a malware alert on Twitter regarding the active exploitation of the CVE-2017-11774 Outlook vulnerability to attack US government agencies, allowing the attackers to execute arbitrary commands on compromised systems. [...] | Malware Vulnerability | APT33 APT 33 | |
|
2019-07-02 06:20:02 | After 2 years under the radars, Ratsnif emerges in OceanLotus ops (lien direct) | Security experts spotted a news wave of attacks carried out by the OceanLotus APT group that involved the new Ratsnif Trojan. Experts at the security firm Cylance detected a new RAT dubbed Ratsnif that was used in cyber espionage operations conducted by the OceanLotus APT group. The OceanLotus APT group, also known as APT32 or Cobalt Kitty, is state-sponsored group that […] | APT 32 | ||
|
2019-07-02 04:54:05 | Researchers Analyze Vietnamese Hackers\' Suite of RATs (lien direct) | BlackBerry Cylance security researchers have analyzed a suite of remote access Trojans (RATs) that the Vietnam-linked threat actor OceanLotus has been using in attacks for the past three years. | Threat | APT 32 | |
|
2019-07-01 12:38:02 | OceanLotus APT Uses New Ratsnif Trojan for Network Attacks (lien direct) | A fairly undetected remote access trojan called Ratsnif and used in cyber-espionage campaigns from the OceanLotus group has gained new capabilities that allow it to modify web pages and SSL hijacking. [...] | APT 32 | ||
|
2019-07-01 06:49:03 | Iran-linked APT33 updates infrastructure following its public disclosure (lien direct) | The Iran-linked cyberespionage group APT33 has updated its infrastructure after the publication of a report detailing its activities. In March, Symantec published a report detailing the activities of Iran-linked cyberespionage group APT33 that was targeting organizations in Saudi Arabia and the United States. The APT33 group has been around since at least 2013, since mid-2016, the […] | APT33 APT 33 | ||
|
2019-06-27 14:56:04 | Iranian Cyberspies Update Infrastructure Following Recent Report (lien direct) | The Iran-linked cyberespionage group APT33 has updated its infrastructure following a March 2019 report detailing its activities, according to researchers from Recorded Future. | APT33 APT 33 | ||
|
2019-06-27 05:32:05 | Similarities and differences between MuddyWater and APT34 (lien direct) | Security expert Marco Ramilli analyzed similarities and differences between the MuddyWater and APT34 cyberespionage groups. Many state sponsored groups have been identified over time, many of them have different names (since discovered by different organizations) and there is no an agreed standardization on the topic but many victims and some interests look very tight together. […] | APT 34 | ||
|
2019-06-25 18:45:03 | Fitted With Sensors, Antarctic Seals Track Water Temperatures (lien direct) | Scientists have outfitted an army of Antarctic pinnipeds with trackers to monitor warming oceans. | APT 32 | ||
|
2019-06-25 11:03:01 | FireEye a identifié des activités de " spearphishing " (harponnage) conduites par le groupe de menaces iranien APT33 (lien direct) | FireEye a identifié des activités de 'spearphishing' (harponnage) conduites par le groupe de menaces iranien APT33. |
APT33 APT 33 | ||
|
2019-06-21 13:01:04 | Russia-Linked Turla APT group Hijacked C2 of the Iranian OilRig (lien direct) | Russia-Linked cyberespionage group Turla uses a new toolset and hijacked command and control infrastructure operated by Iran-Linked OilRig APT. Russia-linked Turla cyberspies used a new set of tools in new attacks and hijacked command and control infrastructure operated by Iran-Linked OilRig APT. Recent campaigns demonstrate that Turla continues to evolve its arsenal and adopt news […] | APT 34 | ||
|
2019-06-20 18:11:01 | Russia-Linked Hackers Hijack Infrastructure of Iranian Threat Group (lien direct) | Russia-Linked Hackers Use New Toolset and Likely Took Over Servers Operated by Iran-Linked "OilRig" Threat Group | Threat | APT 34 | |
|
2019-06-20 12:34:02 | Turla Espionage Group Hacks OilRig APT Infrastructure (lien direct) | Security researchers tracking activities of various nation-state cyber-espionage groups found evidence suggesting that the Turla group hijacked the infrastructure of OilRig hackers to compromise a target both actors were interested in. [...] | APT 34 | ★★★★★ | |
|
2019-06-20 10:00:00 | Russian APT hacked Iranian APT\'s infrastructure back in 2017 (lien direct) | Turla APT hacked Iran's APT34 group and used its C&C servers to re-infect APT34 victims with its own malware. | APT 34 | ||
|
2019-06-10 11:55:00 | Report Reveals Website Security Risk For Australian & NZ Firms (lien direct) | New research has found 87% of SME websites using the Magento platform are currently at high risk from cyber attacks. By contrast, under 10% of websites using other major e-commerce platforms surveyed register in the same high risk category. The research, from cyber security firm Foregenix, analysed nearly 9 million websites worldwide, including 150,000 in Oceania – Australia and New … The ISBuzz Post: This Post Report Reveals Website Security Risk For Australian & NZ Firms | APT 32 | ||
|
2019-06-06 11:00:05 | Analyzing the APT34\'s Jason project (lien direct) | Security expert Marco Ramilli has analyzed the recently leaked APT34 hacking tool tracked as Jason – Exchange Mail BF. Today I want to share a quick analysis on a new leaked APT34 Tool in order to track similarities between APT34 public available toolsets. This time is the APT34 Jason – Exchange Mail BF project to be leaked […] | Tool | APT 34 | |
|
2019-06-04 13:55:05 | OilRig\'s Jason email hacking tool leaked online (lien direct) | A few hours ago, a new email hacking tool dubbed Jason and associated with the OilRig APT group was leaked through the same Telegram channel used to leak other tools. A new email hacking tool associated with the Iran-linked OilRig APT group was leaked through the same Telegram channel that in April leaked the source […] | Tool | APT 34 | |
|
2019-06-03 12:56:01 | New Email Hacking Tool from OilRig APT Group Leaked Online (lien direct) | A tool for hijacking Microsoft Exchange email accounts allegedly used by the OilRig hacker group has been leaked online. The utility is called Jason and it is not detected by antivirus engines on VirusTotal. [...] | Tool | APT 34 | |
|
2019-06-02 05:58:04 | Gadget Lab Podcast: An Interview With Firewire Surfboards CEO Mark Price (lien direct) | Listen to an interview with our guest Mark Price about how to make a surfboard without ruining the ocean. | APT 32 | ||
|
2019-05-22 17:00:00 | Scientists Go Back in Time to Find More Troubling News About Earth\'s Oceans (lien direct) | A clever study finds communities of foraminifera, a hard-shelled kind of plankton, have transformed dramatically since the Industrial Revolution. | APT 32 | ||
|
2019-05-17 15:00:00 | Now Ocean Plastics Could Be Killing Oxygen-Making Bacteria (lien direct) | The toxins that plastics leach into seawater severely affect the bacteria that provides perhaps 20 percent of Earth's oxygen. That's when things get complicated... | APT 32 | ||
|
2019-05-14 12:48:00 | North Korea-linked ScarCruft APT adds Bluetooth Harvester to its arsenal (lien direct) | The North Korea-linked APT group ScarCruft (aka APT37 and Group123) continues to expand its arsenal by adding a Bluetooth Harvester. North Korea-linked APT group ScarCruft (aka APT37, Reaper, and Group123) continues to expand its arsenal by adding a Bluetooth Harvester. ScarCruft has been active since at least 2012, it made the headlines in early February […] | Cloud | APT 37 | |
|
2019-05-13 18:50:03 | US Government Unveils New North Korean Hacking Tool (lien direct) | It has been reported that yesterday the Department of Homeland Security and the FBI publicly identified a new North Korean malware capable of funnelling information from a victim’s computer network. Dubbed ElectricFish by government officials, the malware is the latest tool in North Korea’s hacking program, referred to as Hidden Cobra. The U.S. Cyber Emergency Response Team published a report warning the public … The ISBuzz Post: This Post US Government Unveils New North Korean Hacking Tool | Malware Tool Medical | APT 38 | |
 |
2019-05-13 16:46:00 | ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks (lien direct) | In its latest observed campaign, there were also overlaps in victimology with the DarkHotel APT. | Malware | APT 37 | |
|
2019-05-13 15:29:00 | North Korea-Linked \'ScarCruft\' Adds Bluetooth Harvester to Toolkit (lien direct) | A North Korea-linked threat group tracked as ScarCruft, APT37 and Group123 continues to evolve and expand its toolkit, Kaspersky Lab reported on Monday. | Threat Cloud | APT 37 | |
|
2019-05-10 13:53:03 | DHS and FBI published a Malware Analysis Report on North Korea-linked tool ELECTRICFISH (lien direct) | The U.S. Department of Homeland Security (DHS) and the FCI published a new joint report on ELECTRICFISH, a malware used by North Korea. US DHS and the Federal Bureau of Investigation (FBI) conducted a joint analysis of a traffic tunneling tool dubbed ELECTRICFISH used by North Korea-linked APT group tracked as Hidden Cobra (aka Lazarus). It […] | Malware Tool Medical | APT 38 | |
|
2019-05-10 10:41:04 | North Korea debuts new Electricfish malware in Hidden Cobra campaigns (lien direct) | The tool is used to forge covert pathways out of infected Windows PCs. | Malware Tool | APT 38 | |
 |
2019-05-10 03:04:03 | North Korean Hackers Using ELECTRICFISH Tunnels to Exfiltrate Data (lien direct) | The U.S. Department of Homeland Security (DHS) and the FBI have issued another joint alert about a new piece of malware that the prolific North Korean APT hacking group Hidden Cobra has actively been using in the wild.
Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by North Korean government and known to launch cyber attacks against media |
Malware Medical | APT 38 | |
|
2019-05-09 16:59:05 | (Déjà vu) North Korean Hackers Use ELECTRICFISH Malware to Steal Data (lien direct) | The Federal Bureau of Investigation (FBI) and the U.S. Department of Homeland Security (DHS) have issued a joint malware analysis report (MAR) on a new malware strain dubbed ELECTRICFISH and used by the North-Korean APT group Lazarus to exfiltrate data from victims. [...] | Malware | APT 38 | |
 |
2019-05-07 15:15:00 | How a Chinese Nation-State Group Reverse-Engineered NSA Attack Tools (lien direct) | New Symantec research shows how the Buckeye group captured an exploit and backdoor used by the National Security Agency and deployed them on other victims. | APT 3 | ||
|
2019-05-07 11:15:00 | Buckeye APT group used Equation Group tools prior to ShadowBrokers leak (lien direct) | China-linked APT group tracked as APT3 was using a tool attributed to the NSA-linked Equation Group more than one year prior to Shadow Brokers leak. China-linked APT group tracked as APT3 (aka Buckeye, APT3, UPS Team, Gothic Panda, and TG-0110) was using a tool attributed to the NSA-linked Equation Group more than one year prior […] | Tool | APT 3 | |
|
2019-05-07 01:41:01 | Chinese Hackers Used NSA Hacking Tools Before Shadow Brokers Leaked Them (lien direct) | In a shocking revelation, it turns out that a hacking group believed to be sponsored by Chinese intelligence had been using some of the zero-day exploits linked to the NSA's Equation Group almost a year before the mysterious Shadow Brokers group leaked them.
According to a new report published by cybersecurity firm Symantec, a Chinese-linked group, which it calls Buckeye, was using the |
APT 3 | ||
|
2019-04-28 12:00:00 | Scientists Discover Nearly 200,000 Kinds of Ocean Viruses (lien direct) | Far more viruses appear to populate the seas than was previously thought, a discovery that could help clarify viruses' role in the global carbon cycle. | APT 32 | ||
|
2019-04-26 14:00:00 | Exquisite Underwater Photos to Make You Love the Ocean (lien direct) | Christian Vizl gets up close with sharks, sea lions and more. | APT 32 | ||
 |
2019-04-25 18:28:33 | Lazarus APT cible les utilisateurs Mac avec un document de mot empoisonné Lazarus APT Targets Mac Users with Poisoned Word Document (lien direct) |
Les acteurs de la menace ont le savoir-faire pour développer des campagnes qui ciblent votre maillon le plus faible.Découvrez comment Lazarus APT a apporté son malware sur la plate-forme macOS d'Apple \\.
Threat actors have the know-how to develop campaigns that target your weakest link. Learn how Lazarus APT took their malware to Apple\'s macOS platform. |
Malware | APT 38 | ★★★ |
 |
2019-04-22 15:47:02 | (Déjà vu) A week in security (April 15 – 21) (lien direct) |
A roundup of security news from April 15–21, including an explanation of like-farming, Ellen DeGeneres scam, flaws in VPN services, funky malware formats found in Ocean Lotus, and more.
Categories:
Security world
Week in security
Tags: a week in securitycyber resilienceEllen DeGeneresfake Airbnb sitesFlame 2.0IE vulnerabilitylike-farmingnotre dame disinformationVPN flawweek in security
(Read more...)
|
Malware | APT 32 | |
|
2019-04-19 18:37:05 | Funky malware format found in Ocean Lotus sample (lien direct) |
Recently, one of our researchers presented at the SAS conference on "Funky malware formats"-atypical executable formats used by malware that are only loaded by proprietary loaders. In this post, we analyze one of those formats in a sample called Ocean Lotus from the APT 32 threat group in Vietnam.
Categories:
Malware
Threat analysis
Tags: APT 32atypical malware formatsBLOBCABcustom formatmalware formatocean lotusVietnam
(Read more...)
|
Malware Threat | APT 32 | |
|
2019-04-19 15:45:02 | Explained – APT34 Code Leak (lien direct) | Hackers, going by the online name of Lab Dookhtegan, have revealed details about the inner workings of a cyber-espionage group mostly known in the security community as OilRig, APT34, and HelixKitten, linked to the Iranian government. Alexander Heid, White Hat Hacker and Chief Research Officer at SecurityScorecard: “Now that these scripts are public, they will likely be leveraged by cybercriminal groups … The ISBuzz Post: This Post Explained – APT34 Code Leak | APT 34 | ||
|
2019-04-19 12:07:04 | Source code of tools used by OilRig APT leaked on Telegram (lien direct) | Lab Dookhtegan hackers leaked details about operations carried out by Iran-linked OilRig group, including source code of 6 tools. A hacker group that goes online with the name Lab Dookhtegan have disclosed details about operations conducted by the Iran-linked cyber-espionage group tracked as OilRig, APT34, and HelixKitten. OilRig is an Iran-linked APT group that has been […] | APT 34 | ||
|
2019-04-18 20:47:05 | Analyzing OilRig\'s malware that uses DNS Tunneling (lien direct) | Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals. Security researchers at Palo Alto Networks reported that Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals. OilRig is an Iran-linked APT group that has been […] | Malware | APT 34 |
To see everything:
Our RSS (filtrered)
