What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-13 13:26:53 | devOcean Emerges From Stealth With Cloud-Native Security Operations Platform (lien direct) | devOcean has emerged from stealth mode with a cloud-native security operations platform and $6 million in funding. The company's seed round was led by Glilot Capital Partners, with participation from angel investors. | APT 32 | ||
|
2021-04-29 14:35:46 | DigitalOcean Discloses Breach Involving Billing Information (lien direct) | Cloud solutions provider DigitalOcean has started informing some customers that their billing information may have been compromised after someone exploited a vulnerability in the company's systems. | Vulnerability | APT 32 | |
|
2021-02-24 12:46:50 | Vietnamese Hackers Target Human Rights Defenders: Amnesty (lien direct) | Between February 2018 and November 2020, Vietnam-linked hacking group Ocean Lotus targeted Vietnamese human rights activists in the country and abroad with spyware, a new report from Amnesty International reveals. | APT 32 | ||
|
2019-07-02 04:54:05 | Researchers Analyze Vietnamese Hackers\' Suite of RATs (lien direct) | BlackBerry Cylance security researchers have analyzed a suite of remote access Trojans (RATs) that the Vietnam-linked threat actor OceanLotus has been using in attacks for the past three years. | Threat | APT 32 | |
|
2018-10-18 12:03:00 | \'Operation Oceansalt\' Reuses Code from Chinese Group APT1 (lien direct) | A recently observed cyber-espionage campaign targeting South Korea, the United States and Canada is reusing malicious code previously associated with state-sponsored Chinese group APT1, McAfee reports. | APT 32 | ||
|
2018-04-05 15:23:03 | New macOS Backdoor Linked to Cyber-espionage Group (lien direct) | >A recently discovered macOS backdoor is believed to be a new version of malware previously associated with the OceanLotus cyber-espionage group, Trend Micro says. Also known as APT 32, APT-C-00, SeaLotus, and Cobalt Kitty, OceanLotus is believed to be operating out of Vietnam and has been targeting high-profile corporate and government organizations in Southeast Asia. Well-resourced and determined, the group uses custom-built malware and already established techniques. | APT 32 | ||
|
2018-04-04 14:00:03 | Breaches Increasingly Discovered Internally: Mandiant (lien direct) | >Organizations are getting increasingly better at discovering data breaches on their own, with more than 60% of intrusions in 2017 detected internally, according to FireEye-owned Mandiant.
The company's M-Trends report for 2018 shows that the global median time for internal detection dropped to 57.5 days in 2017, compared to 80 days in the previous year. Of the total number of breaches investigated by Mandiant last year, 62% were discovered internally, up from 53% in 2016.
On the other hand, it still took roughly the same amount of time for organizations to learn that their systems had been compromised. The global median dwell time in 2017 – the median time from the first evidence of a hack to detection – was 101 days, compared to 99 days in 2016.
Companies in the Americas had the shortest median dwell time (75.5 days), while organizations in the APAC region had the longest dwell time (nearly 500 days).
Data collected by Mandiant in 2013 showed that more than one-third of organizations had been attacked again after the initial incident had been remediated. More recent data, specifically from the past 19 months, showed that 56% of Mandiant customers were targeted again by either the same group or one with similar motivation.
In cases where investigators discovered at least one type of significant activity (e.g. compromised accounts, data theft, lateral movement), the targeted organization was successfully attacked again within one year. Organizations that experienced more than one type of significant activity were attacked by more than one threat actor.
Again, the highest percentage of companies attacked multiple times and by multiple threat groups was in the APAC region – more than double compared to the Americas and the EMEA region.
When it comes to the most targeted industries, companies in the financial and high-tech sectors recorded the highest number of significant attacks, while the high-tech, telecommunications and education sectors were hit by the highest number of different hacker groups.
Last year, FireEye assigned names to four state-sponsored threat groups, including the Vietnam-linked APT32 (OceanLotus), and the Iran-linked APT33, APT34 (OilRig), and APT35 (NewsBeef, Newscaster and Charming Kitten).
|
Conference | APT33 APT 35 APT 33 APT 32 APT 34 | |
|
2018-03-15 03:15:04 | Qrypter RAT Hits Hundreds of Organizations Worldwide (lien direct) | Hundreds of organizations all around the world have been targeted in a series of attacks that leverage the Qrypter remote access Trojan (RAT), security firm Forcepoint says. The malware, often mistaken for the Adwind cross-platform backdoor, has been around for a couple of years, and was developed by an underground group called 'QUA R&D', which offers a Malware-as-a-Service (MaaS) platform. Also known as Qarallax, Quaverse, QRAT, and Qontroller, Forcepoint explains that Qrypter | APT 32 | ||
|
2018-03-15 03:01:04 | New “HenBox” Android Malware Discovered (lien direct) | A newly discovered Android malware family masquerades as various popular applications and can steal a broad range of information from infected devices, Palo Alto Networks warns. Dubbed HenBox, the malware was observed installing the legitimate versions of apps it poses as to hide its presence on compromised devices. The threat is distributed via third-party app stores and mainly targets Uyghur, a minority Turkic ethnic group in the Xinjiang Uyghur Autonomous Region in North West China, and Xiaomi devices. On the infected devices, HenBox can steal information from mainstream chat, communication, and social media apps. It gathers both personal and device information, can track the device's location, can access the microphone and camera, and harvests outgoing phone numbers with an “86” prefix (the country code for the People's Republic of China). Palo Alto's researchers discovered nearly 200 HenBox samples, the oldest dating back to 2015, but activity occured in the second half of 2017. A small but consistent number of samples has been observed this year as well. While analyzing the mobile threat, Palo Alto connected | APT 32 | ||
|
2018-03-14 16:39:02 | (Déjà vu) Microsoft Patches Remote Code Execution Flaw in CredSSP (lien direct) | A vulnerability (CVE-2018-0886) patched by Microsoft with its March 2018 security patches was a remote code execution flaw in the Credential Security Support Provider protocol (CredSSP) used by Remote Desktop Protocol (RDP) and Windows Remote Management (WinRM). This vulnerability can be exploited by an attacker to relay user credentials to execute code on a target system. The authentication provider, Microsoft explains, processes authentication requests for other applications, meaning that the vulnerability puts all applications that depend on CredSSP at risk. Preempt, which discovered the bug, explains | APT 32 | ||
|
2018-03-14 03:00:02 | SAP Patches Decade-Old Flaws With March 2018 Patches (lien direct) | SAP this week released its March 2018 set of security patches to address High and Medium priority vulnerabilities in its products. A total of 10 Security Notes were included in the SAP Security Patch Day this month, three rated High priority and 7 considered Medium priority. Two of the Notes were updates for previously released Security Notes. SAP this month included 17 Support Package Notes in the Security Patch Day, for a total of 17 Security Notes, ERPScan (a company that specializes in securing Oracle and SAP applications) reports. 11 of the Notes were released after the second Tuesday of the last month and before the second Tuesday of this month. The most severe of the Security Notes addresses three vulnerabilities in SAP Internet Graphics Server (IGS) and carries a High priority rating (CVSS Base Score: 8.8). The bugs include CVE-2004-1308 (memory corruption), CVE-2005-2974 (denial of service), and CVE-2005-3350 (remot | APT 32 | ||
|
2018-03-13 17:58:05 | "OceanLotus" Spies Use New Backdoor in Recent Attacks (lien direct) | OceanLotus, a cyber-espionage group believed to be operating out of Vietnam, has been using a new backdoor in recently observed attacks, but also using previously established tactics, ESET reveals. Also known as APT32 and APT-C-00, the advanced persistent threat (APT) has been targeting high-profile corporate and government organizations in Southeast Asia, particularly in Vietnam, the Philippines, Laos, and Cambodia. The group is well-resourced and determined and is known to be using custom-built malware in combination with techniques long known to be successful. One of the latest malware families used by the group is a fully-fledged backdoor that provides operators with remote access to compromised machines, along with the ability to manipulate files, registries, and processes, as well as the option to load additional components if needed. For distribution purposes, OceanLotus uses a two-stage attack that employs a dropper to gain initial foothold on the targeted system and prepare the stage for the backdoor, ESET explains in a new report ( | APT 32 | ||
|
2017-09-19 10:47:28 | DigitalOcean Warns of Vulnerability Affecting Cloud Users (lien direct) | DigitalOcean is warning customers that some 1-Click applications running MySQL have an account with the same default password across all instances, and the company says the issue affects other cloud providers as well. | APT 32 | ||
|
2017-05-24 11:37:10 | How APT32 Hacked a Global Asian Firm With Persistence (lien direct) | In a cyber intrusion dubbed Operation Cobalt Kitty, the OceanLotus hacking group -- otherwise known as APT32 -- played cat-and-mouse with a security firm that was tracking its every move. | APT 32 |
1
We have: 14 articles.
We have: 14 articles.
To see everything:
Our RSS (filtrered)
