What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-03-23 14:00:00 | Anomali Cyber Watch: APT, Malware, Vulnerabilities and More. (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: BlackRock, CopperStealer, Go, Lazarus, Mirai, Mustang Panda, Rust, Tax Season, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Bogus Android Clubhouse App Drops Credential-Swiping Malware
(published: March 19, 2021)
Researchers are warning of a fake version of the popular audio chat app Clubhouse, which delivers malware that steals login credentials for more than 450 apps. Clubhouse has burst on the social media scene over the past few months, gaining hype through its audio-chat rooms where participants can discuss anything from politics to relationships. Despite being invite-only, and only being around for a year, the app is closing in on 13 million downloads. The app is only available on Apple's App Store mobile application marketplace - though plans are in the works to develop one.
Analyst Comment: Use only the official stores to download apps to your devices. Be wary of what kinds of permissions you grant to applications. Before downloading an app, do some research.
MITRE ATT&CK: [MITRE ATT&CK] Remote File Copy - T1105
Tags: LokiBot, BlackRock, Banking, Android, Clubhouse
Trojanized Xcode Project Slips XcodeSpy Malware to Apple Developers
(published: March 18, 2021)
Researchers from cybersecurity firm SentinelOne have discovered a malicious version of the legitimate iOS TabBarInteraction Xcode project being distributed in a supply-chain attack. The malware, dubbed XcodeSpy, targets Xcode, an integrated development environment (IDE) used in macOS for developing Apple software and applications. The malicious project is a ripped version of TabBarInteraction, a legitimate project that has not been compromised. Malicious Xcode projects are being used to hijack developer systems and spread custom EggShell backdoors.
Analyst Comment: Researchers attribute this new targeting of Apple developers to North Korea and Lazarus group: similar TTPs of compromising developer supply chain were discovered in January 2021 when North Korean APT was using a malicious Visual Studio project. Moreover, one of the victims of XcodeSpy is a Japanese organization regularly targeted by North Korea. A behavioral detection solution is required to fully detect the presence of XcodeSpy payloads.
MITRE ATT&CK: [MITRE ATT&CK] Remote File Copy - T1105 | [MITRE ATT&CK] Security Software Discovery - T1063 | [MITRE ATT&CK] Obfuscated Files or Information - T1027
Tags: Lazarus, XcodeSpy, North Korea, EggShell, Xcode, Apple
Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware
(published: March 18, 2021)
Cybereason detected a new campaig |
Ransomware Malware Tool Threat Patching Medical | APT 38 APT 28 | |
 |
2021-03-20 12:00:00 | Where Are Those Shoes You Ordered? Check the Ocean Floor (lien direct) | More containers have fallen off ships in the past four months than are typically lost in a year. Blame heavy traffic and rolling waves. | APT 32 | ||
 |
2021-03-19 15:37:00 | APT31 Fingered for Cyber-Attack on Finnish Parliament (lien direct) | Finland says its government was spied on by threat group with links to Chinese government | Threat | APT 31 | |
 |
2021-03-18 18:30:27 | Finland IDs Hackers Linked to Parliament Spying Attack (lien direct) | Finland's domestic security agency said Thursday that the cybergroup APT31, which is generally linked to the Chinese government, was likely behind a cyberspying attack on the information systems of the Nordic country's parliament. | APT 31 | ||
 |
2021-03-18 16:21:29 | China-linked APT31 group was behind the attack on Finnish Parliament (lien direct) | China-linked cyber espionage group APT31 is believed to be behind an attack on the Parliament of Finland that took place in 2020. China-linked cyber espionage group APT31 is believed to be behind an attack on the Parliament of Finland that took place in 2020. According to the government experts, the hackers breached some parliament email […] | APT 31 | ||
|
2021-03-17 18:03:00 | Anomali Cyber Watch: APT, Ransomware, Vulnerabilities and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, AlientBot, Clast82, China, DearCry, RedXOR, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Google: This Spectre proof-of-concept shows how dangerous these attacks can be
(published: March 15, 2021)
Google has released a proof of concept (PoC) code to demonstrate the practicality of Spectre side-channel attacks against a browser's JavaScript engine to leak information from its memory. Spectre targeted the process in modern CPUs called speculative execution to leak secrets such as passwords from one site to another. While the PoC demonstrates the JavaScript Spectre attack against Chrome 88's V8 JavaScript engine on an Intel Core i7-6500U CPU on Linux, Google notes it can easily be tweaked for other CPUs, browser versions and operating systems.
Analyst Comment: As the density of microchip manufacturing continues to increase, side-channel attacks are likely to be found across many architectures and are difficult (and in some cases impossible) to remediate in software. The PoC of the practicality of performing such an attack using javascript emphasises that developers of both software and hardware be aware of these types of attacks and the means by which they can be used to invalidate existing security controls.
Tags: CVE-2017-5753
Threat Assessment: DearCry Ransomware
(published: March 12, 2021)
A new ransomware strain is being used by actors to attack unpatched Microsoft Exchange servers. Microsoft released patches for four vulnerabilities that are being exploited in the wild. The initial round of attacks included installation of web shells onto affected servers that could be used to infect additional computers. While the initial attack appears to have been done by sophisticated actors, the ease and publicity around these vulnerabilities has led to a diverse group of actors all attempting to compromise these servers.
Analyst Comment: Patch and asset management are a critical and often under-resourced aspect of defense in depth. As this particular set of vulnerabilities and attacks are against locally hosted Exchange servers, organization may want to assess whether a hosted solution may make sense from a risk standpoint
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted - T1022 | [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] File and Directory Discovery - T1083 | [MITRE ATT&CK] Email Collection - T1114 | [MITRE ATT&CK] Obfuscated Files or Information - T1027 | [MITRE ATT&CK] System Service Discovery - T1007 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 | |
Ransomware Tool Vulnerability Threat Guideline | Wannacry APT 41 APT 34 | |
|
2021-03-12 13:00:00 | Ocean Acidification Could Make Tiny Fish Lose Their Hearing (lien direct) | Their inner ears turn wonky when they grow up in carbon-rich water, which could keep juveniles from finding their way to the reefs. That could mean trouble. | APT 32 | ||
 |
2021-03-04 13:01:47 | Le groupe APT Lazarus se tourne à présent vers l\'industrie de la défense (lien direct) | Les chercheurs de Kaspersky ont identifié une nouvelle campagne, jusqu'alors inconnue, menée par Lazarus, un acteur APT très prolifique. Actif depuis au moins 2009, Lazarus est lié à un certain nombre de campagnes, notamment à l'encontre du marché des crypto-monnaies. The post Le groupe APT Lazarus se tourne à présent vers l'industrie de la défense first appeared on UnderNews. | APT 38 APT 28 | ||
|
2021-03-02 15:00:00 | Anomali Cyber Watch: APT Groups, Cobalt Strike, Russia, Malware, and More (lien direct) |
We are excited to announce Anomali Cyber Watch, your weekly intelligence digest. Replacing the Anomali Weekly Threat Briefing, Anomali Cyber Watch provides summaries of significant cybersecurity and threat intelligence events, analyst comments, and recommendations from Anomali Threat Research to increase situational awareness, and the associated tactics, techniques, and procedures (TTPs) to empower automated response actions proactively.
We hope you find this version informative and useful. If you haven’t already subscribed get signed up today so you can receive curated and summarized cybersecurity intelligence events weekly.
The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, Emotet, Go, Masslogger, Mustang Panda, OilRig, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Hypervisor Jackpotting: CARBON SPIDER and SPRITE SPIDER Target ESXi Servers With Ransomware to Maximize Impact
(published: February 26, 2021)
Recent reporting indicates that two prolific cybercrime threat groups, CARBON SPIDER and SPRITE SPIDER, have begun targeting ESXi, a hypervisor developed by VMWare to run and manage virtual machines. SPRITE SPIDER uses PyXie's LaZagne module to recover vCenter credentials stored in web browsers and runs Mimikatz to steal credentials from host memory. After authenticating to vCenter, SPRITE SPIDER enables ssh to permit persistent access to ESXi devices. In some cases, they also change the root account password or the host’s ssh keys. Before deploying Defray 777, SPRITE SPIDER’s ransomware of choice, they terminate running VMs to allow the ransomware to encrypt files associated with those VMs. CARBON SPIDER has traditionally targeted companies operating POS devices, with initial access being gained using low-volume phishing campaigns against this sector. But throughout 2020 they were observed shifting focus to “Big Game Hunting” with the introduction of the Darkside Ransomware. CARBON SPIDER gains access to ESXi servers using valid credentials and reportedly also logs in over ssh using the Plink utility to drop the Darkside
Recommendation: Both CARBON SPIDER and SPRITE SPIDER likely intend to use ransomware targeting ESXi to inflict greater harm – and hopefully realize larger profits – than traditional ransomware operations against Windows systems. Should these campaigns continue and prove to be profitable, we would expect more threat actors to imitate these activities.
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Hidden Files and Directories - T1158 | [MITRE ATT&CK] Process Discovery - T1057 | [MITRE ATT&CK] File Deletion - T1107 | [MITRE ATT&CK] Remote Services - T1021 | [MITRE ATT&CK] Scheduled Transfer - T1029 | |
Ransomware Malware Threat | Wannacry Wannacry APT 29 APT 28 APT 31 APT 34 | |
 |
2021-03-02 05:49:51 | ObliqueRAT returns with new campaign using hijacked websites (lien direct) | By Asheer Malhotra.
Cisco Talos has observed another malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread the remote access trojan (RAT) ObliqueRAT.
This campaign targets organizations in South Asia.ObliqueRAT has been linked to the Transparent Tribe APT group in the past.This campaign hides the ObliqueRAT payload in seemingly benign image files hosted on compromised websites.
What's new?Cisco Talos recently discovered another new campaign distributing the...
[[ This is only the beginning! Please visit the blog for the complete entry ]] |
Malware | APT 36 | |
 |
2021-02-28 20:05:19 | We are living in 1984 (ETERNALBLUE) (lien direct) | In the book 1984, the protagonist questions his sanity, because his memory differs from what appears to be everybody else's memory.The Party said that Oceania had never been in alliance with Eurasia. He, Winston Smith, knew that Oceania had been in alliance with Eurasia as short a time as four years ago. But where did that knowledge exist? Only in his own consciousness, which in any case must soon be annihilated. And if all others accepted the lie which the Party imposed-if all records told the same tale-then the lie passed into history and became truth. 'Who controls the past,' ran the Party slogan, 'controls the future: who controls the present controls the past.' And yet the past, though of its nature alterable, never had been altered. Whatever was true now was true from everlasting to everlasting. It was quite simple. All that was needed was an unending series of victories over your own memory. 'Reality control', they called it: in Newspeak, 'doublethink'.I know that EternalBlue didn't cause the Baltimore ransomware attack. When the attack happened, the entire cybersecurity community agreed that EternalBlue wasn't responsible.But this New York Times article said otherwise, blaming the Baltimore attack on EternalBlue. And there are hundreds of other news articles [eg] that agree, citing the New York Times. There are no news articles that dispute this.In a recent book, the author of that article admits it's not true, that EternalBlue didn't cause the ransomware to spread. But they defend themselves as it being essentially true, that EternalBlue is responsible for a lot of bad things, even if technically, not in this case. Such errors are justified, on the grounds they are generalizations and simplifications needed for the mass audience.So we are left with the situation Orwell describes: all records tell the same tale -- when the lie passes into history, it becomes the truth.Orwell continues:He wondered, as he had many times wondered before, whether he himself was a lunatic. Perhaps a lunatic was simply a minority of one. At one time it had been a sign of madness to believe that the earth goes round the sun; today, to believe that the past is inalterable. He might be ALONE in holding that belief, and if alone, then a lunatic. But the thought of being a lunatic did not greatly trouble him: the horror was that he might also be wrong.I'm definitely a lunatic, alone in my beliefs. I sure hope I'm not wrong. Update: Other lunatics document their struggles with Minitrue: When I was investigating the TJX breach, there were NYT articles citing unnamed sources that were made up & then outlets would publish citing the NYT. The TJX lawyers would require us to disprove the articles. Each time we would. It was maddening fighting lies for 8 months.— Nicholas J. Percoco (@c7five) March 1, 2021 |
Ransomware | NotPetya Wannacry APT 32 | |
 |
2021-02-26 23:15:11 | CVE-2020-36079 (lien direct) | Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory. | Guideline | APT 33 | |
 |
2021-02-26 19:56:39 | Lazarus Targets Defense Companies with ThreatNeedle Malware (lien direct) | A spear-phishing campaigned linked to a North Korean APT uses “NukeSped” malware in cyberespionage attacks against defense companies. | Malware | APT 38 | |
|
2021-02-26 04:48:42 | Here\'s How North Korean Hackers Stole Data From Isolated Network Segment (lien direct) | During an attack on the defense industry, the North Korea-linked threat group known as Lazarus was able to exfiltrate data from a restricted network segment by taking control of a router and setting it up as a proxy server. | Threat | APT 38 APT 28 | |
 |
2021-02-26 03:02:08 | North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware (lien direct) | A prolific North Korean state-sponsored hacking group has been tied to a new ongoing espionage campaign aimed at exfiltrating sensitive information from organizations in the defense industry.
Attributing the attacks with high confidence to the Lazarus Group, the new findings from Kaspersky signal an expansion of the APT actor's tactics by going beyond the usual gamut of financially-motivated |
Malware Medical | APT 38 | ★★ |
|
2021-02-25 17:50:39 | North Korea-linked Lazarus APT targets defense industry with ThreatNeedle backdoor (lien direct) | North Korea-linked Lazarus APT group has targeted the defense industry with the custom-backdoor dubbed ThreatNeedle since 2020. North Korea-linked Lazarus APT group has targeted the defense industry with the backdoor dubbed ThreatNeedle since early 2020. The state-sponsored hackers targeted organizations from more than a dozen countries. The experts discovered the custom backdoor while investigating an […] | APT 38 APT 28 | ||
 |
2021-02-25 16:49:06 | North Korean hackers find another new target: The defense industry (lien direct) | The Lazarus group had a busy 2020, and 2021 is shaping up to be another devastatingly productive year for one of the most dangerous hacking groups on the planet. | Medical | APT 38 APT 28 | |
 |
2021-02-25 10:00:53 | Lazarus targets defense industry with ThreatNeedle (lien direct) | In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group's other campaigns. | Malware | APT 38 APT 28 | |
|
2021-02-24 12:46:50 | Vietnamese Hackers Target Human Rights Defenders: Amnesty (lien direct) | Between February 2018 and November 2020, Vietnam-linked hacking group Ocean Lotus targeted Vietnamese human rights activists in the country and abroad with spyware, a new report from Amnesty International reveals. | APT 32 | ||
 |
2021-02-23 20:00:00 | APT32 state hackers target human rights defenders with spyware (lien direct) | Vietnam-backed hacking group APT32 has coordinated several spyware attacks targeting Vietnamese human rights defenders (HRDs) between February 2018 and November 2020. [...] | APT 32 | ||
|
2021-02-22 21:07:03 | Chinese Hackers Hijacked NSA-Linked Hacking Tool: Report (lien direct) | APT31, a Chinese-affiliated threat group, copied a Microsoft Windows exploit previously used by the Equation Group, said researchers. | Threat | APT 31 | |
|
2021-02-22 17:15:12 | CVE-2021-27228 (lien direct) | An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names (such as constructor or hasOwnProperty) to convince the System that the supplied API Key exists in the underlying JS object, and consequently achieve complete access to User/Admin/Super API functions, as demonstrated by a /super/constructor/accounts/list URI. | APT 32 | ||
|
2021-02-22 15:06:35 | Chinese Hackers Cloned Equation Group Exploit Years Before Shadow Brokers Leak (lien direct) | A Chinese threat actor known as APT31 likely acquired and cloned one of the Equation Group's exploits three years before the targeted vulnerability was publicly exposed as part of Shadow Brokers' “Lost in Translation” leak, cybersecurity firm Check Point says in a new report. | Vulnerability Threat | APT 31 | |
|
2021-02-18 11:10:00 | (Déjà vu) Two More Lazarus Group Members Indicted for North Korean Attacks (lien direct) | Sony Pictures, WannaCry and string of heists blamed on agents | Wannacry Wannacry APT 38 APT 28 | ★★★ | |
|
2021-02-17 22:25:42 | US DoJ charges three members of the North Korea-linked Lazarus APT group (lien direct) | The US DOJ charged three members of the North Korea-linked Lazarus Advanced Persistent Threat (APT) group. The U.S. Justice Department indicted three North Korean military intelligence officials, members of the Lazarus APT group, for their involvement in cyber-attacks, including the theft of $1.3 billion in money and crypto-currency from organizations around the globe. The indictment […] | Threat | APT 38 APT 28 | |
|
2021-02-17 18:20:28 | (Déjà vu) U.S. Accuses North Korean Hackers of Stealing Millions (lien direct) | The feds have expanded the list of financial and political hacking crimes they allege are linked to Lazarus Group and North Korea. | Medical | APT 38 APT 28 | |
 |
2021-02-17 17:33:00 | (Déjà vu) US charges two more members of the \'Lazarus\' North Korean hacking group (lien direct) | The US DOJ described the North Korean hackers as "the world's leading bank robbers" and "a criminal syndicate with a flag." | Guideline | APT 38 | |
 |
2021-02-17 12:25:00 | (Déjà vu) North Korean Lazarus Group hackers indicted in US (lien direct) | The US DOJ described the North Korean hackers as "the world's leading bank robbers" and "a criminal syndicate with a flag." | APT 38 APT 28 | ||
 |
2021-02-11 19:00:02 | Using whale songs to image beneath the ocean\'s floor (lien direct) | Seismic data generated by whale songs helps build a picture of the ocean's base. | APT 32 | ||
|
2021-02-11 11:00:00 | UN Links North Korea to $281m Crypto Exchange Heist (lien direct) | Most funds recovered but attack bears hallmarks of hermit kingdom | Cloud | APT 37 | |
|
2021-02-07 11:55:04 | Security Affairs newsletter Round 300 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Experts explain how to bypass recent improvement of Chinas Great Firewall New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle […] | APT 32 | ||
|
2021-02-05 17:50:02 | The Arctic Ocean may have gone fresh in ice age times (lien direct) | Chemical clues in seafloor sediment show an absence of salt. | APT 32 | ||
|
2021-02-04 15:01:01 | Overall participation in open source was down in 2020 (lien direct) | Meanwhile, 47% of developers believe tech companies should fund payment for their contributions, according to a new DigitalOcean survey. | APT 32 | ||
|
2021-02-01 03:15:16 | New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers (lien direct) | A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research.
Deployed by the China-based cybercrime group Rocke, the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors |
Malware Threat | APT 32 | |
|
2021-01-31 11:27:14 | New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs (lien direct) | The Rocke group is using a new piece of cryptojacking malware dubbed Pro-Ocean to target Apache ActiveMQ, Oracle WebLogic, and Redis installs. The cybercrime group Rocke is using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable Apache ActiveMQ, Oracle WebLogic, and Redis intalls. The malware is an evolution of a Monero cryptocurrency […] | Malware | APT 32 | |
|
2021-01-29 14:49:07 | Microsoft: North Korea-linked Zinc APT targets security experts (lien direct) | Microsoft, like Google TAG, observed a cyber espionage campaign aimed at vulnerability researchers that attributed to North Korea-linked Zinc APT group. Researchers from Microsoft monitored a cyber espionage campaign aimed at vulnerability researchers and attributed the attacks to North Korea-linked Zinc APT group. “In recent months, Microsoft has detected cyberattacks targeting security researchers by an […] | Vulnerability Medical | APT 38 | |
|
2021-01-29 14:06:49 | New Pro-Ocean malware worms through Apache, Oracle, Redis servers (lien direct) | The financially-motivated Rocke hackers are using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable instances of Apache ActiveMQ, Oracle WebLogic, and Redis. [...] | Malware | APT 32 | |
|
2021-01-29 13:29:10 | Lazarus Affiliate \'ZINC\' Blamed for Campaign Against Security Researcher (lien direct) | New details emerge of how North Korean-linked APT won trust of experts and exploited Visual Studio to infect systems with 'Comebacker' malware. | APT 38 | ||
|
2021-01-28 20:06:57 | Rocke Group\'s Malware Now Has Worm Capabilities (lien direct) | The Pro-Ocean cryptojacking malware now comes with the ability to spread like a worm, as well as harboring new detection-evasion tactics. | Malware | APT 32 | |
|
2021-01-28 14:47:45 | Microsoft: DPRK hackers \'likely\' hit researchers with Chrome exploit (lien direct) | Today, Microsoft disclosed that they have also been monitoring the targeted attacks against vulnerability researchers for months and have attributed the attacks to a DPRK group named 'Zinc.' [...] | Vulnerability Medical | APT 38 | |
|
2021-01-18 13:00:00 | The Autonomous Saildrone Surveyor Preps for Its Sea Voyage (lien direct) | The robo-vessel will map the ocean floor, and its solar-powered sensors will sample fish DNA and collect climate data. | APT 32 | ||
 |
2021-01-15 12:14:17 | Experts Insight On APT35 Recent Phishing Attacks (lien direct) | It has been reported that the Iranian group APT35 (also known as Charming Kitten or Phosphorus) executed sophisticated spear-phishing campaigns that involved not only email attacks but also SMS messages… The ISBuzz Post: This Post Experts Insight On APT35 Recent Phishing Attacks | Conference | APT 35 APT 35 | |
|
2021-01-12 16:00:00 | The Arctic Ocean Is Teeming With Microfibers From Clothes (lien direct) | Scientists find an average of 40 microplastic particles per cubic meter of the northern water. The likely source? The synthetic clothing in our washing machines. | APT 32 | ||
|
2021-01-11 13:00:00 | The Plan to Build a Global Network of Floating Power Stations (lien direct) | A lot of thermal energy is trapped in the ocean. An ex-NASA researcher has figured out how it might generate unlimited clean power for aquatic robots. | APT 32 | ||
 |
2021-01-08 20:19:37 | APT Horoscope (lien direct) | This delightful essay matches APT hacker groups up with astrological signs. This is me: Capricorn is renowned for its discipline, skilled navigation, and steadfastness. Just like Capricorn, Helix Kitten (also known as APT 35 or OilRig) is a skilled navigator of vast online networks, maneuvering deftly across an array of organizations, including those in aerospace, energy, finance, government, hospitality, and telecommunications. Steadfast in its work and objectives, Helix Kitten has a consistent track record of developing meticulous spear-phishing attacks... | Conference | APT 35 APT 35 APT 34 | |
|
2021-01-08 01:54:44 | ALERT: North Korean hackers targeting South Korea with RokRat Trojan (lien direct) | A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government.
Attributing the attack to APT37 (aka Starcruft, Ricochet Chollima, or Reaper), Malwarebytes said it identified a malicious document last December that, when opened, executes a macro in memory to install the aforementioned remote access tool (RAT).
"The |
Tool Cloud | APT 37 | |
|
2021-01-07 18:24:41 | North Korea-linked APT37 targets South with RokRat Trojan (lien direct) | Experts spotted the RokRat Trojan being used by North Korea-linked threat actors in attacks aimed at the South Korean government. On December 7 2020 researchers from Malwarebytes uncovered a campaign targeting the South Korean government with a variant of the RokRat RAT. The experts found a malicious document uploaded to Virus Total related to a […] | Threat | APT 37 | |
 |
2021-01-06 15:14:45 | Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat (lien direct) |
A North Korean threat group has swapped the usual Hangul Office lures for a cleverly packed Office macro.
Categories: Social engineeringThreat analysis
Tags: APT37HangulkoreaOfficerokratVBA
(Read more...)
|
Threat Cloud | APT 37 | |
|
2021-01-05 11:55:57 | North Korean software supply chain attack targets stock investors (lien direct) | North Korean hacking group Thallium aka APT37 has been targeting a private stock investment messenger service in a supply chain attack, as reported this week. [...] | Cloud | APT 37 | |
|
2021-01-03 09:21:19 | (Déjà vu) COVID-19 themed attacks December 19, 2020– January 02, 2021 (lien direct) | This post includes the details of the COVID-19 themed attacks launched from December 19, 2020– January 02, 2021. 25 December, 2020 – North Korea-linked Lazarus APT targets the COVID-19 research The North Korea-linked Lazarus APT group has recently launched cyberattacks against at least two organizations involved in COVID19 research. 30 December, 2020 – US Treasury […] | APT 38 APT 28 |
To see everything:
Our RSS (filtrered)
