What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-05-07 09:56:52 | Lazarus macOS Spyware hidden in Two-Factor Authentication Application (lien direct) | The Dacls RAT has been ported from an existing Linux version. The North Korea-linked cyberthreat group known as Lazarus Group has added a new variant of the Dacls remote-access trojan (RAT) to its arsenal of spy gear, designed specifically for the Mac operating system. Dacls was first discovered last December targeting Windows and Linux platforms. […] | Medical | APT 38 | |
 |
2020-05-07 02:59:30 | This Asia-Pacific Cyber Espionage Campaign Went Undetected for 5 Years (lien direct) | An advanced group of Chinese hackers has recently been spotted to be behind a sustained cyber espionage campaign targeting government entities in Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar, and Brunei-which went undetected for at least five years and is still an ongoing threat.
The group, named 'Naikon APT,' once known as one of the most active APTs in Asia until 2015, |
APT 30 | ||
 |
2020-05-06 15:59:36 | New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app (lien direct) |
The Lazarus group improves their toolset with a new RAT specifically designed for the Mac.
Categories:
Mac
Malware
Threat analysis
Tags: APTDaclsLazarusmacmalwarerattinkaOTP
(Read more...)
|
Medical | APT 38 | |
|
2020-05-04 15:17:37 | (Déjà vu) A week in security (April 27 – May 3) (lien direct) |
A roundup of the previous week's security news, including cloud data protection, Troldesh, VPNs, the cybercrime economy, and more.
Categories:
Malwarebytes news
Tags: AppleAPTawisbluetoothbluetooth attackBluetooth vulnerabilitiesCivicSmartcloud securitycoronaviruscovid-19hackedhospitalsJITjust in timeoceanlotuspandemic survival bookPhantomLancephishing scamransomwarerecapscadaSMBTroldesh ransomwarevpnweekly blog roundupzoomzoom phishing
(Read more...)
|
APT 32 | ||
 |
2020-04-29 14:00:00 | 6 Best Board Games You Can Play With Friends Over Zoom (Video Chat) (lien direct) | Don't let the Covid-19 quarantine turn you into a hermit. Video chat with some friends and play a game together. | Cloud | APT 37 | |
|
2020-04-29 09:49:08 | Android Spyware Spread by Google Play (lien direct) | The PhantomLance espionage campaign is targeting specific victims, mainly in Southeast Asia - and could be the work of the OceanLotus APT. A sophisticated, ongoing espionage campaign aimed at Android users in Asia is likely the work of the OceanLotus advanced persistent threat (APT) actor, researchers said this week. Dubbed PhantomLance by Kaspersky, the campaign […] | Threat | APT 32 | |
 |
2020-04-28 16:30:00 | 5-Year-Long Cyber Espionage Campaign Hid in Google Play (lien direct) | OceanLotus targeted Android devices in the so-called PhantomLance campaign. | APT 32 | ||
 |
2020-04-28 15:19:37 | PhantomLance, une campagne APT Android visant l\'Asie du Sud-Est (lien direct) | Les chercheurs de Kaspersky ont mis au jour l'existence d'une campagne APT (menace persistante avancée) visant les utilisateurs d'appareils Android. Baptisée PhantomLance, cette campagne semble être attribuable au groupe OceanLotus. Lancée depuis au moins 2015, PhantomLance est toujours active à ce jour. Elle est construite à partir de plusieurs versions d'un logiciel espion - un programme créé pour recueillir les données des victimes - et utilise des tactiques intelligentes de distribution, notamment (...) - Malwares | APT 32 | ||
 |
2020-04-23 18:29:49 | Vietnam-linked APT32 group launches COVID-19-themed attacks against China (lien direct) | The Vietnam-linked cyberespionage group tracked as APT32 carried out hacking campaigns against Chinese entities to collect intelligence on the COVID-19 crisis. Vietnam-linked APT group APT32, also known as OceanLotus and APT-C-00, carried out cyber espionage campaigns against Chinese entities to gather intelligence on the COVID-19 crisis. The APT32 group has been active since at least 2012, […] | APT 32 | ||
 |
2020-04-22 09:00:00 | Acteurs de menace vietnamiens APT32 ciblant le gouvernement de Wuhan et le ministère chinois de la gestion des urgences dans le dernier exemple de l'espionnage lié à Covid-19 Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage (lien direct) |
De Janvier à avril 2020, des acteurs vietnamiens présumés APT32 ont mené des campagnes d'intrusion contre les cibles chinoises qui, selon Maniant, mention, ont été conçues pour collecter des renseignements sur la crise de Covid-19.Les messages de phishing de lance ont été envoyés par l'acteur au ministère de la gestion des urgences de la Chine ainsi que par le gouvernement de la province de Wuhan, où Covid-19 a été identifié pour la première fois.Bien que le ciblage de l'Asie de l'Est soit cohérent avec les activité que nous avons précédemment signalée sur APT32 , cet incidentet d'autres intrusions publiquement signalées font partie d'une augmentation mondiale du cyber
From at least January to April 2020, suspected Vietnamese actors APT32 carried out intrusion campaigns against Chinese targets that Mandiant Threat Intelligence believes was designed to collect intelligence on the COVID-19 crisis. Spear phishing messages were sent by the actor to China\'s Ministry of Emergency Management as well as the government of Wuhan province, where COVID-19 was first identified. While targeting of East Asia is consistent with the activity we\'ve previously reported on APT32, this incident, and other publicly reported intrusions, are part of a global increase in cyber |
Threat | APT 32 APT 32 | ★★★★ |
|
2020-04-07 13:00:00 | How to Escape From a Sunken Submarine (lien direct) | First of all, you can't just open the hatch when you're trapped at the bottom of the ocean. But there is a way out-it requires physics and some audacity. | APT 32 | ||
|
2020-03-23 16:44:58 | A week in security (March 16 – 22) (lien direct) |
A roundup of the previous week's most notable security stories and events, including COVID-19-themed threats, child identity theft, and securely working from home.
Categories:
A week in security
Tags: APT36awiscovid-19emotetfake newsmoney muleMonitorMinorphishing scamromance scamshadow IoTSlackstalkerwaretrickbotweek in securityweekly blog roundupWHOWorld Health Organization
(Read more...)
|
APT 36 | ||
|
2020-03-22 12:00:00 | An Ancient Magma Flood Offers Clues About Global Warming (lien direct) | 4 million years ago, a burst of hot rock heated the planet, causing ocean acidification, massive storms, and extinctions. What can we learn from this early example? | APT 32 | ||
|
2020-03-18 10:48:32 | (Déjà vu) Crimson RAT spread via Coronavirus Phishing (lien direct) | A state-sponsored threat actor is attempting to deploy the Crimson Remote Administration Tool (RAT) onto the systems of targets via a spear-phishing campaign using Coronavirus-themed document baits disguised as health advisories. This nation-backed cyber-espionage is suspected to be Pakistan-based and it is currently tracked under multiple names including APT36, Transparent Tribe, ProjectM, Mythic Leopard, and […] | Tool Threat | APT 36 | ★★ |
|
2020-03-16 15:00:00 | APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT (lien direct) |
We look at a spear phishing attack from APT36, an Advanced Persistent Threat group posing as the government of India and offering guidance on coronavirus. Instead, users are infected with a Crimson RAT that steals data.
Categories:
Threat analysis
Tags: APTAPT36coronaviruscoronavirus malwarecovid-19credential stealercrimson ratexploitexploitsinfo-stealermacromalicious macromalwarenation-state attackratremote administration toolSocial Engineeringspear phishingspear phishing attacktransparent tribe
(Read more...)
|
Threat | APT 36 | |
|
2020-03-08 10:23:46 | Security Affairs newsletter Round 254 (lien direct) | A new round of the weekly newsletter arrived! The best news of the week with Security Affairs 49 million unique email addresses of Straffic Marketing firm exposed online Russian spies are attempting to tap transatlantic undersea cables $1B to help telecom carriers to rip and replace Huawei and ZTE equipment Karkoff 2020: a new APT34 […] | APT 34 | ||
|
2020-03-07 13:00:00 | Dolphins Are Still Accidental Casualties of Tuna Fishing (lien direct) | A new study estimates that about 80,000 cetaceans are swept up every year by tuna-fishing nets in the Indian Ocean. | APT 32 | ||
 |
2020-03-04 09:00:00 | Zero-Day Bug Allowed Attackers to Register Malicious Domains (lien direct) | A zero-day vulnerability impacting Verisign and several SaaS services including Google, Amazon, and DigitalOcean could have allowed attackers to register .com and .net homograph domain names (among others) that could be used in insider, phishing, and social-engineering attacks against organizations. [...] | Vulnerability | APT 32 | |
|
2020-03-03 18:48:42 | The North Korean Kimsuky APT threatens South Korea evolving its TTPs (lien direct) | Cybaze-Yoroi ZLab analyzed a new implant employed by a North Korea-linked APT group, tracked as Kimsuky, in attacks on South Korea. Introduction Recently we have observed a significant increase in state-sponsored operations carried out by threat actors worldwide. APT34, Gamaredon, and Transparent Tribe are a few samples of the recently uncovered campaigns, the latter was spotted after four […] | Threat | APT 34 APT 36 | |
|
2020-03-02 19:19:39 | Karkoff 2020: a new APT34 espionage operation involves Lebanon Government (lien direct) | Experts from Cybaze/ Yoroi Zlab spotted a new sample of the Karkoff implant that was employed in past campaigns associated with Iran-linked APT34 group.Experts from Cybaze/ Yoroi Zlab spotted a new sample of the Karkoff implant that was employed in past campaigns associated with Iran-linked APT34 group. Introduction In November 2018, researchers from Cisco Talos […] | APT 34 | ||
|
2020-03-02 17:35:17 | US Charges Two With Laundering $100M for North Korean Hackers (lien direct) | Two Chinese nationals were charged today by the US Dept of Justice and sanctioned by the US Treasury for allegedly laundering over $100 million worth of cryptocurrency out of the nearly $250 million stolen by North Korean actors known as Lazarus Group after hacking a cryptocurrency exchange in 2018. [...] | Medical | APT 38 | |
|
2020-02-25 12:00:00 | North Korea Is Recycling Mac Malware. That\'s Not the Worst Part (lien direct) | Lazarus Group hackers have long plagued the internet-using at least one tool they picked up just by looking around online. | Tool Medical | APT 38 | |
|
2020-02-21 13:48:11 | Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later (lien direct) | Exclusive: Pakistan and India to armaments. Researchers from Cybaze-Yoroi ZLab gathered intelligence on the return of Operation Transparent Tribe is back 4 years later Introduction The Operation Transparent Tribe was first spotted by Proofpoint Researchers in Feb 2016, in a series of espionages operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. […] | APT 36 | ||
|
2020-02-21 13:00:00 | \'Environmental DNA\' Lets Scientists Probe Underwater Life (lien direct) | With the help of a new kind of drone, marine biologists can sequence DNA found in the ocean to reveal what's living in an ecosystem-and what's missing. | APT 32 | ||
|
2020-02-18 13:00:00 | The Atlantic Ocean\'s \'Conveyor Belt\' Stirs Up a Science Fight (lien direct) | Researchers are debating the best way to monitor the ocean currents that sweep through the Labrador Sea-and may foretell the planet's climate future. | APT 32 | ||
|
2020-02-14 21:07:17 | US Govt agencies detail North Korea-linked HIDDEN COBRA malware (lien direct) | The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released reports on North Korea-linked HIDDEN COBRA malware. The FBI, the US Cyber Command, and the Department of Homeland Security have published technical details of a new North-Korea linked hacking operation. The government experts released new and updated Malware Analysis Reports (MARs) […] | Malware Medical | APT 38 | |
|
2020-02-07 10:59:52 | Iran-linked APT group Charming Kitten targets journalists, political and human rights activists (lien direct) | Iran-linked APT group Charming Kitten has been targeting journalists, political and human rights activists in a new campaign. Researchers from Certfa Lab reports have spotted a new cyber espionage campaign carried out by Iran-linked APT group Charming Kitten that has been targeting journalists, political and human rights activists. Iran-linked Charming Kitten group, (aka APT35, Phosphorus, Newscaster, and Ajax Security Team) made the […] | Conference | APT 35 | |
|
2020-02-05 12:57:16 | (Déjà vu) Charming Kitten Hackers Impersonate Journalist in Phishing Attacks (lien direct) | A hacker group linked with the Iranian government attempted to steal email login information from their targets through fake interview requests and impersonating a New York Times journalist. [...] | APT 35 | ||
|
2020-01-31 07:53:00 | Iran-linked APT34 group is targeting US federal workers (lien direct) | Iran-linked APT34 group has targeted a U.S.-based research company that provides services to businesses and government organizations. Security experts from Intezer observed targeted attacks on a US-based research company that provides services to businesses and government organizations. “Our researchers Paul Litvak and Michael Kajilolti have discovered a new campaign conducted by APT34 employing an updated toolset. Based […] | APT 34 | ||
 |
2020-01-16 11:11:35 | Lazarus renforce les capacités de son attaque AppleJeus contre les cryptomonnaies (lien direct) |  En 2018 l'équipe GReAT (Global Research & Analysis Team) de Kaspersky publiait les résultats de son enquête sur AppleJeus, une opération visant à dérober des cryptomonnaies et menée par le prolifique groupe malveillant Lazarus. |
APT 38 | ||
|
2020-01-10 13:00:00 | Gadget Lab Podcast: Wrapping Up CES 2020 (lien direct) | The hosts look back at a show filled with fake-meat sliders, AI everything, and an ocean of electric scooters. | APT 32 | ||
|
2020-01-10 06:23:08 | North Korea-linked Lazarus APT continues to target cryptocurrency exchanges (lien direct) | In the last 18 months, North Korea-linked Lazarus APT group has continued to target cryptocurrency exchanges evolving its TTPs. Kaspersky researchers have analyzed the attacks carried out by North Korea-linked Lazarus APT group in the past 18 months and confirmed their interest in banks and cryptocurrency exchanges. In the mid-2018, the APT targeted cryptocurrency exchanges and cryptocurrency […] | APT 38 | ||
|
2020-01-09 18:59:03 | Iranian Hackers Have Been \'Password-Spraying\' the US Grid (lien direct) | A state-sponsored group called Magnallium has been probing American electric utilities for the past year. | APT 33 | ||
|
2020-01-03 10:40:14 | Microsoft helps shutter domains run by North Korean cybergang Thallium (lien direct) | A U.S. district court issued an order enabling Microsoft to take over 50 domains used by a North Korea-based cybercrime gang to conduct spear phishing campaigns. Microsoft's Digital Crimes Unit and the Microsoft Threat Intelligence Center took down the domains controlled by a group it named Thallium after researching the malicious actors activity and filing […] | Threat Cloud | APT 37 | |
 |
2019-12-31 02:39:43 | Microsoft élimine 50 noms de domaine exploités par de redoutables hackers nord-coréens (lien direct) | Le groupe Thallium s'en servait pour infiltrer des institutions américaines, japonaises et sud-coréennes. Pour y parvenir, Microsoft a reçu une ordonnance des autorités américaines.  |
Cloud | APT 37 | |
|
2019-12-30 21:57:04 | Microsoft sued North Korea-linked Thallium group (lien direct) | Microsoft sued Thallium North Korea-linked APT for hacking into its customers’ accounts and networks via spear-phishing attacks. Microsoft sued a North Korea-linked cyber espionage group tracked as Thallium for hacking into its customers’ accounts and networks via spear-phishing attacks. The hackers target Microsoft users impersonating the company, according to a lawsuit unsealed Dec. 27 in […] | Cloud | APT 37 | |
 |
2019-12-30 21:53:41 | Microsoft takes down 50 domains operated by North Korean hackers (lien direct) | Microsoft takes control of 50 domains operated by Thallium (APT37), a North Korean cyber-espionage group. | Cloud | APT 37 | |
 |
2019-12-30 14:30:20 | So that tweet was misunderstood (lien direct) | I'm currently experiencing the toxic hell that is a misunderstood tweet going viral. It's a property of the social media. The more they can deliberately misunderstand you, the more they can justify the toxicity of their response. Unfortunately, I had to delete it in order to stop all the toxic crud and threats of violence.The context is how politicians distort everything. It's like whenever they talk about sea level rise, it's always about some city like Miami or New Orleans that is sinking into the ocean already, even without global warming's help. Pointing this out isn't a denial of global warming, it's pointing out how we can't talk about the issue without exaggeration. Mankind's carbon emissions are indeed causing sea level to rise, but we should be talking about how this affects average cities, not dramatizing the issue with the worst cases.The same it true of health care. It's a flawed system that needs change. But we don't discuss the people making the best of all bad choices. Instead, we cherry pick those who made the worst possible choice, and then blame the entire bad outcome on the system.My tweet is in response to this Elizabeth Warren reference to a story were somebody chose the worst of several bad choices:No one should have to choose between medication or housing. No one should be forced to ration insulin and risk dangerous complications. We need #MedicareForAll-and we need to tackle corruption and price gouging in drug manufacturing head on. https://t.co/yNxo7yUDri- Elizabeth Warren (@ewarren) September 23, 2019My tweet is widely misunderstood as saying "here's a good alternative", when I meant "here's a less bad alternative". Maybe I was wrong and it's not "less bad", but nobody has responded that way. All the toxic spew on Twitter has been based on their interpretation that I was asserting it was "good".And the reason I chose this particular response is because I thought it was a Democrat talking point. As Bernie Sanders (a 2020 presidential candidate) puts it:“The original insulin patent expired 75 years ago. Instead of falling prices, as one might expect after decades of competition, three drugmakers who make different versions of insulin have continuously raised prices on this life-saving medication.”This is called "evergreening", as described in articles like this one that claim insulin makers have been making needless small improvements to keep their products patent-protected, so that they don't have to compete against generics whose patents have expired.It's Democrats like Bernie who claim expensive insulin is little different than cheaper insulin, not me. If you disagree, go complain to him, not me.Bernie is wrong, by the way. The more expensive "insulin analogs" result in dramatically improved blood sugar control for Type 1 diabetics. The results are life changing, especially when combined with glucose monitors and insulin pumps. Drug companies deserve to recoup the billions spent on these advances. My original point is still true that "cheap insulin" is better than "no insulin", but it's also true that it's far worse than modern, more expensive insulin.Anyway, I wasn't really focused on that part of the argument but the other part, how list prices are an exaggeration. They are a fiction that nobody needs to pay, even those without insurance. They aren't the result of price gouging by drug manufacturers, as Elizabeth Warren claims. Bu | APT 32 | ||
|
2019-12-30 13:01:33 | Microsoft Takes North Korean Hacking Group Thallium to Court (lien direct) | Microsoft sued a cyber-espionage group with North Korean links tracked as Thallium for breaking into its customers' accounts and networks via spear-phishing attacks with the end goal of stealing sensitive information, as shown by a complaint unsealed on December 27. [...] | Cloud | APT 37 | |
|
2019-12-17 20:43:46 | (Déjà vu) Dacls RAT, the first Lazarus malware that targets Linux devices (lien direct) | Researchers spotted a new Remote Access Trojan (RAT), dubbed Dacls, that was used by the Lazarus APT group to target both Windows and Linux devices. Experts at Qihoo 360 Netlab revealed that the North-Korea Lazarus APT group used a new Remote Access Trojan (RAT), dubbed Dacls, to target both Windows and Linux devices. The activity […] | Malware | APT 38 | |
 |
2019-12-17 14:40:28 | Poison Frog Malware Samples Reveal OilRig\'s Sloppiness (lien direct) | An analysis of a new backdoor called “Poison Frog” revealed that the OilRig threat group was sloppy in its development of the malware. Kaspersky Lab came across Poison Frog while scanning its archives using its YARA rule to hunt for new and old malware samples employed by OilRig. It launched this investigatory effort shortly after […]… Read More | Malware Threat | APT 34 | |
|
2019-12-17 13:05:00 | Lazarus Hackers Target Linux, Windows With New Dacls Malware (lien direct) | A new Remote Access Trojan (RAT) malware dubbed Dacls and connected to the Lazarus Group has been spotted by researchers while being used to target both Windows and Linux devices. [...] | Malware Medical | APT 38 | |
|
2019-12-17 12:12:46 | Lazarus pivots to Linux attacks through Dacls Trojan (lien direct) | The Trojan is able to infect both Windows and Linux machines. | APT 38 | ||
 |
2019-12-10 17:00:00 | New fileless malware for macOS linked to Lazarus Group (lien direct) | The new malware sample bears similarities to the well-known AppleJeus malware, which targets cryptocurrency exchanges. AppleJeus is the product of Lazarus Group, a shadowy cybercrime organization believed by many to be linked to North Korea. | Malware Medical | APT 38 | |
|
2019-12-06 20:39:56 | BMW and Hyundai hacked by Vietnamese hackers, report claims (lien direct) | Hacks linked to Ocean Lotus (APT32), a group believed to operate with orders from the Vietnamese government. | APT 32 | ★★★★ | |
 |
2019-12-06 13:00:09 | Protect Your Network Edge with VMware SD-WAN and Check Point Security (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms, published December 6th, 2019 As enterprise branch offices expand their use of cloud applications, they are adopting software defined wide area networking (SD-WAN) to improve application performance by intelligently routing traffic directly to the Internet without passing it through the data center. Connecting branch offices directly… | Prediction | APT 39 | |
|
2019-12-05 01:07:48 | ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector (lien direct) | Cybersecurity researchers have uncovered a new, previously undiscovered destructive data-wiping malware that is being used by state-sponsored hackers in the wild to target energy and industrial organizations in the Middle East.
Dubbed ZeroCleare, the data wiper malware has been linked to not one but two Iranian state-sponsored hacking groups-APT34, also known as ITG13 and Oilrig, and Hive0081, |
Malware | APT 34 | |
 |
2019-12-02 13:57:26 | Tornados, Necessity, and the Evolution of Mitigating Controls (lien direct) | According to the National Oceanic and Atmospheric Administration (NOAA), a tornado (also called a twister, whirlwind, or cyclone) is a violently rotating column of air that extends from a thunderstorm and comes into contact with the ground. Tornado intensity is measured by the enhanced Fujita (EF) scale from 0 through 5, based on the amount […] | APT 32 | ||
|
2019-11-28 19:00:00 | Scientists Spot an Undersea Fault Using Fiber-Optic Cables (lien direct) | Unused telecom cables, known as dark fiber, could help scientists finally map the ocean floor and discover new earthquake hot spots. | APT 32 | ||
 |
2019-11-20 12:41:07 | Mac Backdoor Linked to Lazarus Targets Korean Users (lien direct) |  By Gabrielle Joyce Mabutas Criminal interest in MacOS continues to grow, with malware authors churning out more threats that target users of the popular OS. Case in point: A new variant of a Mac backdoor (detected by Trend Micro as Backdoor.MacOS.NUKESPED.A) attributed to the cybercriminal group Lazarus, which was observed targeting Korean users with a...
|
Malware | APT 38 |
To see everything:
Our RSS (filtrered)
