What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-23 09:53:00 | La Russie \\'s APT28 exploite Windows Print Spooler Flaw to déploier \\ 'gooseegg \\' malware Russia\\'s APT28 Exploited Windows Print Spooler Flaw to Deploy \\'GooseEgg\\' Malware (lien direct) |
L'acteur de menace nationale lié à la Russie a suivi comme & nbsp; apt28 & nbsp; a armé un défaut de sécurité dans le composant de spouleur d'impression Microsoft Windows pour fournir un logiciel malveillant personnalisé auparavant inconnu appelé Gooseegg.
L'outil post-compromise, & nbsp; qui est & nbsp;
The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg. The post-compromise tool, which is said to have been used since at least June 2020 and possibly as early as April 2019, leveraged a now-patched flaw that allowed for |
Malware Tool Threat | APT 28 | ★★★ |
|
2024-03-18 11:29:00 | Groupe de pirates APT28 ciblant l'Europe, les Amériques, l'Asie dans un schéma de phishing généralisé APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme (lien direct) |
L'acteur de menace lié à la Russie connue sous le nom de & nbsp; apt28 & nbsp; a été lié à de multiples campagnes de phishing en cours qui utilisent des documents leurre imitant les organisations gouvernementales et non gouvernementales (ONG) en Europe, au Caucase du Sud, en Asie centrale et en Amérique du Nord et du Nord.
"Les leurres découverts comprennent un mélange de documents internes et accessibles au public, ainsi que possible
The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. "The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated |
Threat | APT 28 | ★★★ |
|
2024-02-28 11:17:00 | Les agences de cybersécurité avertissent les utilisateurs d'Ubiquiti Edgerouter de la menace moobot d'APT28 \\ Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28\\'s MooBot Threat (lien direct) |
Dans un nouvel avis conjoint, les agences de cybersécurité et de renseignement des États-Unis et d'autres pays exhortent les utilisateurs d'Ubiquiti Edgerouter à prendre des mesures de protection, des semaines après un botnet comprenant des routeurs infectés a été & NBSP; abattu par les forces de la loi et NBSP; dans le cadre d'une opération de codé nommée Dying Ember.
Le botnet, nommé Moobot, aurait été utilisé par un acteur de menace lié à la Russie connue sous le nom
In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take protective measures, weeks after a botnet comprising infected routers was felled by law enforcement as part of an operation codenamed Dying Ember. The botnet, named MooBot, is said to have been used by a Russia-linked threat actor known as |
Threat | APT 28 | ★★ |
|
2024-02-16 12:19:00 | Le gouvernement américain perturbe le botnet lié à la russe engagé dans le cyber-espionnage U.S. Government Disrupts Russian-Linked Botnet Engaged in Cyber Espionage (lien direct) |
Le gouvernement américain a déclaré jeudi avoir interrompu un botnet comprenant des centaines de petits routeurs de bureau et de bureau à domicile (SOHO) dans le pays qui a été utilisé par l'acteur APT28 lié à la Russie pour cacher ses activités malveillantes.
"Ces crimes comprenaient de vastes émissions de lance et des campagnes de récolte de diplômes similaires contre des cibles d'intérêt du renseignement pour le gouvernement russe, comme les États-Unis, les États-Unis
The U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country that was put to use by the Russia-linked APT28 actor to conceal its malicious activities. "These crimes included vast spear-phishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S. |
APT 28 | ★★ | |
|
2024-02-02 20:19:00 | Hackers russes APT28 ciblant les orgs de grande valeur avec des attaques de relais NTLM Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks (lien direct) |
Les acteurs russes parrainés par l'État ont organisé des attaques de relais de hachage NT LAN (NTLM) V2 par le biais de diverses méthodes d'avril 2022 à novembre 2023, ciblant des objectifs de grande valeur dans le monde.
Les attaques, attribuées à une équipe de piratage "agressive" appelée & nbsp; apt28, ont gardé les yeux sur les organisations traitant des affaires étrangères, de l'énergie, de la défense et des transports, ainsi que ceux impliqués avec
Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The attacks, attributed to an "aggressive" hacking crew called APT28, have set their eyes on organizations dealing with foreign affairs, energy, defense, and transportation, as well as those involved with |
APT 28 | ★★★ | |
|
2023-12-12 20:22:00 | Hackers russes APT28 ciblant 13 nations dans une campagne de cyber-espionnage en cours Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign (lien direct) |
L'acteur de menace russe de l'État-nation connu sous le nom de & nbsp; apt28 & nbsp; a été observé en utilisant des leurres liés à la guerre en cours d'Israël-Hamas pour faciliter la livraison d'une porte dérobée personnalisée appelée Headlace.
IBM X-Force suit l'adversaire sous le nom ITG05, qui est également connu sous le nom de Bledelta, Fancy Bear, Forest Blizzard (anciennement Strontium), Frozenlake, Iron Twilight, Sednit, Sofacy et
The Russian nation-state threat actor known as APT28 has been observed making use of lures related to the ongoing Israel-Hamas war to facilitate the delivery of a custom backdoor called HeadLace. IBM X-Force is tracking the adversary under the name ITG05, which is also known as BlueDelta, Fancy Bear, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron Twilight, Sednit, Sofacy, and |
Threat | APT 28 | ★★★ |
|
2023-12-05 12:29:00 | Microsoft met en garde contre APT28 soutenu par le Kremlin exploitabilité de la vulnérabilité des perspectives critiques Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability (lien direct) |
Microsoft a déclaré lundi avoir détecté des activités d'État-nation soutenues par Kremlin exploitant un défaut de sécurité critique dans son service de messagerie Outlook pour obtenir un accès non autorisé aux comptes des victimes dans les serveurs d'échange.
Le géant de la technologie & nbsp; attribué & nbsp; les intrusions à un acteur de menace qu'il a appelé & nbsp; Forest Blizzard & nbsp; (anciennement Strontium), qui est également largement suivi sous les surnoms APT28,
Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a critical security flaw in its Outlook email service to gain unauthorized access to victims\' accounts within Exchange servers. The tech giant attributed the intrusions to a threat actor it called Forest Blizzard (formerly Strontium), which is also widely tracked under the monikers APT28, |
Vulnerability Threat | APT 28 | ★★★★ |
|
2023-11-10 17:52:00 | Des pirates russes Sandworm provoquent une panne de courant en Ukraine au milieu des frappes de missiles Russian Hackers Sandworm Cause Power Outage in Ukraine Amidst Missile Strikes (lien direct) |
Les pirates russes notoires connus sous le nom de Sandworm ont ciblé une sous-station électrique en Ukraine l'année dernière, provoquant une brève panne de courant en octobre 2022.
Les résultats proviennent du mandiant de Google \\, qui a décrit le hack comme une "cyberattaque multi-événements" en tirant parti d'une nouvelle technique pour avoir un impact sur les systèmes de contrôle industriel (CI).
"L'acteur a d'abord utilisé
The notorious Russian hackers known as Sandworm targeted an electrical substation in Ukraine last year, causing a brief power outage in October 2022. The findings come from Google\'s Mandiant, which described the hack as a "multi-event cyber attack" leveraging a novel technique for impacting industrial control systems (ICS). "The actor first used OT-level living-off-the-land (LotL) techniques to |
Hack Industrial | APT 28 | ★★★ |
|
2023-09-06 13:32:00 | Ukraine \\'s CERT contrer les infrastructures énergétiques critiques APT28 \\ Ukraine\\'s CERT Thwarts APT28\\'s Cyberattack on Critical Energy Infrastructure (lien direct) |
L'équipe d'intervention d'urgence informatique d'Ukraine (CERT-UA) a déclaré mardi qu'elle avait contrecarré une cyberattaque contre une installation d'infrastructure énergétique critique sans nom dans le pays.
L'intrusion, selon l'agence, a commencé par un e-mail de phishing contenant un lien vers une archive zip malveillante qui active la chaîne d'infection.
«La visite du lien téléchargera une archive zip contenant trois images JPG (
The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country. The intrusion, per the agency, started with a phishing email containing a link to a malicious ZIP archive that activates the infection chain. “Visiting the link will download a ZIP archive containing three JPG images ( |
APT 28 | ★★★★ | |
|
2023-05-01 14:22:00 | APT28 cible les entités gouvernementales ukrainiennes avec de fausses e-mails "Windows Update" APT28 Targets Ukrainian Government Entities with Fake "Windows Update" Emails (lien direct) |
L'équipe d'intervention d'urgence informatique d'Ukraine (CERT-UA) a mis en garde contre les cyberattaques perpétrées par des pirates russes de l'État-nation ciblant divers organismes gouvernementaux du pays.
L'agence a attribué la campagne de phishing à APT28, qui est également connue par les noms Fancy Bear, Forest Blizzard, Frozenlake, Iron Twilight, Sednit et Sofacy.
Les e-mails sont livrés avec la ligne d'objet "
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks perpetrated by Russian nation-state hackers targeting various government bodies in the country. The agency attributed the phishing campaign to APT28, which is also known by the names Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, and Sofacy. The email messages come with the subject line " |
APT 28 APT 28 | ★★★ | |
|
2023-04-19 21:11:00 | Google Tag met en garde contre les pirates russes menant des attaques de phishing en Ukraine Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine (lien direct) |
Les pirates d'élite associés au service de renseignement militaire de la Russie ont été liés à des campagnes de phishing à grand volume visant des centaines d'utilisateurs en Ukraine pour extraire l'intelligence et influencer le discours public lié à la guerre.
Le groupe d'analyse des menaces de Google (TAG), qui surveille les activités de l'acteur sous le nom de Frozenlake, a déclaré que les attaques poursuivent la focalisation de "Group \\"
Elite hackers associated with Russia\'s military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google\'s Threat Analysis Group (TAG), which is monitoring the activities of the actor under the name FROZENLAKE, said the attacks continue the "group\'s 2022 focus |
Threat | APT 28 | ★★ |
|
2022-09-28 15:39:00 | Hackers Using PowerPoint Mouseover Trick to Infect System with Malware (lien direct) | The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. The technique "is designed to be triggered when the user starts the presentation mode and moves the mouse," cybersecurity firm Cluster25 said in a technical report. "The code execution runs a | Malware Threat | APT 28 | ★★★ |
|
2022-06-22 04:51:03 | Russian Hackers Exploiting Microsoft Follina Vulnerability Against Ukraine (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) has cautioned of a new set of spear-phishing attacks exploiting the "Follina" flaw in the Windows operating system to deploy password-stealing malware. Attributing the intrusions to a Russian nation-state group tracked as APT28 (aka Fancy Bear or Sofacy), the agency said the attacks commence with a lure document titled "Nuclear Terrorism | Vulnerability | APT 28 | |
|
2022-05-06 21:23:05 | U.S. Sanctions Cryptocurrency Mixer Blender for Helping North Korea Launder Millions (lien direct) | The U.S. Treasury Department on Friday moved to sanction virtual currency mixer Blender.io, marking the first time a mixing service has been subjected to economic blockades. The move signals continued efforts on the part of the government to prevent North Korea's Lazarus Group from laundering the funds stolen from the unprecedented hack of Ronin Bridge in late March. The newly imposed sanctions, | Hack Medical | APT 38 APT 28 | ★★★ |
|
2022-04-19 00:02:44 | FBI, U.S. Treasury and CISA Warn of North Korean Hackers Targeting Blockchain Companies (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and the Treasury Department, warned of a new set of ongoing cyber attacks carried out by the Lazarus Group targeting blockchain companies. Calling the activity cluster TraderTraitor, the infiltrations involve the North Korean state-sponsored advanced persistent threat (APT) | Threat Medical | APT 38 APT 28 | |
|
2022-04-16 01:31:45 | Lazarus Group Behind $540 Million Axie Infinity Crypto Hack and Attacks on Chemical Sector (lien direct) | The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group (aka Hidden Cobra) in the theft of $540 million from video game Axie Infinity's Ronin Network last month. On Thursday, the Treasury tied the Ethereum wallet address that received the stolen funds to the threat actor and sanctioned the funds by adding the address to the Office of Foreign Assets Control's (OFAC) | Hack Threat Medical | APT 38 APT 28 | |
|
2022-04-08 00:04:32 | Microsoft Obtains Court Order to Take Down Domains Used to Target Ukraine (lien direct) | Microsoft on Thursday disclosed that it obtained a court order to take control of seven domains used by APT28, a state-sponsored group operated by Russia's military intelligence service, with the goal of neutralizing its attacks on Ukraine. "We have since re-directed these domains to a sinkhole controlled by Microsoft, enabling us to mitigate Strontium's current use of these domains and enable | APT 28 | ||
|
2022-03-08 06:10:46 | Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks (lien direct) | A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia's invasion of Ukraine. Google's Threat Analysis Group (TAG) said it took down two Blogspot domains that were used by the nation-state group FancyBear (aka APT28) – which is attributed to Russia's GRU military | Threat | APT 28 | |
|
2022-01-28 01:24:28 | North Korean Hackers Using Windows Update Service to Infect PCs with Malware (lien direct) | The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land (LotL) techniques leveraged by the APT group to further its objectives. The Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, is the moniker assigned to the North | Malware Medical | APT 38 APT 28 | |
|
2022-01-14 06:16:30 | North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide (lien direct) | Operators associated with the Lazarus sub-group BlueNoroff have been linked to a series of cyberattacks targeting small and medium-sized companies worldwide with an aim to drain their cryptocurrency funds, in what's yet another financially motivated operation mounted by the prolific North Korean state-sponsored actor. Russian cybersecurity company Kaspersky, which is tracking the intrusions | APT 38 APT 28 | ||
|
2021-10-27 00:14:47 | Latest Report Uncovers Supply Chain Attacks by North Korean Hackers (lien direct) | Lazarus Group, the advanced persistent threat (APT) group attributed to the North Korean government, has been observed waging two separate supply chain attack campaigns as a means to gain a foothold into corporate networks and target a wide range of downstream entities.
The latest intelligence-gathering operation involved the use of MATA malware framework as well as backdoors dubbed BLINDINGCAN |
Malware Threat Medical | APT 38 APT 28 | |
|
2021-05-24 10:23:01 | Researchers Link CryptoCore Attacks On Cryptocurrency Exchanges to North Korea (lien direct) | State-sponsored hackers affiliated with North Korea have been behind a slew of attacks on cryptocurrency exchanges over the past three years, new evidence has revealed.
Attributing the attack with "medium-high" likelihood to the Lazarus Group (aka APT38 or Hidden Cobra), researchers from Israeli cybersecurity firm ClearSky said the campaign, dubbed "CryptoCore," targeted crypto exchanges in |
Medical | APT 38 APT 28 | |
|
2020-12-23 23:24:40 | North Korean Hackers Trying to Steal COVID-19 Vaccine Research (lien direct) | Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts.
Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a government ministry in September and October leveraging different tools and techniques but exhibiting |
Threat Medical | APT 38 APT 28 | |
|
2020-12-09 07:11:49 | Russian APT28 Hackers Using COVID-19 as Bait to Deliver Zebrocy Malware (lien direct) | A Russian threat actor known for its malware campaigns has reappeared in the threat landscape with yet another attack leveraging COVID-19 as phishing lures, once again indicating how adversaries are adept at repurposing the current world events to their advantage.
Linking the operation to a sub-group of APT28 (aka Sofacy, Sednit, Fancy Bear, or STRONTIUM), cybersecurity firm Intezer said the |
Malware Threat | APT 28 | |
|
2018-09-27 10:40:03 | Cybersecurity Researchers Spotted First-Ever UEFI Rootkit in the Wild (lien direct) | Cybersecurity researchers at ESET have unveiled what they claim to be the first-ever UEFI rootkit being used in the wild, allowing hackers to implant persistent malware on the targeted computers that could survive a complete hard-drive wipe.
Dubbed LoJax, the UEFI rootkit is part of a malware campaign conducted by the infamous Sednit group, also known as APT28, Fancy Bear, Strontium, and
|
Malware | APT 28 | ★★★★★ |
|
2018-09-27 03:30:00 | VPNFilter Router Malware Adds 7 New Network Exploitation Modules (lien direct) | Security researchers have discovered even more dangerous capabilities in VPNFilter-the highly sophisticated multi-stage malware that infected 500,000 routers worldwide in May this year, making it much more widespread and sophisticated than earlier.
Attributed to Russia's APT 28, also known as 'Fancy Bear,' VPNFilter is a malware platform designed to infect routers and network-attached storage
|
Malware | VPNFilter APT 28 | ★★★★★ |
|
2018-08-21 01:29:01 | Microsoft Detects More Russian Cyber Attacks Ahead of Mid-Term Election (lien direct) | Microsoft claims to have uncovered another new Russian hacking attempts targeting United States' Senate and conservative think tanks ahead of the 2018 midterm elections.
The tech giant said Tuesday that the APT28 hacking group-also known as Strontium, Fancy Bear, Sofacy, Sednit, and Pawn Storm, which is believed to be tied to the Russian government-created at least six fake websites related
|
APT 28 | ||
|
2017-11-09 01:14:31 | Russian \'Fancy Bear\' Hackers Using (Unpatched) Microsoft Office DDE Exploit (lien direct) | Cybercriminals, including state-sponsored hackers, have started actively exploiting a newly discovered Microsoft Office vulnerability that Microsoft does not consider as a security issue and has already denied to patch it.
Last month, we reported how hackers could leverage a built-in feature of Microsoft Office feature, called Dynamic Data Exchange (DDE), to perform code execution on the
|
APT 28 | ||
|
2017-07-21 01:53:45 | How Microsoft Cleverly Cracks Down On "Fancy Bear" Hacking Group (lien direct) | What could be the best way to take over and disrupt cyber espionage campaigns?
Hacking them back?
Probably not. At least not when it's Microsoft, who is continuously trying to protect its users from hackers, cyber criminals and state-sponsored groups.
It has now been revealed that Microsoft has taken a different approach to disrupt a large number of cyber espionage campaigns conducted by "
|
APT 28 | ||
|
2017-02-16 01:38:41 | New MacOS Malware linked to Russian Hackers Can Steal Passwords & iPhone Backups (lien direct) | Security researchers have discovered a new Mac malware allegedly developed by APT28 Russian cyber espionage group who is believed to be responsible for 2016 presidential election hacking scandal.
A new variant of the X-Agent spyware is now targeting Apple macOS system that has previously been used in cyber attacks against Windows, iOS, Android, and Linux devices.
The malware is designed to
|
APT 28 |
1
We have: 30 articles.
We have: 30 articles.
To see everything:
Our RSS (filtrered)
