What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-09-09 16:24:00 | Weekly Threat Briefing: Skimmer, Ransomware, APT Group, and More (lien direct) | The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Baka, DDoS, Netwalker, PyVil, Windows Defender, TA413, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
‘Baka’ Javascript Skimmer Identified
(published: September 6, 2020)
Visa have issued a security alert based on identification of a new skimmer, named “Baka”. Based on analysis by Visa Payment Fraud Disruption, the skimmer appears to be more advanced, loading dynamically and using an XOR cipher for obfuscation. The attacks behind Baka are injecting it into checkout pages using a script tag, with the skimming code downloading from the Command and Control (C2) server and executing in memory to steal customer data.
Recommendation: eCommerce site owners must take every step necessary to secure their data and safeguard their payment card information. Visa has also released best practices in the security advisory.
Tags: Baka, Javascript, Skimmer
Netwalker Ransomware Hits Argentinian Government, Demands $4 Million
(published: September 6, 2020)
The Argentinian immigration agency, Dirección Nacional de Migaciones suffered a ransomware attack that shut down border crossings. After receiving many tech support calls, the computer networks were shut down to prevent further spread of the ransomware, which led to a cecission in border crossings until systems were up again. The ransomware used in this attack is Netwalker ransomware, that left a ransom note demanding initalling $2 million, however when this wasn’t paid in the first week, the ransom increased to $4 million.
Recommendation: Ransomware can potentially be blocked by using endpoint protection solutions (HIDS). Always keep your important files backed up following the 3-2-1 rule: have at least 3 different copies, on 2 different mediums, with 1 off-site. In the case of ransomware infection, the affected system must be wiped and reformatted. Other devices on the network should be checked for similar infections. Always check for a decryptor before considering payment; avoid payment at all costs. Ransomware should be reported to law enforcement agencies who are doing their best to track these actors and prevent ransom from being a profitable business for cyber criminals.
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: Argentina, Government, Netwalker, Ransomware
No Rest for the Wicked: Evilnum Unleashes PyVil RAT
(published: September 3, 2020)
Researchers on the Cybereason Nocturnus team have published their research tracking the threat actor group known as Evilnum, and an ongoing change in their tooling and attack procedures. This includes a new Remote Access Trojan (RAT), written in python that they have begun to use. The actor group attacks targets in the financial services sector using highly targeted spearphishing. The phishing lures leverage "Know Your Customer" (KY |
Ransomware Malware Tool Vulnerability Threat Medical | APT 38 APT 28 | ★★★★ |
 |
2020-08-28 03:36:28 | Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware (lien direct) | An Iranian cyberespionage group known for targeting government, defense technology, military, and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn and WhatsApp and infect their devices with malware.
Detailing the new tactics of the "Charming Kitten" APT group, Israeli firm Clearsky said, "starting July 2020, we have identified a new TTP of the group, |
Malware Conference | APT 35 | |
 |
2020-07-23 14:46:05 | New MATA Multi-platform malware framework linked to NK Lazarus APT (lien direct) | North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide The notorious Lazarus Group is using a new multi-platform malware framework, dubbed MATA, in attacks aimed at organizations worldwide, to deploy Kaspersky researchers observed that MATA was used by the threat actors to distribute ransomware (i.e. VHD […] | Ransomware Malware Threat Medical | APT 38 | |
|
2020-07-23 02:18:46 | North Korean Hackers Spotted Using New Multi-Platform Malware Framework (lien direct) | Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware.
Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework - so-called because of the authors' reference to the |
Malware Medical | APT 38 | |
 |
2020-07-22 15:55:00 | North Korea\'s Lazarus Group Developing Cross-Platform Malware Framework (lien direct) | The APT group, known for its attack on Sony Pictures in 2014, has created an "advanced malware framework" that can launch and manage attacks against systems running Windows, MacOS, and Linux. | Malware | APT 38 | |
 |
2020-07-22 14:49:59 | Lazarus hackers deploy ransomware, steal data using MATA malware (lien direct) | A recently discovered malware framework known as MATA and linked to the North Korean-backed hacking group known as Lazarus was used in attacks targeting corporate entities from multiple countries since April 2018 for ransomware deployment and data theft. [...] | Ransomware Malware | APT 38 | |
|
2020-05-13 06:49:31 | USCYBERCOM shares five new North Korea-linked malware samples (lien direct) | The United States Cyber Command (USCYBERCOM) has uploaded five new North Korean malware samples to VirusTotal. The United States Cyber Command (USCYBERCOM) has shared five new malware samples attributed to the North Korea-linked Lazarus APT, it has uploaded the malicious code to VirusTotal. “On May 12, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the […] | Malware | APT 38 | |
|
2020-05-12 16:30:00 | DHS, FBI & DoD Report on New North Korean Malware (lien direct) | Three new reports detail malware coming out of the Hidden Cobra cyber operations in North Korea. | Malware Medical | APT 38 | |
|
2020-05-12 11:36:58 | US govt exposes new North Korean malware, phishing attacks (lien direct) | The US government today released information on three new malware variants used in malicious cyber activity campaigns by a North Korean government-backed hacker group tracked as HIDDEN COBRA. [...] | Malware Medical | APT 38 | |
|
2020-05-09 22:14:52 | North Korea-linked Lazarus APT uses a Mac variant of the Dacls RAT (lien direct) | North Korea-linked Lazarus APT group employed a Mac variant of the Dacls Remote Access Trojan (RAT) in recent attacks. North Korea-linked Lazarus APT already used at least two macOS malware in previous attacks, now researchers from Malwarebytes have identified a new Mac variant of the Linux-based Dacls RAT. The activity of the Lazarus APT group (aka HIDDEN COBRA) […] | Malware Medical | APT 38 | |
|
2020-05-09 12:39:40 | North Korean hackers infect real 2FA app to compromise Macs (lien direct) | Hackers have hidden malware in a legitimate two-factor authentication (2FA) app for macOS to distribute Dacls, a remote access trojan associated with the North Korean Lazarus group. [...] | Malware Medical | APT 38 | |
|
2020-02-14 21:07:17 | US Govt agencies detail North Korea-linked HIDDEN COBRA malware (lien direct) | The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released reports on North Korea-linked HIDDEN COBRA malware. The FBI, the US Cyber Command, and the Department of Homeland Security have published technical details of a new North-Korea linked hacking operation. The government experts released new and updated Malware Analysis Reports (MARs) […] | Malware Medical | APT 38 | |
|
2019-12-17 20:43:46 | (Déjà vu) Dacls RAT, the first Lazarus malware that targets Linux devices (lien direct) | Researchers spotted a new Remote Access Trojan (RAT), dubbed Dacls, that was used by the Lazarus APT group to target both Windows and Linux devices. Experts at Qihoo 360 Netlab revealed that the North-Korea Lazarus APT group used a new Remote Access Trojan (RAT), dubbed Dacls, to target both Windows and Linux devices. The activity […] | Malware | APT 38 | |
 |
2019-12-17 14:40:28 | Poison Frog Malware Samples Reveal OilRig\'s Sloppiness (lien direct) | An analysis of a new backdoor called “Poison Frog” revealed that the OilRig threat group was sloppy in its development of the malware. Kaspersky Lab came across Poison Frog while scanning its archives using its YARA rule to hunt for new and old malware samples employed by OilRig. It launched this investigatory effort shortly after […]… Read More | Malware Threat | APT 34 | |
|
2019-12-17 13:05:00 | Lazarus Hackers Target Linux, Windows With New Dacls Malware (lien direct) | A new Remote Access Trojan (RAT) malware dubbed Dacls and connected to the Lazarus Group has been spotted by researchers while being used to target both Windows and Linux devices. [...] | Malware Medical | APT 38 | |
 |
2019-12-10 17:00:00 | New fileless malware for macOS linked to Lazarus Group (lien direct) | The new malware sample bears similarities to the well-known AppleJeus malware, which targets cryptocurrency exchanges. AppleJeus is the product of Lazarus Group, a shadowy cybercrime organization believed by many to be linked to North Korea. | Malware Medical | APT 38 | |
|
2019-12-05 01:07:48 | ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector (lien direct) | Cybersecurity researchers have uncovered a new, previously undiscovered destructive data-wiping malware that is being used by state-sponsored hackers in the wild to target energy and industrial organizations in the Middle East.
Dubbed ZeroCleare, the data wiper malware has been linked to not one but two Iranian state-sponsored hacking groups-APT34, also known as ITG13 and Oilrig, and Hive0081, |
Malware | APT 34 | |
 |
2019-11-20 12:41:07 | Mac Backdoor Linked to Lazarus Targets Korean Users (lien direct) |  By Gabrielle Joyce Mabutas Criminal interest in MacOS continues to grow, with malware authors churning out more threats that target users of the popular OS. Case in point: A new variant of a Mac backdoor (detected by Trend Micro as Backdoor.MacOS.NUKESPED.A) attributed to the cybercriminal group Lazarus, which was observed targeting Korean users with a...
|
Malware | APT 38 | |
|
2019-11-14 11:49:25 | Tracking Iran-linked APT33 group via its own VPN networks (lien direct) | APT33, the Iran-linked APT group, has been using multiple layers of obfuscation to run a dozen live C2 servers for extremely targeted attacks. APT33, the Iran-linked APT group, has been using multiple layers of obfuscation to run a dozen live C2 servers involved in extremely targeted malware attacks. The targeted malware campaigns aimed at organizations […] | Malware | APT33 APT 33 | |
|
2019-11-14 07:01:25 | More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting (lien direct) |  The threat group APT33 is known to target the oil and aviation industries aggressively. Our recent findings show that the group uses about a dozen live Command and Control (C&C) servers for extremely narrow targeted malware campaigns against organizations in the Middle East, the U.S., and Asia.
|
Malware Threat | APT33 APT 33 | |
 |
2019-10-31 16:15:13 | Experts Reactions On North Korean Malware Found On Indian Nuclear Plants Network (lien direct) | It has been reported the network of one of India’s nuclear power plants was infected with malware created by North Korea’s state-sponsored hackers, the Nuclear Power Corporation of India Ltd (NPCIL) confirmed today. Several security researchers identified the malware as a version of Dtrack, a backdoor trojan developed by the Lazarus Group, North Korea’s elite hacking unit. There … The ISBuzz Post: This Post Experts Reactions On North Korean Malware Found On Indian Nuclear Plants Network | Malware Medical | APT 38 | |
|
2019-10-25 06:49:12 | Experts attribute NukeSped RAT to North Korea-Linked hackers (lien direct) | Experts at Fortinet analyzed NukeSped malware samples that share multiple similarities with malware associated with North Korea-linked APTs. Fortinet has analyzed the NukeSped RAT that is believed to be a malware in the arsenal of the Lazarus North-Korea linked APT group. The attribution to the Lazarus group is based on the similarities with other malware […] | Malware Medical | APT 38 | |
|
2019-10-21 15:29:10 | Russian Hackers Use Iranian Threat Group\'s Tools, Servers as Cover (lien direct) | The Russian-backed Turla cyber-espionage group used stolen malware and hijacked infrastructure from the Iranian-sponsored OilRig to attack targets from dozens of countries according to a joint United Kingdom's National Cyber Security Centre (NCSC) and U.S. National Security Agency (NSA) advisory published today. [...] | Malware Threat | APT 34 | |
 |
2019-09-26 22:55:00 | Dtrack : un logiciel espion, jusque-là inconnu, du groupe malveillant Lazarus frappe des établissements financiers et des centres de recherche (lien direct) | L'équipe GReAT (Global Research & Analysis Team) de Kaspersky a découvert un logiciel espion jusque-là inconnu, repéré dans des établissements financiers et centres de recherche en Inde. Ce spyware dénommé Dtrack, qui aurait été créé par le groupe malveillant Lazarus, sert au téléchargement de fichiers sur les systèmes des victimes, à l'enregistrement de frappes clavier ainsi qu'à d'autres actions typiques d'un malware d'administration à distance (RAT). En 2018, des chercheurs de Kaspersky ont découvert (...) - Malwares | Malware | APT 38 | |
 |
2019-09-24 18:56:47 | North Korean-Linked Dtrack RAT Discovered (lien direct) | An investigation into banking malware targeting India has led to the discovery of a new remote access Trojan (RAT) employed by the North Korean-linked Lazarus group, Kaspersky reports. | Malware Medical | APT 38 | |
|
2019-09-09 14:09:05 | U.S. Cyber Command Adds North Korean Malware Samples to VirusTotal (lien direct) | The U.S. Cyber Command (USCYBERCOM) this week released 11 malware samples to VirusTotal, all of which appear related to the notorious North Korean-linked threat group Lazarus. | Malware Threat | APT 38 | |
 |
2019-07-25 13:00:00 | Can you trust threat intelligence from threat sharing communities? | AT&T ThreatTraq (lien direct) | Every week the AT&T Chief Security Office produces a series called ThreatTraq with helpful information and news commentary for InfoSec practitioners and researchers. I really enjoy them; you can subscribe to the Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq. The video features Jaime Blasco, VP and Chief Scientist, AlienVault, Stan Nurilov, Lead Member of Technical Staff, AT&T, and Joe Harten, Director Technical Security. Stan: Jaime. I think you have a very interesting topic today about threat intelligence. Jaime: Yes, we want to talk about how threat intelligence is critical for threat detection and incident response, but then when this threat intelligence and the threat actors try to match those indicators and that information that is being shared, it can actually be bad for companies. So we are going to share some of the experiences we have had with managing the Open Threat Exchange (OTX) - one of the biggest threat sharing communities out there. Stan: Jaime mentioned that they have so many threat indicators and so much threat intelligence as part of OTX, the platform. Jaime: We know attackers monitor these platforms and are adjusting tactics and techniques and probably the infrastructure based on public reaction to cyber security companies sharing their activities in blog posts and other reporting. An example is in September 2017, we saw APT28, and it became harder to track because we were using some of the infrastructure and some of the techniques that were publicly known. And another cyber security company published content about that and then APT28 became much more difficult to track. The other example is APT1. If you remember the APT1 report in 2013 that Mandiant published, that made the group basically disappear from the face of earth, right? We didn't see them for a while and then they changed the infrastructure and they changed a lot of the tools that they were using, and then they came back in 2014. So we can see that that threat actor disappeared for a while, changed and rebuilt, and then they came back. We also know that attackers can try to publish false information in this platform, so that's why it's important that not only those platforms are automated, but also there are human analysts that can verify that information. Joe: It seems like you have to have a process of validating the intelligence, right? I think part of it is you don't want to take this intelligence at face value without having some expertise of your own that asks, is this valid? Is this a false positive? Is this planted by the adversary in order to throw off the scent? I think it's one of those things where you can't automatically trust - threat intelligence. You have to do some of your own diligence to validate the intelligence, make sure it makes sense, make sure it's still fresh, it's still good. This is something we're working on internally - creating those other layers to validate and create better value of our threat intelligence. Jaime: The other issue I wanted to bring to the table is what we call false flag operations - that's when an adversary or a threat actor studies another threat actor and tries to emulate their behavior. So when companies try to do at | Malware Threat Studies Guideline | APT 38 APT 28 APT 1 | |
|
2019-07-23 14:40:03 | Iranian Hackers Send Out Fake LinkedIn Invitations Laced With Malware (lien direct) | U.S. cybersecurity firm FireEye has warned of a malicious phishing campaign that it has attributed to the Iranian-linked APT34-whose activity has been reported elsewhere as OilRig and Greenbug. The campaign has been targeting LinkedIn users with plausible but bogus invitations to join a professional network and emailed attachments laced with malware that seeks to infect systems with a hidden backdoor … The ISBuzz Post: This Post Iranian Hackers Send Out Fake LinkedIn Invitations Laced With Malware | Malware | APT 34 | |
|
2019-07-22 08:04:00 | New APT34 campaign uses LinkedIn to deliver fresh malware (lien direct) | The APT24 group continues its cyber espionage activity, its members were posing as a researcher from Cambridge to infect victims with three new malware. Experts at FireEye have uncovered a new espionage campaign carried out by APT34 APT group (OilRig, and HelixKitten. Greenbug) through LinkedIn. Members of the cyberespionage group were posing as a researcher from Cambridge […] | Malware | APT 24 APT 34 | |
|
2019-07-19 17:46:01 | Iranian Hackers Use New Malware in Recent Attacks (lien direct) | The Iran-linked cyber-espionage group OilRig has started using three new malware families in campaigns observed over the past month, FireEye reports. | Malware | APT 34 | ★★★ |
 |
2019-07-18 10:00:00 | Hard Pass: invitation déclinante APT34 \\ à rejoindre leur réseau professionnel Hard Pass: Declining APT34\\'s Invite to Join Their Professional Network (lien direct) |
arrière-plan
Avec des tensions géopolitiques croissantes au Moyen-Orient, nous nous attendons à ce que l'Iran augmente considérablement le volume et la portée de ses campagnes de cyber-espionnage.L'Iran a un besoin critique d'intelligence stratégique et est susceptible de combler cette lacune en effectuant un espionnage contre les décideurs et les organisations clés qui peuvent avoir des informations qui renforcent les objectifs économiques et de sécurité nationale de l'Iran.L'identification de nouveaux logiciels malveillants et la création d'une infrastructure supplémentaire pour permettre de telles campagnes met en évidence l'augmentation du tempo de ces opérations à l'appui des intérêts iraniens.
fi
Background With increasing geopolitical tensions in the Middle East, we expect Iran to significantly increase the volume and scope of its cyber espionage campaigns. Iran has a critical need for strategic intelligence and is likely to fill this gap by conducting espionage against decision makers and key organizations that may have information that furthers Iran\'s economic and national security goals. The identification of new malware and the creation of additional infrastructure to enable such campaigns highlights the increased tempo of these operations in support of Iranian interests. Fi |
Malware | APT 34 APT 34 | ★★★★ |
|
2019-07-09 08:42:00 | (Déjà vu) Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016 (lien direct) | The malware samples shared by USCYBERCOM last week were first detected in December 2016 in attacks attributed to Iran-linked APT33. Last week the United States Cyber Command (USCYBERCOM) uploaded to VirusTotal a malware used by Iran-linked APT33 group in attacks in Dec 2016 and Jan 2017. Now experts at Kaspersky confirmed that the malware was […] | Malware | APT33 APT 33 | |
|
2019-07-04 12:48:03 | (Déjà vu) Mise en garde contre la vulnérabilité d\'Outlook par FireEye (lien direct) | “FireEye a observé et communiqué publiquement la preuve de l'exploitation par de multiples 'hackers' iraniens de la vulnérabilité Outlook CVE-2017-11774 depuis l'année dernière. FireEye attribue la nouvelle alerte malware diffusée par le US Cyber Command (U.S. CYBERCOM) concernant l'exploitation de CVE-2017-11774 au groupe de menaces iranien APT33. Les techniques utilisées sont en ligne avec le comportement d'APT33 décrit dans notre blog post “OVERRULED” en Décembre 2018 – ainsi qu'avec la campagne (...) - Vulnérabilités | Malware | APT33 APT 33 | |
|
2019-07-03 15:31:02 | Outlook Flaw Exploited by Iranian APT33, US CyberCom Issues Alert (lien direct) | US Cyber Command issued a malware alert on Twitter regarding the active exploitation of the CVE-2017-11774 Outlook vulnerability to attack US government agencies, allowing the attackers to execute arbitrary commands on compromised systems. [...] | Malware Vulnerability | APT33 APT 33 | |
|
2019-05-13 18:50:03 | US Government Unveils New North Korean Hacking Tool (lien direct) | It has been reported that yesterday the Department of Homeland Security and the FBI publicly identified a new North Korean malware capable of funnelling information from a victim’s computer network. Dubbed ElectricFish by government officials, the malware is the latest tool in North Korea’s hacking program, referred to as Hidden Cobra. The U.S. Cyber Emergency Response Team published a report warning the public … The ISBuzz Post: This Post US Government Unveils New North Korean Hacking Tool | Malware Tool Medical | APT 38 | |
 |
2019-05-13 16:46:00 | ScarCruft APT Adds Bluetooth Harvester to its Malware Bag of Tricks (lien direct) | In its latest observed campaign, there were also overlaps in victimology with the DarkHotel APT. | Malware | APT 37 | |
|
2019-05-10 13:53:03 | DHS and FBI published a Malware Analysis Report on North Korea-linked tool ELECTRICFISH (lien direct) | The U.S. Department of Homeland Security (DHS) and the FCI published a new joint report on ELECTRICFISH, a malware used by North Korea. US DHS and the Federal Bureau of Investigation (FBI) conducted a joint analysis of a traffic tunneling tool dubbed ELECTRICFISH used by North Korea-linked APT group tracked as Hidden Cobra (aka Lazarus). It […] | Malware Tool Medical | APT 38 | |
 |
2019-05-10 10:41:04 | North Korea debuts new Electricfish malware in Hidden Cobra campaigns (lien direct) | The tool is used to forge covert pathways out of infected Windows PCs. | Malware Tool | APT 38 | |
|
2019-05-10 03:04:03 | North Korean Hackers Using ELECTRICFISH Tunnels to Exfiltrate Data (lien direct) | The U.S. Department of Homeland Security (DHS) and the FBI have issued another joint alert about a new piece of malware that the prolific North Korean APT hacking group Hidden Cobra has actively been using in the wild.
Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by North Korean government and known to launch cyber attacks against media |
Malware Medical | APT 38 | |
|
2019-05-09 16:59:05 | (Déjà vu) North Korean Hackers Use ELECTRICFISH Malware to Steal Data (lien direct) | The Federal Bureau of Investigation (FBI) and the U.S. Department of Homeland Security (DHS) have issued a joint malware analysis report (MAR) on a new malware strain dubbed ELECTRICFISH and used by the North-Korean APT group Lazarus to exfiltrate data from victims. [...] | Malware | APT 38 | |
 |
2019-04-25 18:28:33 | Lazarus APT cible les utilisateurs Mac avec un document de mot empoisonné Lazarus APT Targets Mac Users with Poisoned Word Document (lien direct) |
Les acteurs de la menace ont le savoir-faire pour développer des campagnes qui ciblent votre maillon le plus faible.Découvrez comment Lazarus APT a apporté son malware sur la plate-forme macOS d'Apple \\.
Threat actors have the know-how to develop campaigns that target your weakest link. Learn how Lazarus APT took their malware to Apple\'s macOS platform. |
Malware | APT 38 | ★★★ |
 |
2019-04-22 15:47:02 | (Déjà vu) A week in security (April 15 – 21) (lien direct) |
A roundup of security news from April 15–21, including an explanation of like-farming, Ellen DeGeneres scam, flaws in VPN services, funky malware formats found in Ocean Lotus, and more.
Categories:
Security world
Week in security
Tags: a week in securitycyber resilienceEllen DeGeneresfake Airbnb sitesFlame 2.0IE vulnerabilitylike-farmingnotre dame disinformationVPN flawweek in security
(Read more...)
|
Malware | APT 32 | |
|
2019-04-19 18:37:05 | Funky malware format found in Ocean Lotus sample (lien direct) |
Recently, one of our researchers presented at the SAS conference on "Funky malware formats"-atypical executable formats used by malware that are only loaded by proprietary loaders. In this post, we analyze one of those formats in a sample called Ocean Lotus from the APT 32 threat group in Vietnam.
Categories:
Malware
Threat analysis
Tags: APT 32atypical malware formatsBLOBCABcustom formatmalware formatocean lotusVietnam
(Read more...)
|
Malware Threat | APT 32 | |
|
2019-04-18 20:47:05 | Analyzing OilRig\'s malware that uses DNS Tunneling (lien direct) | Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals. Security researchers at Palo Alto Networks reported that Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals. OilRig is an Iran-linked APT group that has been […] | Malware | APT 34 | |
|
2019-04-12 14:58:05 | North Korea\'s Hidden Cobra Strikes U.S. Targets with HOPLIGHT (lien direct) | The custom malware is a spy tool and can also disrupt processes at U.S. assets. | Malware Tool | APT 38 | |
|
2019-04-11 17:00:04 | (Déjà vu) DHS And FBI Issue Advisory On North Korean HOPLIGHT Malware (lien direct) | It has been reported that the U.S. Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued a joint malware analysis report (MAR) on a new Trojan dubbed HOPLIGHT, used by the North-Korean APT group Lazarus. According to the MAR AR19-100A advisory published on the US-CERT website, the new Trojan was detected while tracking … The ISBuzz Post: This Post DHS And FBI Issue Advisory On North Korean HOPLIGHT Malware | Malware | APT 38 | |
 |
2019-04-11 12:28:03 | New Hoplight malware marks re-emergence of Lazarus Group. (lien direct) | The Lazarus Group hacking operation, thought to be controlled by the North Korean government, has a new malware toy to pitch at potential targets and the US is getting worried about it. This according to a report from US-Cert, which say that the group (also known as “Hidden Cobra”) has a new piece of spyware […] | Malware Medical | APT 38 | |
|
2019-04-10 14:06:04 | DHS and FBI Issue Advisory on North Korean HOPLIGHT Malware (lien direct) | The U.S. Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued a joint malware analysis report (MAR) on a new Trojan dubbed HOPLIGHT, used by the North-Korean APT group Lazarus. [...] | Malware | APT 38 | |
 |
2019-04-09 09:30:05 | OceanLotus: macOS malware update (lien direct) | >Latest ESET research describes the inner workings of a recently found addition to OceanLotus's toolset for targeting Mac users | Malware | APT 32 | |
|
2019-03-28 08:20:04 | Lazarus APT continues to target cryptocurrency businesses with Mac malware (lien direct) | North Korea-linked Lazarus group made the headlines again, it has been leveraging PowerShell to target both Windows and macOS machines. The North Korea-linked Lazarus APT group made has been leveraging PowerShell to target both Windows and macOS machines in a new wave of attacks. The discovery was made by experts at Kaspersky Lab, the campaign […] | Malware Medical | APT 38 |
To see everything:
Our RSS (filtrered)
