SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2024-04-23 12:50:57	Les cyberespaces russes livrent \\ 'gooseegg \\' malware aux organisations gouvernementales Russian Cyberspies Deliver \\'GooseEgg\\' Malware to Government Organizations (lien direct)	APT28, lié à la Russie, déploie l'outil post-exploitation d'OeEEGG contre de nombreuses organisations américaines et européennes. Russia-linked APT28 deploys the GooseEgg post-exploitation tool against numerous US and European organizations.	Malware Tool	APT 28	★★★
	2024-02-28 12:36:12	Le gouvernement américain exhorte le nettoyage des routeurs infectés par l'APT28 de la Russie US Government Urges Cleanup of Routers Infected by Russia\\'s APT28 (lien direct)	Le gouvernement américain affirme que le groupe APT28 de la Russie a compromis Ubiquiti Edgerouters pour exécuter les opérations de cyberespionnage dans le monde. The US government says Russia\'s APT28 group compromised Ubiquiti EdgeRouters to run cyberespionage operations worldwide.		APT 28	★★★
	2023-04-19 09:03:31	États-Unis, Royaume-Uni: la Russie exploitant la vieille vulnérabilité pour pirater les routeurs Cisco US, UK: Russia Exploiting Old Vulnerability to Hack Cisco Routers (lien direct)	> Les agences gouvernementales américaines et britanniques ont émis un avertissement conjoint pour le groupe russe APT28 ciblant les routeurs Cisco en exploitant une ancienne vulnérabilité. >US and UK government agencies have issued a joint warning for Russian group APT28 targeting Cisco routers by exploiting an old vulnerability.	Hack Vulnerability	APT 28	★★
	2022-04-19 10:12:54	US: Hackers Continue Aiding North Korea Generate Funds via Cryptocurrency Attacks (lien direct)	North Korean state-sponsored hacking group Lazarus continues to target blockchain and cryptocurrency organizations in recent campaigns, the United States government warns.		APT 38 APT 28
	2022-04-15 14:24:33	North Korea APT Lazarus Targeting Chemical Sector (lien direct)	Threat hunters at Symantec have spotted signs that North Korea's Lazarus APT group is targeting companies in the chemical sector in an ongoing cyberespionage campaign that includes fake job lures and clever social engineering.		APT 38 APT 28
	2022-04-14 20:07:22	U.S. Gov Blames North Korea Hackers for $600M Cryptocurrency Heist (lien direct)	The U.S. government says the recent $600 million Ronin Validator cryptocurrency heist was conducted by Lazarus Group, the notorious hacking outfit linked to the North Korean government.	Medical	APT 38 APT 28
	2022-01-31 15:41:44	North Korean Hackers Abuse Windows Update Client in Attacks on Defense Industry (lien direct)	The North Korean threat group Lazarus was observed abusing the Windows Update client for the execution of malicious code during a campaign this month, Malwarebytes reports.	Threat	APT 38 APT 28
	2022-01-14 15:29:16	North Korean Hackers Stole $400 Million Worth of Cryptocurrency in 2021 (lien direct)	North Korea-linked hacking group Lazarus stole close to $400 million worth of crypto-assets last year, Chainalysis reports.		APT 38 APT 28
	2021-10-27 16:06:53	North Korean Hackers Targeting IT Supply Chain: Kaspersky (lien direct)	The North Korea-linked state-sponsored hacking group Lazarus has started to target the IT supply chain in recent attacks, according to cybersecurity firm Kaspersky.		APT 38 APT 28
	2021-06-07 10:36:39	Russian Hackers Use New \'SkinnyBoy\' Malware in Attacks on Military, Government Orgs (lien direct)	The Russia-linked threat group known as APT28 has been observed using a new backdoor in a series of attacks targeting military and government institutions, researchers with threat intelligence company Cluster25 reveal.	Malware Threat	APT 28	★★★
	2021-02-26 04:48:42	Here\'s How North Korean Hackers Stole Data From Isolated Network Segment (lien direct)	During an attack on the defense industry, the North Korea-linked threat group known as Lazarus was able to exfiltrate data from a restricted network segment by taking control of a router and setting it up as a proxy server.	Threat	APT 38 APT 28
	2018-03-16 14:40:02	Sofacy Targets European Govt as U.S. Accuses Russia of Hacking (lien direct)	Just as the U.S. had been preparing to accuse Russia of launching cyberattacks against its energy and other critical infrastructure sectors, the notorious Russia-linked threat group known as Sofacy was spotted targeting a government agency in Europe. The United States on Thursday announced sanctions against Russian spy agencies and more than a dozen individuals for trying to influence the 2016 presidential election and launching cyberattacks, including the destructive NotPetya campaign and operations targeting energy firms. The Department of Homeland Security and Federal Bureau of Investigation issued a joint technical alert via US-CERT last year to warn about attacks launched by a group known as Dragonfly, Crouching Yeti and Energetic Bear on critical infrastructure. Researchers previously linked Dragonfly to the Russian government and now the DHS has officially stated the same. US-CERT has updated its alert with some additional information. The new version of the alert replaces “APT actors” with “Russian government cyber actors.” The DHS said that based on its analysis of malware and indicators of compromise, Dragonfly attacks are ongoing, with threat actors “actively pursuing their ultimate objectives over a long-term campaign.” This is not the first time the U.S. has imposed sanctions on Russia over its attempt to influence elections. Russia has also been accused by Washington and others of launching the NotPetya attack last year. The Kremlin has always denied the accusations, but President Vladimir Putin did admit at one point that patriotic hackers could be behind the attacks. If Dragonfly and Sofacy (aka Fancy Bear, APT28, Sednit, Tsar Team and Pawn Storm) are truly operating out of Russia, they don't seem to be discouraged by sanctions and accusations. On March 12 and March 14, security firm Palo Alto Networks spotted attacks launched by Sofacy against an unnamed European government agency using an updated variant of a known tool. Sofacy has been using a Flash Player exploit platform dubbed DealersChoice since at least 2016 and it has continued improving it. The latest version has been delivered to a government organization in Europe using a spear phishing email referencing the “Underwat		NotPetya APT 28
	2018-03-13 15:50:02	(Déjà vu) Usual Threats, But More Sophisticated and Faster: Report (lien direct)	Almost Every Type of Cyber Attack is Increasing in Both Volume and Sophistication Eight new malware samples were recorded every second during the final three months of 2017. The use of fileless attacks, primarily via PowerShell, grew; and there was a surge in cryptocurrency hijacking malware. These were the primary threats outlined in the latest McAfee Lab's Threat Report (PDF) covering Q4 2017. The growth of cryptomining malware coincided with the surge in Bitcoin value, which peaked at just under $20,000 on Dec. 22. With the cost of dedicated mining hardware at upwards of $5,000 per machine, criminals chose to steal users' CPU time via malware. It demonstrates how criminals always follow the money, and choose the least expensive method of acquiring it with the greatest chance of avoiding detection. Since December, Bitcoin's value has fallen to $9,000 (at the time of publishing). Criminals' focus on Bitcoin is likewise being modified, with Ethereum and Monero becoming popular. Last week, Microsoft discovered a major campaign focused on stealing Electroneum. "We currently see discussions in underground forums that suggest moving from Bitcoin to Litecoin because the latter is a safer model with less chance of exposure," comments Raj Samani, chief scientist and McAfee fellow with the Advanced Threat Research Team. The speed with which criminals adapt to their latest market conditions is also seen in the way they maximize their asymmetric advantage. "Adversaries," writes Samani, "have the luxury of access to research done by the technical community, and can download and use opensource tools to support their campaigns, while the defenders' level of insight into cybercriminal activities is considerably more limited, and identifying evolving tactics often must take place after malicious campaigns have begun." Examples of attackers making use of legitimate research include Fancy Bear (APT28) leveraging a Microsoft Office Dynamic Data Exchange technique in November 2017 that had been made public just a few we		NotPetya Equifax APT 28
	2018-02-20 18:41:02	Russian Cyberspies Shift Focus From NATO Countries to Asia (lien direct)	The Russia-linked cyber espionage group known as Sofacy, APT28, Fancy Bear, Pawn Storm, Sednit and Strontium has shifted its focus from NATO member countries and Ukraine to Central Asia and even further east, Kaspersky Lab reported on Tuesday.		APT 28
	2017-11-08 08:41:21	Russia-Linked Spies Deliver Malware via DDE Attack (lien direct)	The Russia-linked cyber espionage group tracked as APT28 and Fancy Bear has started delivering malware to targeted users by leveraging a recently disclosed technique involving Microsoft Office documents and a Windows feature called Dynamic Data Exchange (DDE).		APT 28
	2017-11-03 08:52:21	Russian \'Fancy Bear\' Hackers Abuse Blogspot for Phishing (lien direct)	The cyber espionage group known as Fancy Bear, which is widely believed to be backed by the Russian government, has been abusing Google's Blogspot service in recent phishing attacks.		APT 28
	2017-10-20 11:06:44	Russian Hackers Exploit Recently Patched Flash Vulnerability (lien direct)	The Russia-linked cyber espionage group known as APT28 has been using a recently patched Adobe Flash Player vulnerability in attacks aimed at government organizations and aerospace companies, security firm Proofpoint reported on Thursday.		APT 28
	2017-07-25 11:45:09	Tech Firms Target Domains Used by Russia-linked Threat Group (lien direct)	Tech companies ThreatConnect and Microsoft are moving toward exposing and taking down domains associated with Russia-linked threat group known as Fancy Bear.		APT 28
	2017-05-11 15:15:18	Who Hacked French President-elect Emmanuel Macron\'s Campaign? (lien direct)	One thing is clear. The campaign of French President-elect Emmanuel Macron was hacked prior to the French presidential election this last Sunday -- and the finger was immediately pointed at Russia's APT28 (Fancy Bear). Russia has been caught meddling in western politics once again.		APT 28	★★★★★
	2017-04-04 08:38:10	IAAF Says Russia-Linked Hackers Accessed Medical Records (lien direct)	The International Association of Athletics Federations (IAAF) revealed on Monday that athletes' medical records were accessed in an attack the organization believes was carried out by the Russia-linked cyber espionage group known as Fancy Bear.		APT 28
	2017-02-15 09:56:45	(Déjà vu) Russian Cyberspies Use New Mac Malware to Steal Data (lien direct)	Researchers have discovered a new piece of malware used by the Russia-linked threat group known as APT28 to steal sensitive data from Mac devices, including backups and passwords.		APT 28
	2017-02-13 16:52:34	DHS Uses Cyber Kill Chain to Analyze Russia-Linked Election Hacks (lien direct)	DHS Publishes Enhanced Analysis Report on GRIZZLY STEPPE Activity		APT 29 APT 28
	2017-01-02 16:29:22	U.S. Gov\'s "GRIZZLY STEPPE" Report Fails to Achieve Purpose: Experts (lien direct)	The recently released Joint Analysis Report (JAR) published by the Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) to detail tools used by Russian hackers in cyber attacks against the United States election didn't deliver on its promise, security experts argue.		APT 29 APT 28
	2016-12-22 12:35:40	Russia Used Android Malware to Track Ukrainian Troops: Report (lien direct)	The Russia-linked cyberespionage group known as Fancy Bear has tracked Ukrainian artillery forces by planting a piece of Android malware in a legitimate military application, threat intelligence firm CrowdStrike reported on Thursday.		APT 28
	2016-12-09 16:17:42	Germany Accuses Russia of Hybrid Warfare (lien direct)	Russia has been accused of waging its own brand of cyber hybrid warfare against Germany, with specific focus on next year's elections. In particular, the APT28 (Fancy Bear) hacking group -- thought to be linked to the Russian government -- is accused of spreading propaganda and disinformation under the guise of 'hacktivists'.		APT 28
	2016-11-09 19:16:58	Cyberspies Ramped Up Attacks After Exposure of Zero-Days (lien direct)	The Russia-linked threat actor known as Pawn Storm ramped up its attacks against governments and embassies after seeing that researchers discovered the Windows and Flash Player zero-day exploits it had been using.		APT 28
	2016-11-02 07:51:40	Windows Zero-Day Exploited by Russia-Linked Cyberspies (lien direct)	The Windows zero-day vulnerability disclosed this week by Google has been exploited by the Russia-linked cyberespionage group known as Strontium. Microsoft has been working on a patch and expects to release it on November 8.		APT 28
	2016-10-06 20:07:44	Russian Hackers May Have Manipulated Leaked WADA Data (lien direct)	In a statement published Wednesday, October 5, the World Anti-Doping Agency (WADA) provided an update on investigations into the August Fancy Bear hack and data leak in September. FireEye/Mandiant has been employed to do the forensic investigation. As of Oct.		APT 28
	2016-09-16 07:03:21	Hackers Leak More Confidential Athlete Data (lien direct)	The hacker group calling itself Fancy Bears has leaked another batch of athlete medical records stolen from the systems of the World Anti-Doping Agency (WADA). The organization has confirmed the leak and again blamed Russia for the attack on its systems.		APT 28
	2016-08-24 11:54:24	Attack on Olympics Anti-Doping Agency Linked to Russia (lien direct)	Recent cyberattacks targeting the World Anti-Doping Agency (WADA) have been linked by researchers to the notorious Russian threat actor known as Fancy Bear.		APT 28

Last update at: 2024-04-29 01:07:45
See our sources.

To see everything: Our RSS (filtrered)