What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-20 08:37:31 | Belgium Says Chinese APTs Targeted Interior, Defense Ministries (lien direct) | Belgium on Monday accused Chinese state-sponsored hackers of launching cyberattacks against its interior and defense ministries. Belgium noted in a statement that it has detected cyber intrusions from hacking groups tracked as APT27, APT30, APT31, and Gallium. | APT 30 APT 27 APT 31 | ||
 |
2022-07-14 01:15:16 | Pakistani Hackers Targeting Indian Students in Latest Malware Campaign (lien direct) | The advanced persistent threat (APT) group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021. "This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users," Cisco Talos said in a report shared with The Hacker News. | Malware Threat | APT 36 | |
 |
2022-07-13 16:08:15 | Transparent Tribe begins targeting education sector in latest campaign (lien direct) | Cisco Talos has been tracking a new malicious campaign operated by the Transparent Tribe APT group.This campaign involves the targeting of educational institutions and students in the Indian subcontinent, a deviation from the adversary's typical focus on government entities.The attacks result in... [[ This is only the beginning! Please visit the blog for the complete entry ]] | APT 36 | ||
 |
2022-07-09 16:53:07 | Apple Lockdown Mode will protect users against highly targeted cyberattacks (lien direct) | >Apple plans to introduce a security feature, called Lockdown Mode, to protect its users against “highly targeted cyberattacks.” The recent wave of sophisticated attacks against Apple users (i.e. Pegasus, DevilsTongue, and Hermit) urged the tech giant to develop a new security feature, called Lockdown Mode, to protect its users against highly targeted cyberattacks. The new feature will be implemented in iOS 16, iPadOS […] | Cloud | APT 37 | |
 |
2022-07-08 16:00:00 | Spear Phishing Fake Job Offer Likely Behind Axie Infinity\'s Lazarus $600m Hack (lien direct) | The message with the fake offer contained a PDF that would have delivered spyware | Hack | APT 38 | |
 |
2022-07-07 08:14:35 | North Korean State-Sponsored Threat Actors Deploying "MAUI" Ransomware (lien direct) | Today, the United States Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Agency (CISA) and the Department of Treasury released a joint Cybersecurity Advisory on Maui Ransomware, which is attributed to state sponsored activity by the government of North Korea. The Joint CSA provides detailed insight on the various TTPs used by the threat actors behind Maui, which has targeted the Health and Public Health Sector.How Serious of an Issue is This?High. As ransomware activity causes downtime, theft of confidential and personally identifiable information (PII) and other significant impact to operations, it is important to ensure that various security measures are in place, like being up to date with patching vulnerable machines/infrastructure. Also, ensuring employees are trained and up to date on various social engineering attempts and tactics used by threat actors will be a first line of defense against such attacks.What is Maui Ransomware?Maui ransomware is unique in a way that it requires manual execution to start the encryption routine. Maui also features a CLI (command line interface) that is used by the threat actor to target specific files to encrypt. Maui also has the ability to identify previously encrypted files due to customer headers containing the original path of the file.Who are HIDDEN COBRA/LAZARUS/APT38/BeagleBoyz?HIDDEN COBRA also known as Lazarus/APT38/BeagleBoyz has been atributed to the government of North Korea. Also, they have been linked to multiple high-profile, financially-motivated attacks in various parts of the world - some of which have caused massive infrastructure disruptions. Notable attacks include the 2014 attack on a major entertainment company and a 2016 Bangladeshi financial institution heist that almost netted nearly $1 Billion (USD) for the attackers. Had it not been for a misspelling in an instruction that caused a bank to flag and block thirty transactions, HIDDEN COBRA would have pulled off a heist unlike any other. Although HIDDEN COBRA failed in their attempt, they were still able to net around 81 million dollars in total.The most recent notable attack attributed to HIDDEN COBRA was the Wannacry Ransomware attack, which resulted in massive disruption and damage worldwide to numerous organizations, especially those in manufacturing. Various estimates of the impact were in the hundreds of millions of dollars, with some estimates claiming billions. Other verticals which this group has targeted include critical infrastructures, entertainment, finance, healthcare, and telecommunication sectors across multiple countries.Who are the BeagleBoyz?The BeagleBoyz group is a newly identified group that is a subset of activity by the threat actors known as HIDDEN COBRA/LAZARUS/APT 38 and has been observed committing financial crimes, specifically cryptocurrency related thefts. Further information about the BeagleBoyz can be found here.What Operating Systems are Affected?Windows based operating systems are affected.What is the Status of Coverage?Fortinet customers running the latest definitions are protected against Maui with the following (AV) signatures:W32/Ransom_Win32_MAUICRYPT.YACC5W32/Agent.C5C2!trW32/PossibleThreatAnything Else to Note?Victims of ransomware are cautioned against paying ransoms by such organizations as CISA, NCSC, the FBI, and HHS. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities which could potentially be illegal according to a U.S. Department of Treasury's Office of Foreign Assets Control (OFAC) advisory. | Ransomware Threat Patching Medical | Wannacry Wannacry APT 38 | |
 |
2022-07-01 13:47:47 | Les hackers nord-coréens, principaux suspects dans un énorme vol de cryptomonnaies (lien direct) | >
L'équivalent de 100 millions de dollars ont été dérobés la semaine dernière sur la blockchain Harmony. Les premiers éléments de l'enquête font pointer le doigt vers le groupe Lazarus.
L'article Les hackers nord-coréens, principaux suspects dans un énorme vol de cryptomonnaies est à retrouver sur 01net.com. |
APT 38 | ||
|
2022-06-30 17:58:47 | Experts blame North Korea-linked Lazarus APT for the Harmony hack (lien direct) | >North Korea-linked Lazarus APT group is suspected to be behind the recent hack of the Harmony Horizon Bridge. Recently, threat actors have stolen $100 million in cryptocurrency from the Blockchain company Harmony. The company reported the incident to the authorities, the FBI is investigating the cyber heist with the help of several cybersecurity firms. Harmony's […] | Hack Threat | APT 38 | |
|
2022-06-30 17:27:16 | North Korea Lazarus Hackers Blamed for $100 Million Horizon Bridge Heist (lien direct) | The infamous North Korean Lazarus hacking group is the prime suspect in the $100 million hack of Harmony's Horizon Bridge, according to new data and research from blockchain analytics firm Elliptic. | Hack | APT 38 | |
|
2022-06-30 16:00:00 | North Korea\'s Lazarus Group Suspected of $100m Harmony Hack (lien direct) | Elliptic used Tornado demixing techniques to trace the stolen funds to new Ethereum wallets | Hack | APT 38 | |
 |
2022-06-30 10:40:51 | (Déjà vu) North Korea-Backed Hacking Collective Lazarus Group Suspected to be Behind Recent Harmony Bridge Attack (lien direct) | The notorious North Korea-backed hacking collective Lazarus Group is suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge. Last week Harmony confirmed that its Horizon Bridge, a platform that allows users to move cryptocurrency across different blockchains, had been breached. The incident involved the exploiter carrying out multiple transactions on […] | Medical | APT 38 | ★★★★ |
|
2022-06-29 23:01:41 | North Korean Hackers Suspected to be Behind $100M Horizon Bridge Hack (lien direct) | The notorious North Korea-backed hacking collective Lazarus Group is suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge, citing similarities to the Ronin bridge attack in March 2022. The finding comes as Harmony confirmed that its Horizon Bridge, a platform that allows users to move cryptocurrency across different blockchains, had been breached last week. | Hack Medical | APT 38 | |
 |
2022-06-29 10:03:54 | Hermit spyware is deployed with the help of a victim\'s ISP (lien direct) | A new commercial spyware for governments, called Hermit, has spotted in the wild. It affects iOS and all Android versions. | Cloud | APT 37 | |
 |
2022-06-24 15:00:00 | What is iOS Hermit spyware? (lien direct) | >iOS Hermit spyware is a commercial-grade surveillance tool derived from a known Android surveillance tool. Learn more + how to stay safe. | Tool Cloud | APT 37 | |
 |
2022-06-24 12:37:15 | Google details commercial spyware that targets both Android and iOS devices (lien direct) | Hermit highlights a wider issue concerning our privacy and freedom. | Cloud | APT 37 | |
|
2022-06-24 03:40:50 | Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware (lien direct) | A week after it emerged that sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Additionally, necessary changes have been implemented in Google Play Protect - Android's built-in malware defense service - to protect all users, Benoit Sevens and Clement Lecigne of Google Threat | Malware Cloud | APT 37 | |
 |
2022-06-21 15:03:00 | Anomali Cyber Watch: GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool, DragonForce Malaysia OpsPatuk / OpsIndia and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT35, CrescentImp, Follina, Gallium, Phosphorous, and Sandworm. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Update: The Phish Goes On - 5 Million Stolen Credentials and Counting
(published: June 16, 2022)
PIXM researchers describe an ongoing, large-scale Facebook phishing campaign. Its primary targets are Facebook Messenger mobile users and an estimated five million users lost their login credentials. The campaign evades Facebook anti-phishing protection by redirecting to a new page at a legitimate service such as amaze.co, famous.co, funnel-preview.com, or glitch.me. In June 2022, the campaign also employed the tactic of displaying legitimate shopping cart content at the final page for about two seconds before displaying the phishing content. The campaign is attributed to Colombian actor BenderCrack (Hackerasueldo) who monetizes displaying affiliate ads.
Analyst Comment: Users should check what domain is asking for login credentials before providing those. Organizations can consider monitoring their employees using Facebook as a Single Sign-On (SSO) Provider.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] User Execution - T1204
Tags: Facebook, Phishing, Facebook Messenger, Social networks, Mobile, Android, iOS, Redirect, Colombia, source-country:CO, BenderCrack, Hackerasueldo
F5 Labs Investigates MaliBot
(published: June 15, 2022)
F5 Labs researchers describe a novel Android trojan, dubbed MaliBot. Based on re-written SOVA malware code, MaliBot is maintaining its Background Service by setting itself as a launcher. Its code has some unused evasion portions for emulation environment detection and setting the malware as a hidden app. MaliBot spreads via smishing, takes control of the device and monetizes using overlays for certain Italian and Spanish banks, stealing cryptocurrency, and sometimes sending Premium SMS to paid services.
Analyst Comment: Users should be wary of following links in unexpected SMS messages. Try to avoid downloading apps from third-party websites. Be cautious with enabling accessibility options.
MITRE ATT&CK: [MITRE ATT&CK] System Network Configuration Discovery - T1016 | [MITRE ATT&CK] User Execution - T1204
Tags: MaliBot, Android, MFA bypass, SMS theft, Premium SMS, Smishing, Binance, Trust wallet, VNC, SOVA, Sality, Cryptocurrency, Financial, Italy, target-country:IT, Spain, target-country:ES
Extortion Gang Ransoms Shoprite, Largest Supermarket Chain in Africa
(published: June 15, 2022)
On June 10, 2022, the African largest supermarket chain operating in twelve countries, Shoprite Holdings, announced a possible cybersecurity incident. The company notified customers in E |
Ransomware Malware Tool Vulnerability Threat Guideline Conference | Yahoo APT 35 | |
|
2022-06-21 08:58:07 | Lookout Discovers Android Spyware Deployed in Kazakhstan (lien direct) | Lookout has announced the discovery of an enterprise-grade Android surveillanceware currently used by the government of Kazakhstan within its borders. Lookout researchers also found evidence of deployment of the spyware – which Lookout researchers have named “Hermit” – in Italy and in northeastern Syria. Hermit is likely developed by Italian spyware vendor RCS Lab S.p.A. […] | Cloud | APT 37 | |
 |
2022-06-20 11:15:08 | CVE-2021-25104 (lien direct) | The Ocean Extra WordPress plugin before 1.9.5 does not escape generated links which are then used when the OceanWP is active, leading to a Reflected Cross-Site Scripting issue | Guideline | APT 32 | |
|
2022-06-17 20:00:33 | Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company (lien direct) | >Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab researchers uncovered enterprise-grade Android surveillance spyware, named Hermit, used by the government of Kazakhstan to track individuals within the country. The latest samples of this spyware were detected by the researchers in April 2022, four […] | Malware Threat Cloud | APT 37 | |
|
2022-06-17 06:12:54 | Researchers Uncover \'Hermit\' Android Spyware Used in Kazakhstan, Syria, and Italy (lien direct) | An enterprise-grade surveillanceware dubbed Hermit has been put to use by entities operating from within Kazakhstan, Syria, and Italy over the years since 2019, new research has revealed. Lookout attributed the spy software, which is equipped to target both Android and iOS, to an Italian company named RCS Lab S.p.A and Tykelab Srl, a telecom services provider which it suspects to be a front | Cloud | APT 37 | |
 |
2022-06-16 19:09:44 | Android Spyware \'Hermit\' Discovered in Targeted Attacks (lien direct) | The commercial-grade surveillance software initially was used by law enforcement authorities in Italy in 2019, according to a new report. | APT 37 | ||
 |
2022-06-16 12:45:37 | Lookout découvre un logiciel espion Android déployé au Kazakhstan (lien direct) | Lookout annonce la découverte d'un logiciel de surveillance Android de niveau enterprise actuellement utilisé par le gouvernement du Kazakhstan à l'intérieur de ses frontières. Les chercheurs de Lookout ont également trouvé des preuves du déploiement du logiciel espion - que les chercheurs de Lookout ont nommé " Hermit " - en Italie et dans le nord-est de la Syrie. Hermit est probablement développé par le vendeur italien de logiciels espions RCS Lab S.p.A. et Tykelab Srl, une société de solutions de (...) - Malwares | Cloud | APT 37 | |
|
2022-06-16 11:55:20 | Sophisticated Android Spyware \'Hermit\' Used by Governments (lien direct) | Security researchers at Lookout have analyzed a sophisticated Android spyware family that appears to have been created to serve nation-state customers. | APT 37 | ||
|
2022-06-15 10:41:47 | New Iranian Spear-Phishing Campaign Hijacks Email Conversations (lien direct) | A major new state-backed spear-phishing operation targeting multiple high-ranking Israeli and US officials has been uncovered by security researchers. The campaign has been traced to the Iranian Phosphorus ATP group, according to Check Point. It has targeted former Israeli foreign minister and deputy Prime Minister Tzipi Livni, a former US ambassador to Israel, and a […] | Conference | APT 35 | |
 |
2022-06-13 15:00:45 | (Déjà vu) Translating Saitama\'s DNS tunneling messages, (Mon, Jun 13th) (lien direct) | Saitama is a backdoor that uses the DNS protocol to encapsulate its command and control (C2) messages - a technique known as DNS Tunneling (MITRE ATT&CK T1071). Spotted and documented by MalwareBytes in two articles posted last month (How the Saitama backdoor uses DNS tunneling and APT34 targets Jordan Government using new Saitama backdoor), Saitama was used in a phishing e-mail targeted to a government official from Jordan's foreign ministry on an attack attributed to the Iranian group APT34. | APT 34 | ||
 |
2022-06-09 18:21:34 | Smashing Security podcast #278: Tim Hortons, avoiding sanctions, and good faith security research (lien direct) | Trouble brews with the Tim Hortons app, Mandiant gets in a tussle with a Russian ransomware gang, and should good faith security researchers be at risk of prosecution? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist's Geoff White. | Ransomware | APT 38 | |
 |
2022-06-08 11:00:49 | Privilege Escalation in Azure: Keep your enemies close, and your permissions closer (lien direct) | >By Omer Shmuelly, Security Researcher, Cloud Security, published June 8, 2022 As more and more organizations are migrating their infrastructure to the cloud, a unified cloud security tool, such as Check Point's CloudGuard becomes essential. In an ocean of standards and regulations, managing your cloud security posture (CSPM) can be a challenging task. While some… | APT 32 | ||
 |
2022-05-27 08:00:43 | IT threat evolution Q1 2022 (lien direct) | Kaspersky IT threat review in Q1 2022: activity of APTs such as MoonBounce, BlueNororff, Lazarus and Roaming Mantis, attacks against Ukraine, phishing kits, Okta hack and more. | Hack Threat | APT 38 | ★★★ |
|
2022-05-25 12:46:33 | How the Saitama backdoor uses DNS tunnelling (lien direct) | >A walkthrough of one of the stealthy communication techniques employed in a recent attack using APT34's Saitama backdoor. | APT 34 | ||
|
2022-05-22 15:48:25 | North Korea-linked Lazarus APT uses Log4J to target VMware servers (lien direct) | >North Korea-linked Lazarus APT is exploiting the Log4J remote code execution (RCE) in attacks aimed at VMware Horizon servers. North Korea-linked group Lazarus is exploiting the Log4J RCE vulnerability (CVE-2021-44228) to compromise VMware Horizon servers. Multiple threat actors are exploiting this flaw since January, in January VMware urged customers to patch critical Log4j security vulnerabilities impacting Internet-exposed […] | Vulnerability Threat | APT 38 | |
|
2022-05-20 02:23:24 | Hackers Exploiting VMware Horizon to Target South Korea with NukeSped Backdoor (lien direct) | The North Korea-backed Lazarus Group has been observed leveraging the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped (aka Manuscrypt) implant against targets located in its southern counterpart. "The attacker used the Log4j vulnerability on VMware Horizon products that were not applied with the security patch," AhnLab Security Emergency Response Center (ASEC) said in a | Vulnerability Medical | APT 38 | |
 |
2022-05-19 11:24:04 | Lazarus hackers target VMware servers with Log4Shell exploits (lien direct) | The North Korean hacking group known as Lazarus is exploiting the Log4J remote code execution vulnerability to inject backdoors that fetch information-stealing payloads on VMware Horizon servers. [...] | Vulnerability | APT 38 | |
|
2022-05-17 15:15:09 | CVE-2022-30952 (lien direct) | Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. | APT 32 | ★★ | |
|
2022-05-17 15:15:09 | CVE-2022-30953 (lien direct) | A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server. | Vulnerability | APT 32 | ★★★★ |
|
2022-05-17 15:15:09 | CVE-2022-30954 (lien direct) | Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | APT 32 | ★★★★★ | |
|
2022-05-17 15:01:00 | Anomali Cyber Watch: Costa Rica in Ransomware Emergency, Charming Kitten Spy and Ransom, Saitama Backdoor Hides by Sleeping, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Conti ransomware, India, Iran, Russia, Spearphishing, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
COBALT MIRAGE Conducts Ransomware Operations in U.S.
(published: May 12, 2022)
Secureworks researchers describe campaigns by Iran-sponsored group Cobalt Mirage. These actors are likely part of a larger group, Charming Kitten (Phosphorus, APT35, Cobalt Illusion). In 2022, Cobalt Mirage deployed BitLocker ransomware on a US charity systems, and exfiltrated data from a US local government network. Their ransomware operations appear to be a low-scale, hands-on approach with rare tactics such as sending a ransom note to a local printer. The group utilized its own custom binaries including a Fast Reverse Proxy client (FRPC) written in Go. It also relied on mass scanning for known vulnerabilities (ProxyShell, Log4Shell) and using commodity tools for encryption, internal scanning, and lateral movement.
Analyst Comment: However small your government or NGO organization is, it still needs protection from advanced cyber actors. Keep your system updated, and employ mitigation strategies when updates for critical vulnerabilities are not available.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Command and Scripting Interpreter - T1059 | [MITRE ATT&CK] Modify Registry - T1112 | [MITRE ATT&CK] Create Account - T1136 | [MITRE ATT&CK] Account Manipulation - T1098 | [MITRE ATT&CK] Proxy - T1090 | [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: Cobalt Mirage, Phosphorous, Cobalt Illusion, TunnelVision, Impacket, wmiexec, Softperfect network scanner, LSASS, RDP, Powershell, BitLocker, Ransomware, Fast Reverse Proxy client, FRP, FRPC, Iran, source-country:IR, USA, target-country:US, Cyberespionage, Government, APT, Go, Log4j2, ProxyShell, CVE-2021-34473, CVE-2021-45046, CVE-2021-44228, CVE-2020-12812, CVE-2021-31207, CVE-2018-13379, CVE-2021-34523, CVE-2019-5591
SYK Crypter Distributing Malware Families Via Discord
(published: May 12, 2022)
Morphisec researchers discovered a new campaign abusing popular messaging platform Discord content distribution network (CDN). If a targeted user activates the phishing attachment, it starts the DNetLoader malware that reaches out to the hardcoded Discord CDN link and downloads a next stage crypter such as newly-discovered SYK crypter. SYK crypter is being loaded into memory where it decrypts its configuration and the next stage payload using hardcoded keys and various encryption methods. It detects and impairs antivirus solutions and checks for d |
Ransomware Malware Tool Vulnerability Threat Conference | APT 35 APT 15 APT 34 | |
 |
2022-05-17 13:30:09 | Spear Phishing a Diplomat (lien direct) |
Researchers at Fortinet observed a spear phishing attack that targeted a Jordanian diplomat late last month. The researchers attribute this attack to the Iranian state-sponsored threat actor APT34 (also known as OilRig or Helix Kitten). The body of the phishing email isn't particularly detailed, but the attackers put a significant amount of effort into impersonating an employee at the targeted individual's organization. |
Threat | APT 34 | |
 |
2022-05-17 08:44:00 | BrandPost: DDos Extortion Takes VoIP Providers Offline (lien direct) | Threat actors are continually innovating and rethinking their attack patterns – as well as who they target with attacks. This is clearly seen in their targeting of Voice over Internet Protocol (VoIP) providers, as highlighted in NETSCOUT's 2H 2021 Threat Report. Why target VoIP providers? The short answer is financial gain. Attackers know bringing down VoIP providers that service a large number of customers causes a lot of pain and therefore is ripe for extortion.Cyber attackers launched three worldwide distributed denial-of-service (DDoS) extortion attack campaigns in 2021 – a startling new achievement carried out by a REvil copycat, Lazarus Bear Armada (LBA), and Fancy Lazarus. But threat actors did more than simply increase such global attacks.To read this article in full, please click here | Threat | APT 38 | |
|
2022-05-13 15:51:38 | Iran-Linked OilRig APT Caught Using New Backdoor (lien direct) | The Iran-linked hacking group OilRig was observed using a new backdoor in an attack against a government official within Jordan's foreign ministry, according to new research published this week. | APT 34 | ||
|
2022-05-13 13:26:53 | devOcean Emerges From Stealth With Cloud-Native Security Operations Platform (lien direct) | devOcean has emerged from stealth mode with a cloud-native security operations platform and $6 million in funding. The company's seed round was led by Glilot Capital Partners, with participation from angel investors. | APT 32 | ||
|
2022-05-13 02:32:11 | New Saitama backdoor Targeted Official from Jordan\'s Foreign Ministry (lien direct) | A spear-phishing campaign targeting Jordan's foreign ministry has been observed dropping a new stealthy backdoor dubbed Saitama. Researchers from Malwarebytes and Fortinet FortiGuard Labs attributed the campaign to an Iranian cyber espionage threat actor tracked under the moniker APT34, citing resemblances to past campaigns staged by the group. "Like many of these attacks, the email contained a | Threat | APT 34 | ★★ |
|
2022-05-12 17:30:15 | Iranian hackers exposed in a highly targeted espionage campaign (lien direct) | Threat analysts have spotted a novel attack attributed to the Iranian hacking group known as APT34 group or Oilrig, who targeted a Jordanian diplomat with custom-crafted tools. [...] | Threat | APT 34 | |
|
2022-05-12 13:18:29 | Iranian Cyberspy Group Launching Ransomware Attacks Against US (lien direct) | Over the past several months, Iran-linked cyberespionage group Charming Kitten has been engaging in financially-motivated activities, the Secureworks Counter Threat Unit (CTU) reports. | Ransomware Threat Conference | APT 35 APT 35 | ★★★ |
|
2022-05-12 06:56:45 | Iranian Hackers Leveraging BitLocker and DiskCryptor in Ransomware Attacks (lien direct) | A ransomware group with an Iranian operational connection has been linked to a string of file-encrypting malware attacks targeting organizations in Israel, the U.S., Europe, and Australia. Cybersecurity firm Secureworks attributed the intrusions to a threat actor it tracks under the moniker Cobalt Mirage, which it said is linked to an Iranian hacking crew dubbed Cobalt Illusion (aka APT35, | Ransomware Malware Threat Conference | APT 35 APT 15 | ★★★★ |
|
2022-05-10 20:49:30 | APT34 targets Jordan Government using new Saitama backdoor (lien direct) | A deep dive into a sophisticated attack that used the Saitama backdoor. | APT 34 | ||
|
2022-05-07 10:45:56 | US gov sanctions cryptocurrency mixer Blender also used by North Korea-linked Lazarus APT (lien direct) | The U.S. Department of Treasury sanctioned cryptocurrency mixer Blender.io used by North Korea-linked Lazarus APT. The U.S. Department of Treasury sanctioned the cryptocurrency mixer Blender.io used by the North Korea-linked Lazarus APT to launder the funds stolen from Axie Infinity’s Ronin bridge. This is the first time ever, Treasury is sanctioning a virtual currency mixer. […] | APT 38 APT 28 | ★★★ | |
|
2022-05-06 21:23:05 | U.S. Sanctions Cryptocurrency Mixer Blender for Helping North Korea Launder Millions (lien direct) | The U.S. Treasury Department on Friday moved to sanction virtual currency mixer Blender.io, marking the first time a mixing service has been subjected to economic blockades. The move signals continued efforts on the part of the government to prevent North Korea's Lazarus Group from laundering the funds stolen from the unprecedented hack of Ronin Bridge in late March. The newly imposed sanctions, | Hack Medical | APT 38 APT 28 | ★★★ |
 |
2022-05-05 12:20:10 | VHD Ransomware Linked to North Korea\'s Lazarus Group (lien direct) | Source code and Bitcoin transactions point to the malware, which emerged in March 2020, being the work of APT38, researchers at Trellix said. | Ransomware Medical | APT 38 APT 28 | |
|
2022-05-04 12:39:23 | Experts linked multiple ransomware strains North Korea-backed APT38 group (lien direct) | Researchers from Trellix linked multiple ransomware strains to the North Korea-backed APT38 group. The ransomware was employed in attacks on financial institutions, experts estimated that APT38 (Unit 180 of North Korea’s cyber-army Bureau 121) has stolen at hundreds of million dollars from banks worldwide. APT38 appears to be a North Korea-linked group separate from the […] | Ransomware Medical | APT 38 |
To see everything:
Our RSS (filtrered)
