What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-10-20 00:30:00 | Russian Cyberspies Are Rushing to Exploit Recent Flash 0-Day Before It Goes Cold (lien direct) | A cyber-espionage group identified in the cyber-security industry as APT28 and believed to be operating under the supervision of the Russian state has recently dispatched several malware distribution campaigns that try to take advantage of a Flash zero-day vulnerability that Adobe patched earlier this week. [...] | APT 28 | ★★★★★ | |
 |
2017-10-05 04:55:20 | CSE CybSec ZLAB Malware Analysis Report: APT28 Hospitality malware (lien direct) | The CSE CybSec Z-Lab Malware Lab analyzed the Hospitality malware used by the Russian APT28 group to target hotels in several European countries. The Russian hacker group APT28, also known as Sofacy or Fancy Bear, is believed to be behind a series of attacks in last July against travelers staying in hotels in Europe and Middle […] | APT 28 | ||
 |
2017-09-12 09:21:47 | FA to beef up cybersecurity if England qualify for Russia World Cup (lien direct) | The FA will strengthen its cybersecurity before the 2018 World Cup amid fears about Russian hackers Fancy Bears and concern that tactical and team selection information could be leaked before games. England are top of Group F and on course to qualify automatically for the tournament which begins on 14 June. The FA is still assessing training ... | APT 28 | ||
 |
2017-08-29 11:07:06 | Selon FireEye, le groupe APT28 cible le secteur de l\'hôtellerie (lien direct) |  Selon FireEye, le groupe APT28 cible le secteur de l'hôtellerie, ce qui présente une menace pour les voyageurs. |
APT 28 | ||
 |
2017-08-25 12:59:44 | Fancy Bear : Fuite de données sur le dopage dans le football ! (lien direct) | Piratage de données de santé ! Ce mardi 22 Août, un groupe de pirates informatique a publié... Cet article Fancy Bear : Fuite de données sur le dopage dans le football ! est diffusé par Data Security Breach. | APT 28 | ||
 |
2017-08-24 08:00:14 | Fancy Bears Leak Names Of Footballers Using Banned Medicines During World Cup In 2010 (lien direct) | The ISBuzz Post: This Post Fancy Bears Leak Names Of Footballers Using Banned Medicines During World Cup In 2010 | APT 28 | ||
 |
2017-08-23 04:30:44 | Russian hackers expose allegedly doping footballers (lien direct) | Russian hacking group Fancy Bear has exposed 150 footballers worldwide for allegedly taking banned substances, underlining the importance of protecting personal data | APT 28 | ||
 |
2017-08-15 16:22:58 | Fancy Bear bites hotel networks as EternalBlue mystery deepens (lien direct) | The attack, presumably to spy on high-value hotel guests, is textbook Fancy Bear, say researchers |
APT 28 | ||
 |
2017-08-12 12:00:32 | APT28 Using EternalBlue to Attack Hotels in Europe, Middle East (lien direct) | Researchers believe attacks against wi-fi systems in hotels across Europe and the Middle East track back to Russian-speaking hackers known as APT28. | APT 28 | ||
 |
2017-08-11 08:00:00 | APT28 cible le secteur de l'hôtellerie, présente une menace pour les voyageurs APT28 Targets Hospitality Sector, Presents Threat to Travelers (lien direct) |
Fireeye a une confiance modérée qu'une campagne ciblant le secteur de l'hôtellerie est attribuée à l'acteur russe apt28 .Nous pensons que cette activité, qui remonte au moins en juillet 2017, était destinée à cibler les voyageurs dans des hôtels à travers l'Europe et le Moyen-Orient.L'acteur a utilisé plusieurs techniques notables dans ces incidents tels que renifler les mots de passe du trafic Wi-Fi, empoisonner le service de nom NetBios et se propager latéralement via le eternalblue exploit.
APT28 utilise un document malveillant pour cibler l'industrie hôtelière
Fireeye a découvert un document malveillant envoyé en lance
FireEye has moderate confidence that a campaign targeting the hospitality sector is attributed to Russian actor APT28. We believe this activity, which dates back to at least July 2017, was intended to target travelers to hotels throughout Europe and the Middle East. The actor has used several notable techniques in these incidents such as sniffing passwords from Wi-Fi traffic, poisoning the NetBIOS Name Service, and spreading laterally via the EternalBlue exploit. APT28 Uses Malicious Document to Target Hospitality Industry FireEye has uncovered a malicious document sent in spear |
Threat | Wannacry APT 28 APT 28 | ★★★★ |
 |
2017-07-25 12:40:52 | Microsoft a initié une véritable guérilla contre les hackers d\'APT28 (lien direct) | L'éditeur a littéralement porté plainte contre le groupe de pirate russe. Ce qui lui permet de mettre la main sur une partie de son infrastructure technique.  |
APT 28 | ★★★ | |
 |
2017-07-25 11:45:09 | Tech Firms Target Domains Used by Russia-linked Threat Group (lien direct) | Tech companies ThreatConnect and Microsoft are moving toward exposing and taking down domains associated with Russia-linked threat group known as Fancy Bear. | APT 28 | ||
|
2017-07-24 16:11:50 | Microsoft opens up a new front in the battle against Fancy Bear (lien direct) | Microsoft's lawyers have gone after the the hacking group's web domains - with some success |
APT 28 | ||
 |
2017-07-21 18:55:14 | Microsoft\'s secret weapon in ongoing struggle against Fancy Bear? Trademark law (lien direct) | "Redirecting…Strontium domains will directly disrupt current Strontium infrastructure." | APT 28 | ||
 |
2017-07-21 01:53:45 | How Microsoft Cleverly Cracks Down On "Fancy Bear" Hacking Group (lien direct) | What could be the best way to take over and disrupt cyber espionage campaigns?
Hacking them back?
Probably not. At least not when it's Microsoft, who is continuously trying to protect its users from hackers, cyber criminals and state-sponsored groups.
It has now been revealed that Microsoft has taken a different approach to disrupt a large number of cyber espionage campaigns conducted by "
|
APT 28 | ||
|
2017-06-07 07:15:33 | Selon FireEye, le groupe russe APT28 est à l\'origine de cyberattaques contre le gouvernement du Monténégro (lien direct) |  En raison de son adhésion à l'OTAN, le Monténégro sera probablement la cible de nouvelles attaques similaires. Selon FireEye, le groupe russe APT28 serait impliqué... |
APT 28 | ||
|
2017-06-02 15:33:37 | Bodies Held to Ransom – Tsar Team Hack (lien direct) | This week saw thousands of private photos leaked online, following the hack of a Lithuanian cosmetic surgery clinic. The cybercriminals, who have dubbed themselves the 'Tsar Team', have leaked images they claim come directly from the Grozio Chirurgija clinic services. This follows the group holding the images, many of which were sensitive in nature, to ... | APT 28 | ||
 |
2017-05-25 22:52:31 | Report: Major Upgrade, Investments Needed to Secure Connected Vehicles, Infrastructure (lien direct) | In-brief: a report by the Cloud Security Alliance calls for a bottom up remake of infrastructure to support connected vehicles and warns of more, serious attacks as connected vehicles begin interacting with each other and with connected – but insecure – infrastructure. The ecosystem of connected vehicles is in full expansion, but car...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/333997546/0/thesecurityledger -->»Related StoriesEmboldened, Fancy Bear hacking crew targets French, German PoliticiansReport warns of Robot Hacks, TamperingFBI: Business Email Compromise is a $5 Billion Industry | APT 28 | ||
|
2017-05-18 02:12:30 | APT Inc.: Research Finds Ties Between Chinese Security Firm and Advanced Threat Group (lien direct) | In-brief: The hacking group known as APT 3 appears to be a commercial outfit working on behalf of the Chinese Ministry of State Security (MSS), the firm Recorded Future reported on Wednesday. The hacking group known as APT 3 appears to be a commercial outfit working on behalf of the Chinese Ministry of State Security (MSS), the firm Recorded...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/324578408/0/thesecurityledger -->»       Related StoriesEmboldened, Fancy Bear hacking crew targets French, German PoliticiansAnalysis of 85K Remote Desktop Hacks Finds Education, Healthcare Top TargetsFatal Flaw Slows WannaCry Ransomware Spread, but Threats Remain |
Wannacry APT 28 APT 3 | ||
|
2017-05-12 16:56:43 | Update: UK Hospitals among Victims of Massive Ransomware Attack (lien direct) | In-brief: Hospitals across England were forced to divert patients from emergency departments after suffering what has been described as a cyber attack involving ransomware, according to published reports and a statement from the UK’s National Health Service. (Editor’s Note: Updated to include information on the Wana ransomware. PFR...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/318229288/0/thesecurityledger -->» Related StoriesAnalysis of 85K Remote Desktop Hacks Finds Education, Healthcare Top TargetsEmboldened, Fancy Bear hacking crew targets French, German PoliticiansThe Billion Dollar Headache: Sophisticated Ransomware takes aim at Small Business |
APT 28 | ||
|
2017-05-12 13:31:09 | Mush and Muscle: Mixed Reaction to Trump\'s Executive Order on Cyber (lien direct) | In-brief: President Donald Trump made good on a long-held campaign promise Thursday, signing a tough-talking executive order to strengthen the cyber security of federal networks. But experts worry that the Order comes with too few specifics. President Donald Trump made good on a long-held campaign promise Thursday, signing a tough-talking...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/318039726/0/thesecurityledger -->» Related StoriesEstonia 10 Years Later: Lessons learned from the World’s First Internet WarEmboldened, Fancy Bear hacking crew targets French, German PoliticiansPodcast: Hack, or Phreak – What Really Happened in Dallas? |
APT 28 | ||
|
2017-05-11 15:15:18 | Who Hacked French President-elect Emmanuel Macron\'s Campaign? (lien direct) | One thing is clear. The campaign of French President-elect Emmanuel Macron was hacked prior to the French presidential election this last Sunday -- and the finger was immediately pointed at Russia's APT28 (Fancy Bear). Russia has been caught meddling in western politics once again. | APT 28 | ★★★★★ | |
 |
2017-05-11 13:00:00 | APT28, Turla Nation-State Groups Deployed Multiple 0Days in Recent Attacks (lien direct) | Attack campaigns by APT28, Turla, and an unidentified group showcase easy availability of zero-days. | APT 28 | ||
|
2017-05-10 13:58:56 | Macron campaign team used honeypot accounts to fake out Fancy Bear (lien direct) | Digital team filled fake accounts with garbage data to slow information operation. | APT 28 | ||
 |
2017-05-09 18:00:14 | Sednit adds two zero-day exploits using \'Trump\'s attack on Syria\' as a decoy (lien direct) | Sednit is back - this time with two more zero-day exploits embedded in a phishing email titled Trump's_Attack_on_Syria_English.docx. | APT 28 | ||
|
2017-05-08 20:21:06 | FBI: Business Email Compromise is a $5 Billion Industry (lien direct) | In-brief: the FBI is warning the public to beware of business email compromise attacks, saying that they have cost U.S. businesses more than $1.6 billion in losses since 2013. The U.S. Federal Bureau of Investigation (FBI) is warning business owners and the public about the growing threat posed by so-called “business email...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/314052424/0/thesecurityledger -->» Related StoriesEmboldened, Fancy Bear hacking crew targets French, German PoliticiansGoogle Looks Beyond Passwords To Secure Data, AssetsAnalysis of 85K Remote Desktop Hacks Finds Education, Healthcare Top Targets |
APT 28 | ||
 |
2017-05-06 19:08:00 | MacronLeaks – A Timeline of Events (lien direct) |
It's been a very familiar feeling reading about the documents leaked to impact the elections in France tomorrow.
Often the best defence is to have a proper understanding of what has happened. A quick draft timeline of events from an analysis of document meta-data and forum posts is below.
Attacks in March and April
A number of domains, identified by Trend Micro as linked to a group of attackers known as APT28, were registered for use in attacks against Emmanuel Macron's campaign.
It appears they were registered in two stages - first in the middle of March, then more in the middle of April. The links between these attacks and others in the US elections is strong. I haven’t seen a definitive link that the documents leaked yesterday were the result of these attacks in March and April, but it seems a likely scenario.
Suspicious edits of the leaked documents in March
Many noted that all of the documents in one of the smaller archives released yesterday (xls_cedric) appeared to have been edited over a 4 minute period on the 27th of March.
These were edited by a Russian language version of Microsoft Excel. About half recorded a user named "Рошка Георгий Петрович / Roshka Georgy Petrovich" performing the edits.
It's suspicious that these documents, some which were created over ten years ago, were all edited so recently during the same 4 minutes. It suggests the edits may be following their theft, not before.
Before linking any individual to these attacks though it's important to note:
A number of people have that name;
This could be false information planted by the attackers; or
An entirely innocent employee at a bank somewhere has been unfortunate enough to get caught up in this.
Similar previous mail dumps have included a mix of real and fake information, and the Macron campaign have also said that the dump is a mix of real and fake documents. It's important to keep that in mind – particularly when you see e-mails in the dump suggesting that politicians have bought drugs online.
Documents shared on 4Chan on Wednesday
A first small set of two documents were shared on 4Chan's politics board /pol just prior to the election debates on Wednesday:
These suggested that Macron had secret bank accounts. The post was made by a user from a Latvian IP. The geolocation is likely incorrect and the “Latvian” poster themselves said they were connecting through proxies from another location.
The documents were picked up by fringe news sites quickly, and Le Pen made similar claims during the live debate against Macron that night.
It wasn’t long before some suggested the documents looked like they had been photo-shopped. The “Latvian” poster claimed the problems were due to the how the copies were obtained - by taking photos of the documents "in a short w |
APT 28 | ||
 |
2017-05-06 04:15:35 | Some notes on #MacronLeak (lien direct) |  Tonight (Friday May 5 2017) hackers dumped emails (and docs) related to French presidential candidate Emmanuel Macron. He's the anti-Putin candidate running against the pro-Putin Marin Le Pen. I thought I'd write up some notes.Are they Macron's emails?No. They are e-mails from members of his staff/supporters, namely Alain Tourret, Pierre Person, Cedric O??, Anne-Christine Lang, and Quentin Lafay.There are some documents labeled "Macron" which may have been taken from his computer, cloud drive -- his own, or an assistant.Who done it?Obviously, everyone assumes that Russian hackers did it, but there's nothing (so far) that points to anybody in particular.It appears to be the most basic of phishing attacks, which means anyone could've done it, including your neighbor's pimply faced teenager.Update: Several people [*] have pointed out Trend Micro reporting that Russian/APT28 hackers were targeting Macron back on April 24. Coincidentally, this is also the latest that emails appear in the dump.What's the hacker's evil plan?Everyone is proposing theories about the hacker's plan, but the most likely answer is they don't have one. Hacking is opportunistic. They likely targeted everyone in the campaign, and these were the only victims they could hack. It's probably not the outcome they were hoping for.But since they've gone through all the work, it'd be a shame to waste it. Thus, they are likely releasing the dump not because they believe it will do any good, but because it'll do them no harm. It's a shame to waste all the work they put into it.If there's any plan, it's probably a long range one, serving notice that any political candidate that goes against Putin will have to deal with Russian hackers dumping email.Why now? Why not leak bits over time like with Clinton?France has a campaign blackout starting tonight at midnight until the election on Sunday. Thus, it's the perfect time to leak the files. Anything salacious, or even rumors of something bad, will spread viraly through Facebook and Twitter, without the candidate or the media having a good chance to rebut the allegations.The last emails in the logs appear to be from April 24, the day after the first round vote (Sunday's vote is the second, runoff, round). Thus, the hackers could've leaked this dump any time in the last couple weeks. They chose now to do it.Are the emails verified?Yes and no.Yes, we have DKIM signatures between people's accounts, so we know for certain that hackers successfully breached these accounts. DKIM is an anti-spam method that cryptographically signs emails by the sending domain (e.g. @gmail.com), and thus, can also verify the email hasn't been altered or forged.But no, when a salacious email or document is found in the dump |
Uber APT 28 | ||
|
2017-05-04 17:18:00 | OAuth Worm Targeting Google Users - You Need to Watch Cloud Services (lien direct) |
Yesterday, many people received an e-mail from someone they knew and trusted asking them to open a "Google Doc.” The email looked, felt, and smelled like the real thing—an email that Google normally sends whenever a share request is made. However, the email contained a button that mimicked a link to open a document in Google Docs.
When users clicked on the button, they were prompted to give “Google Docs” permission to read / send email, manage their email, and access their contact lists.
In reality, this was a malicious application registered by the attackers. And, in fact, is one of the most well-crafted phishing attempts in the last year.
By clicking on the ALLOW button, users authorized the malicious application to perform actions on their behalf. The users’ browsers were redirected to one of the malicious servers set up by the attackers, for example:
https://googledocs[.]docscloud[.]win/g.php.
The AlienVault Labs Security Research Team detected the activity, and while the attack was still in progress, we created a Pulse in the Open Threat Exchange (OTX) with all the indicators of the infrastructure the attackers used (mainly the domains they used in redirection).
In addition, several OTX users jumped in and shared more malicious infrastructure in a matter of minutes!
This helped get the indicators out immediately to the 30,000+ people that follow the AlienVault OTX account. Kudos to the OTX members who jumped in and delivered this valuable information so quickly to the community!
Sign up to OTX to join the 53,000+ users who already benefit from this free service >
Going back to the attack–when the user was redirected to one of the servers after allowing the malicious application to perform those actions, it was served with the JavaScript code that contained the self-replication / worm functionality.
First, the malicious JavaScript would get access to the contact list (first 1000 entries):
The code parsed the names and email addresses of those contacts and then prioritize addresses from gmail.com, avoiding addresses containing the words “google”, “keeper” and “unty”.
Once the list of potential victims was crafted, the code sent the same email to them as well, thus propagating the attack:
When sending the email, the attackers also decided to BCC the address hhhhhhhhhhhhhhhh[at]mailinator[.]com -, presumably to monitor progress or collect the list of victims.
Impact
Luckily, Google reacted to this quickly, and the malicious applications were shut down in about an hour after the start of the campaign. Cloudflare, which the attackers used in front of the malicious infrastructure, took down that part of the attack infrastructure quickly, too.
It is important to mentio |
Guideline | Yahoo APT 28 | |
 |
2017-05-04 16:07:32 | US Sanctions Didn\'t Stop Russia\'s Election Hacking-Or Even Slow It Down (lien direct) |  The Fancy Bear group's continued attacks on electoral campaigns shows how easily the Kremlin brushed off Obama's sanctions. The post US Sanctions Didn't Stop Russia's Election Hacking---Or Even Slow It Down |
APT 28 | ||
|
2017-05-03 16:49:00 | Alien Eye in the Sky – 5th May 2017 (lien direct) |
It’s been a busy week with ups and downs in the world of security. But even when things get shaken up like a Michael Bay movie, we keep our eye on what matters the most.
That Google Phish
There was a lot of buzz as many people received phishing emails disguised as invitations to open a Google Doc. By authorising it, users unwittingly gave access to their emails to attackers.
The size and scale of the attack was reminiscent of the viruses of days gone by, such as Melissa.
While Google has worked to close the flaw, it doesn't help those users that have clicked on the link.
If you have clicked on the link, then you need to follow these steps:
Go to google account permissions page and remove access for the fake app
Change passwords on Google and any other sites that may have been using the same password.
Enable two factor / two step verification (like needing an SMS code in order to log on).
Some are suggesting that given the similarities between this fresh phishing scam and the past activity of the DNC hackers, known as APT28, the Google phishers could be the allegedly Kremlin-backed crew. But to Jaime Blasco, chief scientist at security company AlienVault, that's unlikely: "I don't believe they are behind this though because this is way too widespread. Many people/organizations have received similar attempts so this is probably something massive and less targeted." - Full article
Threat post article
Smaller nations hacking skills
As the joke goes, on the internet, nobody knows that you’re a dog. Technology has done a great job in balancing the shift of power into the hands of the many. Now, with modest budgets and technology, startups can challenge well-established brands.
But that also means small nations can build cyber capabilities that match those of much larger nations.
We knew the U.S. and Russia were hacking powers, but Ethiopia and Pakistan?
GDPR
While a lot of European companies are looking to the future wondering what GDPR will bring, the Register looked back and retrospectively estimated what regulator fines on data loss would have been last year had GDPR been implemented.
Where last year British companies were fined £880,500; under GDPR regulation that sum could have been £69 million.
Register Story
Gartner predicts GDPR flouters will be in the majority
Google cloud will be ready for GDPR in May 2018
It’s just Metadata
It's why many governments have pushed for mandatory metadata retention laws, and have been successful. Because in the minds of many, it's only metadata.
Troy Hunt wrote a good article on why Australia just showed the world the problem with mandatory data retention
|
Guideline | APT 28 | |
|
2017-04-27 11:26:45 | Report: we\'ll know antivirus is dead when it goes quiet (lien direct) | In-brief: anti-virus software may go out with neither a bang nor a whimper – but utter silence. That’s if the trend towards cyber criminal actors using file-less malware continues, according to a new report. Antivirus software may go out with neither a bang nor a whimper, but utter silence, according to a new report by the firm...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/300891133/0/thesecurityledger -->» Related StoriesAnalysis of 85K Remote Desktop Hacks Finds Education, Healthcare Top TargetsEmboldened, Fancy Bear hacking crew targets French, German PoliticiansSeven Years After Stuxnet, Industrial Firms Still Lag on Security |
APT 28 | ||
|
2017-04-26 21:47:58 | Analysis of 85K Remote Desktop Hacks Finds Education, Healthcare Top Targets (lien direct) | In-brief: An analysis of 85,000 hacked Remote Desktop Protocol servers from the cyber criminal marketplace xDedic shows that education and healthcare networks were the most often targeted by hackers, who often used brute force password guessing to gain access. Hackers are targeting vulnerable remote desktop protocol (RDP) deployments to gain...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/300249042/0/thesecurityledger -->» Related StoriesPodcast: Hack, or Phreak – What Really Happened in Dallas?Seven Years After Stuxnet, Industrial Firms Still Lag on SecurityEmboldened, Fancy Bear hacking crew targets French, German Politicians |
APT 28 | ||
 |
2017-04-25 17:54:20 | Russian hackers use OAuth, fake Google apps to phish users (lien direct) | The Russian hacking group blamed for targeting U.S. and European elections has been breaking into email accounts, not only by tricking victims into giving up passwords, but by stealing access tokens too. It's sneaky hack that's particularly worrisome, because it can circumvent Google's 2-step verification, according to security firm Trend Micro. The group, known as Fancy Bear or Pawn Storm, has been carrying out the attack with its favored tactic of sending out phishing emails, Trend Micro said in a report Tuesday. To read this article in full or to leave a comment, please click here | APT 28 | ||
|
2017-04-25 16:52:36 | News in brief: Uber under fire in \'Hell\' lawsuit; Europe could be hit by laptop ban; Fancy Bear \'targeted Macron\' (lien direct) | Your daily round-up of some of the other stories in the news |
Uber APT 28 | ||
|
2017-04-25 15:11:55 | Update: Emboldened, Fancy Bear hacking crew targets French, German Politicians (lien direct) | In-brief: emboldened by media attention for its escapades in the U.S. Presidential election, the hacking crew known as “Fancy Bear” is targeting political parties in France as well as Germany, the firm Trend Micro reported on Tuesday – the latest evidence of meddling in foreign affairs. (Editor’s note: updated to add...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/298666506/0/thesecurityledger -->» Related StoriesAs Trump and Xi Meet, Reports of China-Sponsored Hacks Flare | Digital GuardianPodcast: Hack, or Phreak – What Really Happened in Dallas?Podcast: Facebook Makes a Stand. But can Fake News be stopped? |
APT 28 | ||
 |
2017-04-25 12:00:18 | Pawn Storm targets fresh victims to sway public political opinion (lien direct) | The sophisticated attackers are putting more and more pressure on the military, governments, celebrities and media worldwide. | APT 28 | ||
 |
2017-04-25 08:00:14 | Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks (lien direct) | Pawn Storm is an active and aggressive espionage actor group that has been operating since 2004. The group uses different methods and strategies to gain information from their targets, which are covered in our latest research. However, they are particularly known for dangerous credential phishing campaigns. In 2016, the group set up aggressive credential phishing... Post from: Trendlabs Security Intelligence Blog - by Trend Micro Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks | APT 28 | ||
|
2017-04-21 22:23:05 | Google Looks Beyond Passwords To Secure Data, Assets (lien direct) | In-brief: Google is pushing an approach to network security dubbed “tiered access,” demoting the trusted password, which is now just one piece of data that is needed to get access to sensitive data and resources on Google’s network. The status of the lowly password is falling a bit lower in the hallowed halls of Google, where...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/295783494/0/thesecurityledger -->» Related StoriesPodcast: Facebook Makes a Stand. But can Fake News be stopped?Analysis of 85K Remote Desktop Hacks Finds Education, Healthcare Top TargetsEmboldened, Fancy Bear hacking crew targets French, German Politicians |
APT 28 | ||
|
2017-04-09 09:32:27 | Présidentielle : comment les hackers russes veulent influencer l\'élection (lien direct) | L'ombre d'APT28, le redoutable groupe de pirates russes, plane sur l'élection présidentielle française. Selon certains experts, leurs canaux d'intox seraient désormais pointés sur l'Hexagone.  |
APT 28 | ★★★★ | |
 |
2017-04-05 22:57:33 | Part II. APT29 Russian APT including Fancy Bear (lien direct) |  This is the second part of Russian APT series."APT29 - The Dukes Cozy Bear: APT29 is threat group that has been attributed to the Russian government and has operated since at least 2008.1210 This group reportedly compromised the Democratic National Committee starting in the summer of 2015" (src. Mitre ATT&CK)Please see the first post here: Russian APT - APT28 collection of samples including OSX XAgentI highly recommend reading and studying these resources first:Mitre ATT&CK2017-03 Disinformation. A Primer In Russian Active Measures And Influence Campaigns. Hearings before the Select Committee on Intelligence, March 20172014-08 Mikko Hipponen. Governments as Malware Authors. Presentation ppt.2016. No Easy Breach: Challenges and Lessons from an Epic Investigation. Mandiant. Matthew Dunwoody, Nick Carr. VideoBeyond 'Cyber War': Russia's Use of Strategic Cyber Espionage and Information Operations in Ukraine. NATO Cooperative Cyber Defence Centre of Excellence/ Fireeye - Jen WeedonList of References (and samples mentioned) listed from oldest to newest:2012-02 FSecure. COZYDUKE2013-02_Crysys_Miniduke Indicators2013-04_Bitdefender_A Closer Look at MiniDuke2014-04 FSecure_Targeted Attacks and Ukraine2014-05_FSecure.Miniduke still duking it out2014-07_Kaspersky_Miniduke is back_Nemesis Gemina and the Botgen Studio2014-07_Kaspersky_The MiniDuke Mystery PDF 0-day2014-11_FSecure_OnionDuke APT Attacks Via the Tor Network2014_FSecure_Cosmicduke Cosmu with a twist of MiniDuke2015-04_Kaspersky_CozyDuke-CozyBear |
APT 29 APT 28 | ||
|
2017-04-04 15:29:27 | IAAF: \'Fancy Bear\' Sednit behind cyberattack (lien direct) | The IAAF has become the latest organization to fall victim to the cybercriminal gang Sednit. | APT 28 | ||
|
2017-04-04 09:35:00 | Hackers Hit IAAF, Compromise Athlete Records (lien direct) | The IAAF is taking all measures to secure its network after an attack allegedly conducted by hacker group Fancy Bear. | APT 28 | ||
|
2017-04-04 08:38:10 | IAAF Says Russia-Linked Hackers Accessed Medical Records (lien direct) | The International Association of Athletics Federations (IAAF) revealed on Monday that athletes' medical records were accessed in an attack the organization believes was carried out by the Russia-linked cyber espionage group known as Fancy Bear. | APT 28 | ||
 |
2017-04-03 09:48:28 | Fancy Bears: IAAF hacked and fears athletes\' information compromised (lien direct) | The IAAF says it has been hacked by the 'Fancy Bears' group and fears athletes' therapeutic use exemption (TUE) applications has been compromised. | APT 28 | ||
|
2017-03-31 02:03:28 | Part I. Russian APT - APT28 collection of samples including OSX XAgent (lien direct) |  This post is for all of you, Russian malware lovers/haters. Analyze it all to your heart's content. Prove or disprove Russian hacking in general or DNC hacking in particular, or find that "400 lb hacker" or nail another country altogether. You can also have fun and exercise your malware analysis skills without any political agenda.The post contains malware samples analyzed in the APT28 reports linked below. I will post APT29 and others later.Read about groups and types of targeted threats here: Mitre ATT&CKList of References (and samples mentioned) listed from oldest to newest:APT28_2011-09_Telus_Trojan.Win32.Sofacy.AAPT28_2014-08_MhtMS12-27_PrevenityAPT28_2014-10_Fireeye_A_Window_into_Russia_Cyber_Esp.OperationsAPT28_2014-10_Telus_Coreshell.AAPT28_2014-10_TrendMicro Operation Pawn Storm. Using Decoys to Evade DetectionAPT28_2015-07_Digital Attack on German ParliamentAPT28_2015-07_ESET_Sednit_meet_HackingAPT28_2015-07_Telus_Trojan-Downloader.Win32.Sofacy.BAPT28_2015-09_Root9_APT28_Technical_FollowupAPT28_2015-09_SFecure_Sofacy-recycles-carberp-and-metasploit-codeAPT28_2015-10_New Adobe Flash Zero-Day Used in Pawn StormAPT28_2015-10_Root9_APT28_targets Financial MarketsAPT28_2015-12_Bitdefender_In-depth_anal |
APT 29 APT 28 | ||
|
2017-03-08 17:15:00 | Introduction aux applications de cacao en ingénierie inverse Introduction to Reverse Engineering Cocoa Applications (lien direct) |
Bien que cela ne soit pas aussi courant que Windows Malware, un flux constant de logiciels malveillants a été découvert au fil des ans qui s'exécute sur le système d'exploitation OS X, désormais rebaptisé MacOS.Février a vu trois publications particulièrement intéressantes sur le thème des logiciels malveillants MacOS: un application de cacao de trojan qui envoie des informations systèmey compris les données de trousseau à l'attaquant, un version macOS d'APT28\'s xagent malware , et un new-trojan ransomware .
Dans ce blog, l'équipe Flare souhaite introduire deux petits outils qui peuvent aider à la tâche des applications de cacao en ingénierie inverse pour MacOS.Afin de
While not as common as Windows malware, there has been a steady stream of malware discovered over the years that runs on the OS X operating system, now rebranded as macOS. February saw three particularly interesting publications on the topic of macOS malware: a Trojan Cocoa application that sends system information including keychain data back to the attacker, a macOS version of APT28\'s Xagent malware, and a new Trojan ransomware. In this blog, the FLARE team would like to introduce two small tools that can aid in the task of reverse engineering Cocoa applications for macOS. In order to |
Malware Tool | APT 28 | ★★★★ |
|
2017-02-16 05:10:57 | Les hackers russes d\'APT28 ciblent les Mac et exfiltrent les sauvegardes iPhone (lien direct) | Der chercheurs ont mis la main sur une variante inconnue de XAgent, la porte dérobée que ces hackers ont déjà utilisé de nombreuses fois, notamment pour pirater le Parti démocrate américain.  |
APT 28 | ★★★★★ | |
|
2017-02-16 01:38:41 | New MacOS Malware linked to Russian Hackers Can Steal Passwords & iPhone Backups (lien direct) | Security researchers have discovered a new Mac malware allegedly developed by APT28 Russian cyber espionage group who is believed to be responsible for 2016 presidential election hacking scandal.
A new variant of the X-Agent spyware is now targeting Apple macOS system that has previously been used in cyber attacks against Windows, iOS, Android, and Linux devices.
The malware is designed to
|
APT 28 | ||
|
2017-02-15 12:01:50 | Les utilisateurs Mac visés par une nouvelle variante du malware Xagent lié à l\'APT28 (lien direct) |  Le malware sophistiqué Xagent s'attaque désormais aux utilisateurs Mac pour détourner des mots de passe et des sauvegardes iPhone. |
APT 28 APT 21 |
To see everything:
Our RSS (filtrered)
