What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-08-13 18:19:06 | On Drovorub: Linux Kernel Security Best Practices (lien direct) | 
Intro In a U.S. government cyber security advisory released today, the National Security Agency and Federal Bureau of Investigation warn of a previously undisclosed piece of Linux rootkit malware called Drovorub and attribute the threat to malicious actor APT28. The report is incredibly detailed and proposes several complementary detection techniques to effectively identify Drovorub malware […]
|
Malware Threat | APT 28 | |
 |
2020-08-13 18:07:18 | FBI and NSA joint report details APT28\'s Linux malware Drovorub (lien direct) | The FBI and NSA issue joint alert related to new Linux malware dubbed Drovorub that has been used by the Russia-linked APT28 group. The FBI and NSA have published a joint security alert containing technical details about a new piece of Linux malware, tracked as Drovorub, allegedly employed by Russia-linked the APT28 group. The name […] | Malware | APT 28 | |
 |
2020-08-13 13:25:00 | NSA & FBI Disclose New Russian Cyberespionage Malware (lien direct) | APT 28, aka Fancy Bear, is deploying the Drovorub malware designed for Linux systems as part of cyber-espionage operations. | Malware | APT 28 | |
 |
2020-08-06 17:05:49 | Live from Black Hat: Hacking Public Opinion with Renée DiResta (lien direct) |  Psychological operations, orツ?PsyOps, is a topic I???ve been interested in for a while. It???s aツ?blend of social engineering and marketing, both passions of mine. That's why I found the keynote byツ?Renテゥeツ?DiResta,ツ?Research Managerツ?at theツ?Stanford Internet Observatory, particularly interesting.ツ?
The Internet Makes Spreading Information Cheap & Easyツ?
Disinformation and propaganda areツ?oldツ?phenomenaツ?that can be traced back to the invention of the printing press ??? and arguably before then.ツ?With the advent of theツ?Internet, the cost of publishing dropped to zero. There are no hosting costs on certain platforms, butツ?especially in the beginning, theツ?blogosphere was veryツ?decentralized,ツ?and it was hard to get people to read your content.ツ?With theツ?rise of social media,ツ?you can share your content and it can become viral. At the same time, content creation becomes easier.ツ?All of thisツ?eliminates cost barriers andツ?gatekeepers.ツ?ツ?
State Actors ???Hack??? Our Opinionsツ?
As social media platforms matured, the algorithms that curate content become more and more sophisticated. They are trying to group people and deliver personalized targeting of content, which allows adversaries to analyze and game the algorithms.ツ?ツ?
State actors don???t just influence, they start hacking public opinion, which involves fake content producers and fake accounts. They can do this more effectively because they understand the ecosystem extremely well, typically applying one of four tactics, sometimes in combination:ツ?ツ?ツ?
Distract:ツ?Taki |
Hack | APT 28 | ★★★★★ |
 |
2020-07-24 11:00:00 | Russia\'s GRU Hackers Hit US Government and Energy Targets (lien direct) | A previously unreported Fancy Bear campaign persisted for well over a year-and indicates that the notorious group has broadened its focus. | APT 28 | ||
 |
2020-03-25 11:14:47 | Middle East firms face cyber espionage attempts from Russian hackers (lien direct) | As per Trend Micro's research, since May 2019, a Russian state-sponsored notorious cyber espionage threat group called Pawn Storm (also known as Fancy Bear or APT28) has been scanning servers for reusing previously compromised emails. The compromised email addresses are used to carry out phishing campaigns, targeted mainly at defense firms from the Middle […] | Threat | APT 28 | |
|
2020-03-20 12:47:42 | Russia-linked APT28 has been scanning vulnerable email servers in the last year (lien direct) | Experts warn of scanning activity conducted by Russia-linked APT28 cyberespionage group, hackers are searching for vulnerable mail servers. According to security researchers from Trend Micro, the Russia-linked APT28 cyberespionage group has been scanning vulnerable email servers for more than a year. The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) has been active since at least 2007 and it has […] | APT 28 | ||
|
2020-03-20 11:02:10 | Report reveals APT28 email scanning activities (lien direct) | For the past year, one of Russia’s top state-sponsored hacking units has spent its time scanning and probing the internet for vulnerable email servers, according to a report published yesterday by cyber-security firm Trend Micro. The report deals with the activities of APT28, also known as Fancy Bear, Sednit, and Pawn Storm. Source: ZD Net | APT 28 | ||
 |
2020-03-20 05:16:42 | APT28 has been scanning vulnerable email servers for more than a year (lien direct) | Scans have been observed against webmail and Microsoft Exchange Autodiscover servers. | APT 28 | ||
|
2020-01-14 15:30:00 | \'Fancy Bear\' Targets Ukrainian Oil Firm Burisma in Phishing Attack (lien direct) | The oil & gas company is at the heart of the ongoing US presidential impeachment case. | APT 28 | ||
|
2019-12-05 06:41:32 | The evolutions of APT28 attacks (lien direct) | Analyzing how tactics, techniques and procedures of the Russia-linked APT28 cyberespionage group evolve over the time. APT28 is a well known Russian cyber espionage group attributed, with a medium level of confidence, to Russian military intelligence agency GRU (by CrowdStrike). It is also known as Sofacy Group (by Kaspersky) or STRONTIUM (by Microsoft) and it's used to target Aereospace, Defence, Governmente Agencies, International […] | APT 28 | ||
 |
2019-11-04 16:37:57 | A week in security (October 28 – November 3) (lien direct) |
A roundup of the latest cybersecurity news for the week of October 28 – November 3, including cyberattacks against SMBs, the Internet's 50th birthday, stalkerware, donation scams, and more.
Categories:
A week in security
Tags: Adobe Creative Cloudadvanced persistent threatsAmerican Cancer SocietyAndroidAPTbloggercybersecurity challengesdata breachdisaster donation scamemoji appesportsFancy BearfraudFTCGafgytinternetjournalistsMaaSMagecartMalware-as-a-ServiceMessageTapNuclear Power Corp of IndiaRaccoonRetina-XsextortionSMBstalkerwareUS Federal Trade Commissionwordpress
(Read more...)
|
APT 28 | ||
 |
2019-10-30 13:10:59 | Russia-linked Hackers Target Sports Organisations (lien direct) | It has been reported that Microsoft Corp said it has tracked “significant” cyberattacks coming from a group it calls “Strontium” or “Fancy Bear”, targeting anti-doping authorities and global sporting organisations. At least 16 national and international sporting and anti-doping organisations across three continents were targeted in the attacks which began on Sept. 16, according to the company. The company … The ISBuzz Post: This Post Russia-linked Hackers Target Sports Organisations | APT 28 | ||
 |
2019-10-30 07:22:00 | Des pirates russes tentent déjà de perturber les Jeux olympiques de Tokyo (lien direct) | Microsoft révèle que le célèbre groupe russe APT28 a mené des cyberattaques contre plusieurs organisations sportives et antidopage à l'approche des JO de 2020.  |
APT 28 | ★★★★ | |
|
2019-10-29 06:57:24 | Fancy Bear continues to target sporting and anti-doping organizations (lien direct) | Russia-linked cyber-espionage group Fancy Bear has carried out multiple cyberattacks targeting sporting and anti-doping organizations across the world. Microsoft revealed that Russia-linked cyber-espionage group Fancy Bear (aka APT28, Sednit, Sofacy, Zebrocy, and Strontium) has carried out multiple cyberattacks targeting sporting and anti-doping organizations across the world. According to the tech giant, Russian cyber spies have targeted at least 16 agencies […] | APT 28 | ||
|
2019-10-28 22:00:19 | Russian Hackers Are Still Targeting the Olympics (lien direct) | Fancy Bear has targeted 16 anti-doping agencies around the world, indicating that its Olympics grudge is far from over. | APT 28 | ||
|
2019-10-28 21:21:36 | Microsoft: Russian hackers are targeting sporting organizations ahead of Tokyo Olympics (lien direct) | Microsoft said APT28 targeted "at least 16 national and international sporting and anti-doping organizations." | APT 28 | ||
|
2019-10-24 19:29:53 | A DDoS gang is extorting businesses posing as Russian government hackers (lien direct) | Exclusive: Fake "Fancy Bear" group is demanding money from companies in the financial sector, threatening DDoS attacks. | APT 28 | ||
|
2019-09-24 20:01:51 | A new Fancy Bear backdoor used to target political targets (lien direct) | Security experts at ESET have uncovered a new campaign carried out by Russia-linked Fancy Bear APT group aimed at political targets. Security researchers at ESET have uncovered a new campaign carried out by Russia-linked Fancy Bear APT group (i.e. APT28, Sednit, Sofacy, Zebrocy, and Strontium) aimed at political targets. In the recent attacks, the hackers […] | APT 28 | ||
|
2019-09-24 09:34:10 | Political targets at risk as Fancy Bear returns with refreshed backdoor malware (lien direct) | The threat group's attack chain is now even heavier with a string of malicious payloads. | Malware Threat | APT 28 | |
 |
2019-09-24 09:30:57 | No summer vacations for Zebrocy (lien direct) | ESET researchers describe the latest components used in a recent Sednit campaign | APT 28 | ||
|
2019-08-12 15:38:03 | A week in security (August 5 – 11) (lien direct) |
The latest cybersecurity news for the week of August 5–11. We touch on problematic backdoors, the grim possibility of the Internet of Thoughts, and smart home improvement. We also released a retrospective report on ransomware.
Categories:
A week in security
Tags: a week in securityAPT28awisbackdoorsbitcoinbmibrain-machine interfacechrome incognitoCTNT reportdslr flawfacebookFancy BearIBM X-Force Incident Response and Intelligence ServicesIRISMark Zuckerbergmessenger kidsphishingprotonmailransomwarerobocallrobocall scamsextortionsmart homessteamStrontiumweekly blog roundup
(Read more...)
|
APT 28 | ||
 |
2019-08-07 08:06:04 | (Déjà vu) Russian hackers are using IOT devices to compromise corporate networks, warns Microsoft (lien direct) | Microsoft detected Russian hackers targeting VoIP phones, printers, and video decoders to breach secure networks Russian state-sponsored hackers are using vulnerable office internet of things (IoT) devices to breach enterprise or corporate networks, Microsoft announced on Monday. The OS maker stated that the Russian hacking group known as Strontium (also commonly known as APT28 or […] | APT 28 | ||
|
2019-08-06 18:15:00 | Russian Attack Group Uses Phones & Printers to Breach Corporate Networks (lien direct) | Microsoft spotted Strontium, also known as APT28 or Fancy Bear, using IoT devices to breach businesses and seek high-value data. | APT 28 | ||
 |
2019-08-06 15:20:00 | Microsoft finds Russia-backed attacks that exploit IoT devices (lien direct) | The STRONTIUM hacking group, which has been strongly linked by security researchers to Russia's GRU military intelligence agency, was responsible for an IoT-based attack on unnamed Microsoft customers, according to the company. a blog post from the company's security response center issued Monday.Microsoft said in a blog that the attack, which it discovered in April, targeted three specific IoT devices – a VoIP phone, a video decoder and a printer (the company declined to specify the brands) – and used them to gain access to unspecified corporate networks. Two of the devices were compromised because nobody had changed the manufacturer's default password, and the other one hadn't had the latest security patch applied. | APT 28 | ||
|
2019-08-06 07:04:02 | Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks (lien direct) | The STRONTIUM Russia-linked APT group is compromising common IoT devices to gain access to several corporate networks. Researchers at Microsoft observed the Russia-linked APT group STRONTIUM abusing IoT devices to gain access to several corporate networks. The STRONTIUM APT group (aka APT28, Fancy Bear, Pawn Storm, Sofacy Group, and Sednit) has been active since at least 2007 and it has […] | Hack | APT 28 | |
|
2019-08-05 18:30:00 | Microsoft: Russian state hackers are using IoT devices to breach enterprise networks (lien direct) | Microsoft said it detected Strontium (APT28) targeting VoIP phones, printers, and video decoders. | APT 28 | ||
 |
2019-07-25 13:00:00 | Can you trust threat intelligence from threat sharing communities? | AT&T ThreatTraq (lien direct) | Every week the AT&T Chief Security Office produces a series called ThreatTraq with helpful information and news commentary for InfoSec practitioners and researchers. I really enjoy them; you can subscribe to the Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq. The video features Jaime Blasco, VP and Chief Scientist, AlienVault, Stan Nurilov, Lead Member of Technical Staff, AT&T, and Joe Harten, Director Technical Security. Stan: Jaime. I think you have a very interesting topic today about threat intelligence. Jaime: Yes, we want to talk about how threat intelligence is critical for threat detection and incident response, but then when this threat intelligence and the threat actors try to match those indicators and that information that is being shared, it can actually be bad for companies. So we are going to share some of the experiences we have had with managing the Open Threat Exchange (OTX) - one of the biggest threat sharing communities out there. Stan: Jaime mentioned that they have so many threat indicators and so much threat intelligence as part of OTX, the platform. Jaime: We know attackers monitor these platforms and are adjusting tactics and techniques and probably the infrastructure based on public reaction to cyber security companies sharing their activities in blog posts and other reporting. An example is in September 2017, we saw APT28, and it became harder to track because we were using some of the infrastructure and some of the techniques that were publicly known. And another cyber security company published content about that and then APT28 became much more difficult to track. The other example is APT1. If you remember the APT1 report in 2013 that Mandiant published, that made the group basically disappear from the face of earth, right? We didn't see them for a while and then they changed the infrastructure and they changed a lot of the tools that they were using, and then they came back in 2014. So we can see that that threat actor disappeared for a while, changed and rebuilt, and then they came back. We also know that attackers can try to publish false information in this platform, so that's why it's important that not only those platforms are automated, but also there are human analysts that can verify that information. Joe: It seems like you have to have a process of validating the intelligence, right? I think part of it is you don't want to take this intelligence at face value without having some expertise of your own that asks, is this valid? Is this a false positive? Is this planted by the adversary in order to throw off the scent? I think it's one of those things where you can't automatically trust - threat intelligence. You have to do some of your own diligence to validate the intelligence, make sure it makes sense, make sure it's still fresh, it's still good. This is something we're working on internally - creating those other layers to validate and create better value of our threat intelligence. Jaime: The other issue I wanted to bring to the table is what we call false flag operations - that's when an adversary or a threat actor studies another threat actor and tries to emulate their behavior. So when companies try to do at | Malware Threat Studies Guideline | APT 38 APT 28 APT 1 | |
|
2019-05-22 09:30:03 | A journey to Zebrocy land (lien direct) | ESET sheds light on commands used by the favorite backdoor of the Sednit group | APT 28 | ||
|
2019-05-01 12:03:00 | Mysterious hacker has been selling Windows 0-days to APT groups for three years (lien direct) | Hacker has sold Windows zero-days to the likes of Fancy Bear, FIN groups, and cyber-crime gangs. | APT 28 | ||
|
2019-04-18 11:08:02 | APT28 and Upcoming Elections: evidence of possible interference (Part II) (lien direct) | In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild, is it related to APT28 and upcoming elections? Introduction The uncertain attribution of the Ukrainian themed malicious document discussed in our past article “APT28 and Upcoming Elections: Possible Interference Signals”, led us to a review of Sofacy's phishing techniques to confirm or […] | APT 28 | ||
|
2019-04-12 14:14:05 | APT28 and Upcoming Elections: evidence of possible interference (lien direct) | In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild, is it related to APT28 and upcoming elections? Introduction In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild. This file was uncommon, it seemed carefully prepared and was speaking about who is leading in the elections […] | Guideline | APT 28 | |
|
2019-03-22 21:16:03 | Russian Hackers Target EU Elections (lien direct) | It has been reported today that Russian hackers have targeted European government systems ahead of the EU parliament election.According to researchers, two state-sponsored hacking groups, APT28 and Sandworm, used spear phishing - the practice of sending out emails designed to look like they're from a trusted party - in an attempt to obtain government information. https://t.co/zUI5H6d8QQ Evidence mounts that Russian … The ISBuzz Post: This Post Russian Hackers Target EU Elections | APT 28 | ||
|
2019-02-20 21:12:03 | Microsoft says Russian APT28 espionage group hit Democratic Institutions in Europe (lien direct) | Microsoft says Russian APT28 group carried out multiple cyberattacks on democratic institutions in Europe between September and December 2018. Microsoft revealed that hackers belonging to the cyber espionage group APT28 (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) launched several attacks on democratic institutions in Europe between September and December 2018. The tech giant revealed that 104 accounts belonging […] | APT 28 | ||
 |
2019-02-20 16:16:05 | Microsoft: Russia\'s Fancy Bear Working to Influence EU Elections (lien direct) | As hundreds of millions of Europeans prepare to go to the polls in May, Fancy Bear ramps up cyber-espionage and disinformation efforts. | APT 28 | ||
|
2019-02-20 08:20:05 | Microsoft reveals new APT28 cyber-attacks against European political entities (lien direct) | Microsoft also expands AccountGuard security service for political entities in 12 European countries. | APT 28 | ||
|
2019-01-30 07:28:05 | Sofacy\'s Zepakab Downloader Spotted In-The-Wild (lien direct) | In the last weeks, the Cybaze-Yoroi ZLAB investigated a new APT28 campaign leveraging the Zepakab Downloader. In the last weeks, the Cybaze-Yoroi ZLAB investigated a new APT28 campaign discovered in January 2019. The sample has been initially identified by an Italian independent security researcher, who warned the InfoSec community and shared the binary for further […] | APT 28 | ||
 |
2019-01-16 11:07:00 | LoJax Command and Control Domains Still Active (lien direct) | Security researchers have uncovered new details about the infrastructure used by LoJax UEFI rootkit used in attacks from APT28. The analysis revealed two command and control (C2) servers were still active in early 2019. [...] | APT 28 | ||
|
2018-12-28 20:02:01 | First Ever UEFI Rootkit Tied to Sednit APT (lien direct) | Researcher at ESET outlines research on the first successful UEFI rootkit used in the wild. | APT 28 | ||
|
2018-12-14 13:41:04 | Fancy Bear exploits Brexit to target government groups with Zebrocy Trojan (lien direct) | A number of former USSR nation states are also on the target list. | APT 28 | ||
|
2018-12-14 08:22:03 | New Sofacy campaign aims at Government agencies across the world (lien direct) | Security experts at Palo Alto Networks uncovered a new espionage campaign carried out by Russia-Linked APT group Sofacy. Russian Cyber espionage group Sofacy (aka APT28, Pawn Storm, Fancy Bear, Sednit, Tsar Team, and Strontium)) carried out a new cyber campaign aimed at government agencies in four continents in an attempt to infect them with malware. The campaign has been focusing on Ukraine and NATO […] | APT 28 | ||
|
2018-12-04 07:24:01 | (Déjà vu) Russia-linked APT Sofacy leverages BREXIT lures in recent attacks (lien direct) | Russia-linked cyber-espionage group Sofacy, (aka APT28, Pawn Storm, Fancy Bear, Sednit, Tsar Team, and Strontium) use BREXIT lures in recent attacks. The APT group used Brexit-themed bait documents on the same day the UK Prime Minister Theresa May announced the initial BREXIT draft agreement with the European Union (EU). “As the United Kingdom (UK) Prime Minister Theresa May announced the initial BREXIT draft agreement […] | APT 28 | ||
|
2018-11-29 12:00:00 | Beware the Malware-Laden Brexit News (lien direct) | New Fancy Bear attack campaign lures victims with phony Brexit-themed document to deliver Zekapab payload. | APT 28 | ||
|
2018-11-21 06:23:03 | Sofacy APT group used a new tool in latest attacks, the Cannon (lien direct) | Sofacy APT group (aka APT28, Pawn Storm, Fancy Bear, Sednit, Tsar Team, and Strontium) has a new weapon in its arsenal dubbed Cannon. The Russia-linked APT group delivers Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former USSR state. Experts at Palo Alto Networks spotted a new campaign in late October and early November, spear-phishing messages used Word […] | Tool | APT 28 | |
|
2018-11-20 16:34:03 | Sednit: What\'s going on with Zebrocy? (lien direct) | >In August 2018, Sednit's operators deployed two new Zebrocy components, and since then we have seen an uptick in Zebrocy deployments, with targets in Central Asia, as well as countries in Central and Eastern Europe, notably embassies, ministries of foreign affairs, and diplomats. | APT 28 | ||
|
2018-11-20 14:16:01 | Russia\'s Fancy Bear and Cozy Bear Hackers May Have New Phishing Tricks (lien direct) | Two new reports show an uptick in sophisticated phishing attacks originating from-where else-Russia. | APT 29 APT 28 | ||
|
2018-11-16 13:35:01 | Cybaze ZLab- Yoroi team spotted a new variant of the APT28 Lojax rootkit (lien direct) | Malware researchers at the Cybaze ZLab- Yoroi team spotted a new variant of the dangerous APT28 Lojax rootkit. A new variant of the infamous APT28 Lojax (aka Double-Agent) has been discovered by the Cybaze ZLab – Yoroi team. It is the latest version of the well-known rootkit Double-Agent, previously analyzed by ESET researchers. The behavior of […] | APT 28 | ||
|
2018-11-09 15:30:00 | US Cyber Command Starts Uploading Foreign APT Malware To Virus Total (lien direct) | It’s been reported that The Cyber National Mission Force in the US is now uploading malware samples it finds to VirusTotal. IT security experts commented below. Chris Doman, Threat Engineer at AlienVault: “The US Cyber Command has uploaded two malware samples relating to APT28, the Russian group behind the US election hacking. So far, the … The ISBuzz Post: This Post US Cyber Command Starts Uploading Foreign APT Malware To Virus Total | Malware Threat | APT 28 | |
|
2018-10-14 12:33:03 | (Déjà vu) Security Affairs newsletter Round 184 – News of the week (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! · APT28 group return to covert intelligence gathering […] | APT 28 | ||
|
2018-10-10 19:00:00 | Russian Hacking Groups Intersect in Recent Cyberattacks (lien direct) | Two different hacking teams best known as Turla and Fancy Bear employed the same stealthy attack method in an unusual overlap of hacking activity. | APT 28 |
To see everything:
Our RSS (filtrered)
