What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-11-20 12:00:00 | Iran\'s APT33 Hackers Are Targeting Industrial Control Systems (lien direct) | The recent focus on ICS raises the possibility that Iran's APT33 is exploring physically disruptive cyberattacks. | APT33 APT 33 | ||
 |
2019-11-14 11:49:25 | Tracking Iran-linked APT33 group via its own VPN networks (lien direct) | APT33, the Iran-linked APT group, has been using multiple layers of obfuscation to run a dozen live C2 servers for extremely targeted attacks. APT33, the Iran-linked APT group, has been using multiple layers of obfuscation to run a dozen live C2 servers involved in extremely targeted malware attacks. The targeted malware campaigns aimed at organizations […] | Malware | APT33 APT 33 | |
 |
2019-11-14 07:01:25 | More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting (lien direct) |  The threat group APT33 is known to target the oil and aviation industries aggressively. Our recent findings show that the group uses about a dozen live Command and Control (C&C) servers for extremely narrow targeted malware campaigns against organizations in the Middle East, the U.S., and Asia.
|
Malware Threat | APT33 APT 33 | |
 |
2019-11-14 07:00:08 | Iranian hacking group built its own VPN network (lien direct) | Security researchers identify APT33's private network of 21 VPN nodes. | APT33 APT 33 | ||
|
2019-11-11 20:00:00 | Baby Fish Feast on Microplastics, and Then Get Eaten (lien direct) | Fish larvae off the coast of Hawaii are mistaking tiny pieces of plastic for prey, an alarming finding with big implications for the oceanic food web. | APT 32 | ||
 |
2019-11-05 19:13:49 | Check Point Protects Branch Office Microsoft Azure Internet Connections and SaaS Applications from Cyber Attacks (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms, published November 5, 2019 Enterprises are moving their applications, workloads and services out of the data center into the cloud. As enterprises become more distributed, organizations need flexible solutions that deliver secure and predictable application performance across a global footprint. Companies need to securely connect their… | Prediction | APT 39 | |
 |
2019-10-31 16:15:13 | Experts Reactions On North Korean Malware Found On Indian Nuclear Plants Network (lien direct) | It has been reported the network of one of India’s nuclear power plants was infected with malware created by North Korea’s state-sponsored hackers, the Nuclear Power Corporation of India Ltd (NPCIL) confirmed today. Several security researchers identified the malware as a version of Dtrack, a backdoor trojan developed by the Lazarus Group, North Korea’s elite hacking unit. There … The ISBuzz Post: This Post Experts Reactions On North Korean Malware Found On Indian Nuclear Plants Network | Malware Medical | APT 38 | |
|
2019-10-26 18:45:00 | Ocean Cleanup\'s New Plastic-Catcher … Kinda Already Exists? (lien direct) | The anti-plastic crusaders have another plan to keep junk from reaching the sea: trash-eating barges in rivers. | APT 32 | ||
|
2019-10-25 06:49:12 | Experts attribute NukeSped RAT to North Korea-Linked hackers (lien direct) | Experts at Fortinet analyzed NukeSped malware samples that share multiple similarities with malware associated with North Korea-linked APTs. Fortinet has analyzed the NukeSped RAT that is believed to be a malware in the arsenal of the Lazarus North-Korea linked APT group. The attribution to the Lazarus group is based on the similarities with other malware […] | Malware Medical | APT 38 | |
|
2019-10-22 13:25:29 | Iranian Spying Operation Russian Hijack (lien direct) | A group of Russian cyber attackers dubbed 'Turla' have hacked another Iran-based group of cyber actors, known as 'OilRig' to spy on multiple countries, according to advisories by published today by the UK's NCSC and the US' NSA. According to reports, attacks were discovered against more than 35 countries, many of which were located in the … The ISBuzz Post: This Post Iranian Spying Operation Russian Hijack | APT 34 | ||
 |
2019-10-21 15:29:10 | Russian Hackers Use Iranian Threat Group\'s Tools, Servers as Cover (lien direct) | The Russian-backed Turla cyber-espionage group used stolen malware and hijacked infrastructure from the Iranian-sponsored OilRig to attack targets from dozens of countries according to a joint United Kingdom's National Cyber Security Centre (NCSC) and U.S. National Security Agency (NSA) advisory published today. [...] | Malware Threat | APT 34 | |
|
2019-10-13 23:06:24 | Charming Kitten Campaign involved new impersonation methods (lien direct) | Iran-linked APT group Charming Kitten employed new spear-phishing methods in attacks carried out between August and September. Security experts at ClearSky analyzed attacks recently uncovered by Microsoft that targeted a US presidential candidate, government officials, journalists, and prominent expatriate Iranians. Microsoft Threat Intelligence Center (MSTIC) observed the APT group making more than 2,700 attempts to […] | Threat Conference | APT 35 | |
 |
2019-10-09 18:20:48 | Iranian Hackers Update Spear-Phishing Techniques in Recent Campaign (lien direct) | The Iranian state-sponsored threat actor known as Charming Kitten employed new spear-phishing methods in a campaign observed in August and September, ClearSky's security researchers report. | Threat Conference | APT 35 | |
 |
2019-10-06 23:12:03 | Internal domain name collision (lien direct) | Brief introductionInternal domain name collisions occurs when the organisations are using local domains in the internal network and the same domain names exist also outside of the organisation, on a global DNS. DNS query which should resolve to the internal resources leaks to the Internet. If an attacker is able to control such domain on global DNS then he can perform a MITM (Man-in-the-Middle) attacks on an organisation.Name collisionDNS name collision changed into much more severe problem when it became possible to register new TLDs (Top-Level Domain) [https://data.iana.org/TLD/tlds-alpha-by-domain.txt], especially these owned by DONUTS company [https://donuts.domains/great-domains/domain-categories/]. Most problematic TLDs which could be used in attacks are inter alia: network | APT 32 | ||
|
2019-10-06 14:10:54 | Iran-linked Phosphorus group hit a 2020 presidential campaign (lien direct) | Microsoft says that the Iran-linked cyber-espionage group tracked as Phosphorus (aka APT35, Charming Kitten, Newscaster, and Ajax Security Team) a 2020 presidential campaign. Microsoft’s Threat Intelligence Center (MSTIC) revealed that an Iran-linked APT group tracked as Phosphorus (aka APT35, Charming Kitten, Newscaster, and Ajax Security Team) attempted to access to email accounts belonging to current and former US government officials, journalists, Iranians living abroad, and individuals […] | Threat Conference | APT 35 | |
|
2019-10-04 14:53:19 | Microsoft Discovers Iranian Hacking Campaign Targeting U.S. Politics (lien direct) | Microsoft says that a state-sponsored Iranian cyber-espionage group tracked as Phosphorus by the Microsoft Threat Intelligence Center (MSTIC) attempted to get account info on over 2,700 of its customers, attack 241 of them, and compromised four accounts between August and September. [...] | Threat Conference | APT 35 | |
|
2019-10-04 12:00:00 | Hurricanes May Be Reshaping Big Parts of the Ocean (lien direct) | Scientists are just starting to tease out the long-distance changes hurricanes inflict on coastlines and the deep ocean alike. | APT 32 | ||
|
2019-10-01 15:00:44 | Check Point and VMware Partner to Secure Branch Office SD-WAN Connections to the Cloud (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms As more applications move from the datacenter to the cloud, enterprise users rely on these applications to do their daily jobs. These SaaS applications range from productivity software like Office 365 to virtual meeting and collaboration tools like Zoom and Slack. Applications that include voice and… | Prediction | APT 39 | |
 |
2019-09-26 22:55:00 | Dtrack : un logiciel espion, jusque-là inconnu, du groupe malveillant Lazarus frappe des établissements financiers et des centres de recherche (lien direct) | L'équipe GReAT (Global Research & Analysis Team) de Kaspersky a découvert un logiciel espion jusque-là inconnu, repéré dans des établissements financiers et centres de recherche en Inde. Ce spyware dénommé Dtrack, qui aurait été créé par le groupe malveillant Lazarus, sert au téléchargement de fichiers sur les systèmes des victimes, à l'enregistrement de frappes clavier ainsi qu'à d'autres actions typiques d'un malware d'administration à distance (RAT). En 2018, des chercheurs de Kaspersky ont découvert (...) - Malwares | Malware | APT 38 | |
|
2019-09-25 09:00:00 | We\'re Killing the Oceans, and We\'ll Pay Dearly for It (lien direct) | Depending on whom you ask, the IPCC's latest report is either startling, depressing, or dire-or more likely a combination of all three. | APT 32 | ★★★★ | |
|
2019-09-24 18:56:47 | North Korean-Linked Dtrack RAT Discovered (lien direct) | An investigation into banking malware targeting India has led to the discovery of a new remote access Trojan (RAT) employed by the North Korean-linked Lazarus group, Kaspersky reports. | Malware Medical | APT 38 | |
|
2019-09-23 11:00:00 | Cleaner Ships May Mean More Expensive Holidays (lien direct) | New rules designed to reduce sulfur pollution from ocean-going ships will increase demand for low-sulfur fuel, boosting the cost of some imported goods. | APT 32 | ||
 |
2019-09-18 09:15:50 | Administration : Des milliers de documents de mexicains sur le web (lien direct) | Le stockage dans le cloud est un élément de cybersécurité que trop peu d’entreprise prend au sérieux, pensant que le stockeur se charge de fermer les portes. Si Amazon, Google, Oceanet Technology … proposent des services et des murs blindés, vous restez responsable des clés qui ouvrent le coff... Cet article Administration : Des milliers de documents de mexicains sur le web est apparu en premier sur ZATAZ. | APT 32 | ||
 |
2019-09-16 10:40:25 | Les États-Unis annoncent des sanctions financières contre les hackers nord-coréens (lien direct) | Les actifs des groupes Lazarus, Bluenoroff et Andariel sont désormais gelés ou blacklistés. Ces pirates sont soupçonnés, entre autres, de financer le régime nord-coréen en pillant des banques et par des opérations de cybercrime.  |
APT 38 | ||
|
2019-09-13 20:21:12 | The US Treasury placed sanctions on North Korea linked APT Groups (lien direct) | The US Treasury placed sanctions on three North Korea-linked hacking groups, the Lazarus Group, Bluenoroff, and Andarial. The US Treasury sanctions on three North Korea-linked hacking groups, the Lazarus Group, Bluenoroff, and Andarial. The groups are behind several hacking operations that resulted in the theft of hundreds of millions of dollars from financial institutions and cryptocurrency exchanges […] | Medical | APT 38 | |
|
2019-09-13 16:47:00 | US Treasury sanctions three North Korean hacking groups (lien direct) | US wants to seize financial assets associated with the Lazarus Group, Bluenoroff, and Andarial. | Medical | APT 38 | |
 |
2019-09-13 15:00:00 | US Sanctions 3 Cyber Attack Groups Tied to DPRK (lien direct) | Lazarus Group, Bluenoroff, and Andariel were named and sanctioned by the US Treasury for ongoing attacks on financial systems. | Medical | APT 38 | |
|
2019-09-12 15:00:00 | The Riddle, and Controversy, of All That Missing Plastic (lien direct) | The contentious Ocean Cleanup campaign has an idea where marine plastic ends up. But it's already stirring debate. | APT 32 | ||
|
2019-09-09 14:09:05 | U.S. Cyber Command Adds North Korean Malware Samples to VirusTotal (lien direct) | The U.S. Cyber Command (USCYBERCOM) this week released 11 malware samples to VirusTotal, all of which appear related to the notorious North Korean-linked threat group Lazarus. | Malware Threat | APT 38 | |
|
2019-09-09 06:52:00 | China-linked APT3 was able to modify stolen NSA cyberweapons (lien direct) | China-linked APT3 stole cyberweapons from the NSA and reverse engineered them to create its arsenal. In 2010, security firm FireEye identified the Pirpi Remote Access Trojan (RAT) which exploited a then 0-day vulnerability in Internet Explorer versions 6, 7 and 8. FireEye named the threat group APT3 which has also been described as TG-0100, Buckeye, […] | Vulnerability Threat | APT 3 | |
|
2019-09-06 16:55:00 | Chinese Group Built Advanced Trojan by Reverse Engineering NSA Attack Tool (lien direct) | APT3 quietly monitored an NSA attack on its systems and used the information to build a weapon of its own. | Tool | APT 3 | |
|
2019-09-05 13:00:43 | (Déjà vu) Check Point, VMware and Silver Peak Transform Branch Office SD-WAN with Cloud Security Services (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms Enterprise security solutions enable branch offices to connect safely and reliably to the data center, the Internet and cloud applications. In the past, branches relied on centralized security gateways at their data center to protect the entire enterprise. Enterprises sent branch traffic to the data center… | Prediction | APT 39 | |
|
2019-09-05 13:00:04 | Transforming Branch Security with Top-Rated Threat Prevention Cloud Services Integrated with VMware and Silver Peak SD-WAN (lien direct) | By Russ Schafer, Head of Product Marketing, Security Platforms Enterprise security solutions enable branch offices to connect safely and reliably to the data center, the Internet and cloud applications. In the past, branches relied on centralized security gateways at their data center to protect the entire enterprise. Enterprises sent branch traffic to the data center… | Threat Prediction | APT 39 | |
|
2019-08-07 13:47:02 | OilRig APT group: the evolution of attack techniques over time (lien direct) | Security researcher Marco Ramilli presents a comparative analysis of attacks techniques adopted by the Iran-Linked OilRig APT group. Today I'd like to share a comparative analysis of OilRig techniques mutation over time. In particular I will refer to great analyses made by Paloalto UNIT 42 plus my own ones (HERE, HERE, HERE, etc..) and more personal thoughts. I would define this group […] | APT 34 | ||
 |
2019-07-25 13:00:00 | Can you trust threat intelligence from threat sharing communities? | AT&T ThreatTraq (lien direct) | Every week the AT&T Chief Security Office produces a series called ThreatTraq with helpful information and news commentary for InfoSec practitioners and researchers. I really enjoy them; you can subscribe to the Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq. The video features Jaime Blasco, VP and Chief Scientist, AlienVault, Stan Nurilov, Lead Member of Technical Staff, AT&T, and Joe Harten, Director Technical Security. Stan: Jaime. I think you have a very interesting topic today about threat intelligence. Jaime: Yes, we want to talk about how threat intelligence is critical for threat detection and incident response, but then when this threat intelligence and the threat actors try to match those indicators and that information that is being shared, it can actually be bad for companies. So we are going to share some of the experiences we have had with managing the Open Threat Exchange (OTX) - one of the biggest threat sharing communities out there. Stan: Jaime mentioned that they have so many threat indicators and so much threat intelligence as part of OTX, the platform. Jaime: We know attackers monitor these platforms and are adjusting tactics and techniques and probably the infrastructure based on public reaction to cyber security companies sharing their activities in blog posts and other reporting. An example is in September 2017, we saw APT28, and it became harder to track because we were using some of the infrastructure and some of the techniques that were publicly known. And another cyber security company published content about that and then APT28 became much more difficult to track. The other example is APT1. If you remember the APT1 report in 2013 that Mandiant published, that made the group basically disappear from the face of earth, right? We didn't see them for a while and then they changed the infrastructure and they changed a lot of the tools that they were using, and then they came back in 2014. So we can see that that threat actor disappeared for a while, changed and rebuilt, and then they came back. We also know that attackers can try to publish false information in this platform, so that's why it's important that not only those platforms are automated, but also there are human analysts that can verify that information. Joe: It seems like you have to have a process of validating the intelligence, right? I think part of it is you don't want to take this intelligence at face value without having some expertise of your own that asks, is this valid? Is this a false positive? Is this planted by the adversary in order to throw off the scent? I think it's one of those things where you can't automatically trust - threat intelligence. You have to do some of your own diligence to validate the intelligence, make sure it makes sense, make sure it's still fresh, it's still good. This is something we're working on internally - creating those other layers to validate and create better value of our threat intelligence. Jaime: The other issue I wanted to bring to the table is what we call false flag operations - that's when an adversary or a threat actor studies another threat actor and tries to emulate their behavior. So when companies try to do at | Malware Threat Studies Guideline | APT 38 APT 28 APT 1 | |
|
2019-07-24 18:24:00 | APT-doxing group exposes APT17 as Jinan bureau of China\'s Security Ministry (lien direct) | Intrusion Truth's previous two exposes -- for APT3 and APT10 -- resulted in DOJ charges. Will this one as well? | APT 17 APT 10 APT 3 | ||
|
2019-07-23 14:40:03 | Iranian Hackers Send Out Fake LinkedIn Invitations Laced With Malware (lien direct) | U.S. cybersecurity firm FireEye has warned of a malicious phishing campaign that it has attributed to the Iranian-linked APT34-whose activity has been reported elsewhere as OilRig and Greenbug. The campaign has been targeting LinkedIn users with plausible but bogus invitations to join a professional network and emailed attachments laced with malware that seeks to infect systems with a hidden backdoor … The ISBuzz Post: This Post Iranian Hackers Send Out Fake LinkedIn Invitations Laced With Malware | Malware | APT 34 | |
 |
2019-07-22 12:56:04 | FireEye identifie une nouvelle campagne de cyber-espionnage du groupe iranien APT34 (lien direct) |  Compte tenu des tensions géopolitiques croissantes au Moyen-Orient, FireEye s'attend à ce que l'Iran augmente considérablement le volume et la portée de ses campagnes de cyber-espionnage. |
APT 34 | ||
|
2019-07-22 08:04:00 | New APT34 campaign uses LinkedIn to deliver fresh malware (lien direct) | The APT24 group continues its cyber espionage activity, its members were posing as a researcher from Cambridge to infect victims with three new malware. Experts at FireEye have uncovered a new espionage campaign carried out by APT34 APT group (OilRig, and HelixKitten. Greenbug) through LinkedIn. Members of the cyberespionage group were posing as a researcher from Cambridge […] | Malware | APT 24 APT 34 | |
|
2019-07-19 17:46:01 | Iranian Hackers Use New Malware in Recent Attacks (lien direct) | The Iran-linked cyber-espionage group OilRig has started using three new malware families in campaigns observed over the past month, FireEye reports. | Malware | APT 34 | ★★★ |
 |
2019-07-18 10:00:00 | Hard Pass: invitation déclinante APT34 \\ à rejoindre leur réseau professionnel Hard Pass: Declining APT34\\'s Invite to Join Their Professional Network (lien direct) |
arrière-plan
Avec des tensions géopolitiques croissantes au Moyen-Orient, nous nous attendons à ce que l'Iran augmente considérablement le volume et la portée de ses campagnes de cyber-espionnage.L'Iran a un besoin critique d'intelligence stratégique et est susceptible de combler cette lacune en effectuant un espionnage contre les décideurs et les organisations clés qui peuvent avoir des informations qui renforcent les objectifs économiques et de sécurité nationale de l'Iran.L'identification de nouveaux logiciels malveillants et la création d'une infrastructure supplémentaire pour permettre de telles campagnes met en évidence l'augmentation du tempo de ces opérations à l'appui des intérêts iraniens.
fi
Background With increasing geopolitical tensions in the Middle East, we expect Iran to significantly increase the volume and scope of its cyber espionage campaigns. Iran has a critical need for strategic intelligence and is likely to fill this gap by conducting espionage against decision makers and key organizations that may have information that furthers Iran\'s economic and national security goals. The identification of new malware and the creation of additional infrastructure to enable such campaigns highlights the increased tempo of these operations in support of Iranian interests. Fi |
Malware | APT 34 APT 34 | ★★★★ |
 |
2019-07-17 15:00:00 | Developers: Why remote work is the new norm (lien direct) | 86% of developers said they currently work remotely in some capacity, according to a DigitalOcean report. | APT 32 | ||
|
2019-07-10 12:00:00 | Little Plastic \'Nurdles\' Are Flooding Beaches and Waterways (lien direct) | These lentil-sized pellets are used to make nearly all plastic goods. But they often escape and end up polluting oceans and coastal communities. | APT 32 | ||
|
2019-07-09 08:42:00 | (Déjà vu) Kaspersky report: Malware shared by USCYBERCOM first seen in December 2016 (lien direct) | The malware samples shared by USCYBERCOM last week were first detected in December 2016 in attacks attributed to Iran-linked APT33. Last week the United States Cyber Command (USCYBERCOM) uploaded to VirusTotal a malware used by Iran-linked APT33 group in attacks in Dec 2016 and Jan 2017. Now experts at Kaspersky confirmed that the malware was […] | Malware | APT33 APT 33 | |
|
2019-07-05 12:00:00 | Forget the Moon-We Should Go to Jupiter\'s Idyllic Europa (lien direct) | NASA's Europa mission is struggling, but scientists are keeping the dream alive with exotic approaches to sampling that moon and its mysterious ocean. | APT 32 | ★★★★ | |
|
2019-07-04 12:48:03 | (Déjà vu) Mise en garde contre la vulnérabilité d\'Outlook par FireEye (lien direct) | “FireEye a observé et communiqué publiquement la preuve de l'exploitation par de multiples 'hackers' iraniens de la vulnérabilité Outlook CVE-2017-11774 depuis l'année dernière. FireEye attribue la nouvelle alerte malware diffusée par le US Cyber Command (U.S. CYBERCOM) concernant l'exploitation de CVE-2017-11774 au groupe de menaces iranien APT33. Les techniques utilisées sont en ligne avec le comportement d'APT33 décrit dans notre blog post “OVERRULED” en Décembre 2018 – ainsi qu'avec la campagne (...) - Vulnérabilités | Malware | APT33 APT 33 | |
|
2019-07-03 15:31:02 | Outlook Flaw Exploited by Iranian APT33, US CyberCom Issues Alert (lien direct) | US Cyber Command issued a malware alert on Twitter regarding the active exploitation of the CVE-2017-11774 Outlook vulnerability to attack US government agencies, allowing the attackers to execute arbitrary commands on compromised systems. [...] | Malware Vulnerability | APT33 APT 33 | |
|
2019-07-02 06:20:02 | After 2 years under the radars, Ratsnif emerges in OceanLotus ops (lien direct) | Security experts spotted a news wave of attacks carried out by the OceanLotus APT group that involved the new Ratsnif Trojan. Experts at the security firm Cylance detected a new RAT dubbed Ratsnif that was used in cyber espionage operations conducted by the OceanLotus APT group. The OceanLotus APT group, also known as APT32 or Cobalt Kitty, is state-sponsored group that […] | APT 32 | ||
|
2019-07-02 04:54:05 | Researchers Analyze Vietnamese Hackers\' Suite of RATs (lien direct) | BlackBerry Cylance security researchers have analyzed a suite of remote access Trojans (RATs) that the Vietnam-linked threat actor OceanLotus has been using in attacks for the past three years. | Threat | APT 32 | |
|
2019-07-01 12:38:02 | OceanLotus APT Uses New Ratsnif Trojan for Network Attacks (lien direct) | A fairly undetected remote access trojan called Ratsnif and used in cyber-espionage campaigns from the OceanLotus group has gained new capabilities that allow it to modify web pages and SSL hijacking. [...] | APT 32 |
To see everything:
Our RSS (filtrered)
