What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-25 10:00:00 | Pole Voûte: cyber-menaces aux élections mondiales Poll Vaulting: Cyber Threats to Global Elections (lien direct) |
Written by: Kelli Vanderlee, Jamie Collier
Executive Summary The election cybersecurity landscape globally is characterized by a diversity of targets, tactics, and threats. Elections attract threat activity from a variety of threat actors including: state-sponsored actors, cyber criminals, hacktivists, insiders, and information operations as-a-service entities. Mandiant assesses with high confidence that state-sponsored actors pose the most serious cybersecurity risk to elections. Operations targeting election-related infrastructure can combine cyber intrusion activity, disruptive and destructive capabilities, and information operations, which include elements of public-facing advertisement and amplification of threat activity claims. Successful targeting does not automatically translate to high impact. Many threat actors have struggled to influence or achieve significant effects, despite their best efforts. When we look across the globe we find that the attack surface of an election involves a wide variety of entities beyond voting machines and voter registries. In fact, our observations of past cycles indicate that cyber operations target the major players involved in campaigning, political parties, news and social media more frequently than actual election infrastructure. Securing elections requires a comprehensive understanding of many types of threats and tactics, from distributed denial of service (DDoS) to data theft to deepfakes, that are likely to impact elections in 2024. It is vital to understand the variety of relevant threat vectors and how they relate, and to ensure mitigation strategies are in place to address the full scope of potential activity. Election organizations should consider steps to harden infrastructure against common attacks, and utilize account security tools such as Google\'s Advanced Protection Program to protect high-risk accounts. Introduction The 2024 global election cybersecurity landscape is characterized by a diversity of targets, tactics, and threats. An expansive ecosystem of systems, administrators, campaign infrastructure, and public communications venues must be secured against a diverse array of operators and methods. Any election cybersecurity strategy should begin with a survey of the threat landscape to build a more proactive and tailored security posture. The cybersecurity community must keep pace as more than two billion voters are expected to head to the polls in 2024. With elections in more than an estimated 50 countries, there is an opportunity to dynamically track how threats to democracy evolve. Understanding how threats are targeting one country will enable us to better anticipate and prepare for upcoming elections globally. At the same time, we must also appreciate the unique context of different countries. Election threats to South Africa, India, and the United States will inevitably differ in some regard. In either case, there is an opportunity for us to prepare with the advantage of intelligence. |
Ransomware Malware Hack Tool Vulnerability Threat Legislation Cloud Technical | APT 40 APT 29 APT 28 APT 43 APT 31 APT 42 | ★★★ |
|
2023-11-09 15:00:00 | Le ver de sable perturbe le pouvoir en Ukraine en utilisant une nouvelle attaque contre la technologie opérationnelle Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology (lien direct) |
fin 2022, Mandiant a répondu à un incident de cyber-physique perturbateur dans lequel l'acteur de menace lié à la Russie a ciblé une organisation d'infrastructure critique ukrainienne.Cet incident était une cyberattaque multi-événements qui a exploité une nouvelle technique pour avoir un impact sur les systèmes de contrôle industriel (CI) / technologie opérationnelle (OT).L'acteur a d'abord utilisé le niveau OT vivant des techniques terrestres (LOTL) pour déclencher probablement les disjoncteurs de sous-station de la victime, provoquant une panne de courant imprévue qui coïncidait avec les frappes de missiles de masse sur les infrastructures critiques à travers l'Ukraine.Sandworm plus tard
In late 2022, Mandiant responded to a disruptive cyber physical incident in which the Russia-linked threat actor Sandworm targeted a Ukrainian critical infrastructure organization. This incident was a multi-event cyber attack that leveraged a novel technique for impacting industrial control systems (ICS) / operational technology (OT). The actor first used OT-level living off the land (LotL) techniques to likely trip the victim\'s substation circuit breakers, causing an unplanned power outage that coincided with mass missile strikes on critical infrastructure across Ukraine. Sandworm later |
Threat Industrial | APT 28 | ★★ |
|
2022-09-23 08:15:00 | Les hacktivistes collaborent avec APT28 parrainé par GRU Hacktivists Collaborate with GRU-sponsored APT28 (lien direct) |
Résumé de l'exécutif
mandiant suit plusieurs groupes hacktiviste autoproclamés travaillant pour soutenir les intérêts russes.Ces groupes ont principalement mené des attaques de déni de service distribué (DDOS) et divulgué des données volées aux organisations victimes.Bien que certains de ces acteurs opèrent presque certainement indépendamment de l'État russe, nous avons identifié plusieurs groupes dits hacktivistes dont nous soupçonnons les modérateurs que nous soupçonnons soit un front ou opérant en coordination avec l'État russe.
Nous évaluons avec une confiance modérée que les modérateurs du prétendu hacktiviste
Executive Summary Mandiant is tracking multiple self-proclaimed hacktivist groups working in support of Russian interests. These groups have primarily conducted distributed denial-of-service (DDoS) attacks and leaked stolen data from victim organizations. Although some of these actors are almost certainly operating independently of the Russian state, we have identified multiple so-called hacktivist groups whose moderators we suspect are either a front for, or operating in coordination with, the Russian state. We assess with moderate confidence that moderators of the purported hacktivist |
APT 28 APT 28 | ★★★★ | |
|
2017-08-11 08:00:00 | APT28 cible le secteur de l'hôtellerie, présente une menace pour les voyageurs APT28 Targets Hospitality Sector, Presents Threat to Travelers (lien direct) |
Fireeye a une confiance modérée qu'une campagne ciblant le secteur de l'hôtellerie est attribuée à l'acteur russe apt28 .Nous pensons que cette activité, qui remonte au moins en juillet 2017, était destinée à cibler les voyageurs dans des hôtels à travers l'Europe et le Moyen-Orient.L'acteur a utilisé plusieurs techniques notables dans ces incidents tels que renifler les mots de passe du trafic Wi-Fi, empoisonner le service de nom NetBios et se propager latéralement via le eternalblue exploit.
APT28 utilise un document malveillant pour cibler l'industrie hôtelière
Fireeye a découvert un document malveillant envoyé en lance
FireEye has moderate confidence that a campaign targeting the hospitality sector is attributed to Russian actor APT28. We believe this activity, which dates back to at least July 2017, was intended to target travelers to hotels throughout Europe and the Middle East. The actor has used several notable techniques in these incidents such as sniffing passwords from Wi-Fi traffic, poisoning the NetBIOS Name Service, and spreading laterally via the EternalBlue exploit. APT28 Uses Malicious Document to Target Hospitality Industry FireEye has uncovered a malicious document sent in spear |
Threat | Wannacry APT 28 APT 28 | ★★★★ |
|
2017-03-08 17:15:00 | Introduction aux applications de cacao en ingénierie inverse Introduction to Reverse Engineering Cocoa Applications (lien direct) |
Bien que cela ne soit pas aussi courant que Windows Malware, un flux constant de logiciels malveillants a été découvert au fil des ans qui s'exécute sur le système d'exploitation OS X, désormais rebaptisé MacOS.Février a vu trois publications particulièrement intéressantes sur le thème des logiciels malveillants MacOS: un application de cacao de trojan qui envoie des informations systèmey compris les données de trousseau à l'attaquant, un version macOS d'APT28\'s xagent malware , et un new-trojan ransomware .
Dans ce blog, l'équipe Flare souhaite introduire deux petits outils qui peuvent aider à la tâche des applications de cacao en ingénierie inverse pour MacOS.Afin de
While not as common as Windows malware, there has been a steady stream of malware discovered over the years that runs on the OS X operating system, now rebranded as macOS. February saw three particularly interesting publications on the topic of macOS malware: a Trojan Cocoa application that sends system information including keychain data back to the attacker, a macOS version of APT28\'s Xagent malware, and a new Trojan ransomware. In this blog, the FLARE team would like to introduce two small tools that can aid in the task of reverse engineering Cocoa applications for macOS. In order to |
Malware Tool | APT 28 | ★★★★ |
|
2015-04-18 11:10:00 | Opération Russiandoll: Adobe & Windows Exploits zéro-day Probablement exploités par APT28 de Russie dans une attaque très ciblée Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia\\'s APT28 in Highly-Targeted Attack (lien direct) |
Fireeye Labs a récemment détecté une campagne APT limitée exploitant les vulnérabilités zéro-jours dans Adobe Flash et une toute nouvelle à Microsoft Windows.En utilisant le Dynamic Keen Intelligence Cloud (DTI) , les chercheurs de Fireeye ont détecté un modèle d'attaques commençant le 13 avril Th , 2015. Adobe a indépendamment corrigé la vulnérabilité (CVE-2015-3043) dans APSB15-06 .Grâce à la corrélation des indicateurs techniques et des infrastructures de commandement et de contrôle, FireEye évalue que l'APT28 est probablement responsable de cette activité.
Microsoft est conscient de la vulnérabilité d'escalade locale exceptionnelle dans Windows
FireEye Labs recently detected a limited APT campaign exploiting zero-day vulnerabilities in Adobe Flash and a brand-new one in Microsoft Windows. Using the Dynamic Threat Intelligence Cloud (DTI), FireEye researchers detected a pattern of attacks beginning on April 13th, 2015. Adobe independently patched the vulnerability (CVE-2015-3043) in APSB15-06. Through correlation of technical indicators and command and control infrastructure, FireEye assess that APT28 is probably responsible for this activity. Microsoft is aware of the outstanding local privilege escalation vulnerability in Windows |
Vulnerability Threat Cloud | APT 28 APT 28 | ★★★★ |
|
2014-10-27 03:00:42 | Malware APT28: une fenêtre sur les opérations de cyber-espionnage de la Russie? APT28 Malware: A Window into Russia\\'s Cyber Espionage Operations? (lien direct) |
Le rôle des acteurs de l'État-nation dans les cyberattaques a peut-être été le plus largement révélé en février 2013 lorsque mandiant href = "https://www.mandiant.com/resources/mandiant-expose-apt1-chinas-cyber-espionage-units" cible = "_ Blank"> Rapport APT1, en Chine.Aujourd'hui, nous publions un nouveau rapport: apt28:Une fenêtre sur les opérations de cyber-espionnage de la Russie?
Ce rapport se concentre sur un groupe de menaces que nous avons désigné comme APT28.Alors que les logiciels malveillants d'APT28 \\ sont assez connus dans la communauté de la cybersécurité, notre rapport détaille des informations supplémentaires exposant des opérations en cours et ciblées qui, selon nous, indiquent un sponsor gouvernemental basé à Moscou.
dans
The role of nation-state actors in cyber attacks was perhaps most widely revealed in February 2013 when Mandiant released the APT1 report, which detailed a professional cyber espionage group based in China. Today we release a new report: APT28: A Window Into Russia\'s Cyber Espionage Operations? This report focuses on a threat group that we have designated as APT28. While APT28\'s malware is fairly well known in the cybersecurity community, our report details additional information exposing ongoing, focused operations that we believe indicate a government sponsor based in Moscow. In |
Malware Threat | APT 28 APT 28 APT 1 | ★★★★ |
1
We have: 7 articles.
We have: 7 articles.
To see everything:
Our RSS (filtrered)
