What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-11-13 14:00:00 | Microsoft says three APTs have targeted seven COVID-19 vaccine makers (lien direct) | The three state-sponsored hacker groups (APTs) are Russia's Strontium (Fancy Bear) and North Korea's Zinc (Lazarus Group) and Cerium. | Medical | APT 38 APT 28 APT 43 | |
 |
2020-10-07 18:31:39 | Amazon Wants to \'Win at Games.\' So Why Hasn\'t It? (lien direct) | After brute-forcing its way to dominance in so many industries, the tech leviathan may finally have met its match. | Industrial | APT 40 | |
 |
2020-10-04 09:35:41 | Security Affairs newsletter Round 284 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Apple addresses four vulnerabilities in macOS Google removes 17 Joker -infected apps from the Play Store Microsoft took down 18 Azure AD apps used by Chinese Gadolinium APT Mount Locker […] | Industrial | APT 40 | |
|
2020-09-27 09:28:15 | Microsoft took down 18 Azure AD apps used by Chinese Gadolinium APT (lien direct) | Microsoft removed 18 Azure Active Directory applications from its Azure portal that were created by a Chinese-linked APT group Gadolinium. Microsoft announced this week to have removed 18 Azure Active Directory applications from its Azure portal that were created by a China-linked cyber espionage group tracked as APT group Gadolinium (aka APT40, or Leviathan). The 18 […] | Industrial | APT 40 | |
|
2020-09-24 21:09:50 | Microsoft removed 18 Azure AD apps used by Chinese state-sponsored hacker group (lien direct) | Azure AD apps were abused by the Gadolinium (APT40) group to attack Microsoft Azure customers. | Industrial | APT 40 | |
 |
2020-09-22 15:00:00 | Weekly Threat Briefing: Android Malware, APT Groups, Election Apps, Ransomware and More (lien direct) |
The various threat intelligence stories in this iteration of the Weekly Threat Briefing discuss the following topics: APT, Cerberus Source Code Leak, Chinese APT, Mrbminer Malware, and Vulnerabilities. The IOCs related to these stories are attached to the Weekly Threat Briefing and can be used to check your logs for potential malicious activity. 
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
US 2020 Presidential Apps Riddled with Tracking and Security Flaws
(published: September 17, 2020)
The Vote Joe 2020 application has been found to be potentially leaking personal data about voters. The app is used by the Joe Biden campaign to engage with voters and get supporters to send out promotional text messages. Using TargetSmart, an intelligence service, the app receives their predictions via API endpoint which has been found to be returning additional data. Voter preference and voter prediction could be seen, while voter preference is publically accessible, the information for TargetSmart was not meant to be publicly available. The app also let users from outside of the United States download, allowing for non-US citizens to have access to the data, as there was no email verification. Vote Joe isn’t the only campaign app with security issues, as the Donald Trump application exposed hardcoded secret keys in the APK.
Recommendation: The exposure of Personally Identifiable Information (PII) requires affected individuals to take precautionary measures to protect their identity and their finances. Identity theft services can assist in preventing illicit purchases, or applying for financial services from taking place by actors using stolen data.
Tags: APK, Android, Campaign, Election, Joe Biden, PII
German Hospital Attacked, Patient Taken to Another City Dies
(published: September 17, 2020)
A failure in IT systems at Duesseldorf University Hospital in Germany has led to the death of a woman. In an apparent ransomware attack, the hospital’s systems crashed with staff unable to access data. While there was no apparent ransom note, 30 servers at the hospital had been encrypted last week, with a ransom note left on one server addressed to Heinrich Heine University. Duesseldorf police contacted the perpetrators to inform them they had attacked the hospital instead of the university, with the perpetrators providing decryption keys, however patients had to be rerouted to other hospitals and therefore a long time before being treated by doctors.
Recommendation: Educate your employees on the risks of opening attachments from unknown senders. Anti-spam and antivirus applications provided by trusted vendors should also be employed. Emails that are received from unknown senders should be carefully avoided, and attachments from such senders should not be opened. Furthermore, it is important to have a comprehensive and tested backup solution in place, in addition to a business continuity plan for the unfortunate case of ransomware infection.
MITRE ATT&CK: [MITRE ATT&CK] Data Encrypted for Impact - T1486
Tags: Germany, Healthcare, Hospital, Ransomware
|
Ransomware Malware Vulnerability Threat Patching Guideline | APT 41 | ★★★★★ |
 |
2020-09-21 16:16:34 | A week in security (September 14 – 20) (lien direct) |
A round up of cybersecurity news from September 14 – 20, including the Zerologon exploit, BLURtooth vulnerability, APT41, and phishing scams.
Categories:
A week in security
Tags: apt41blurtoothcharitiesChinesechrome extensionsdanny palmerDDos attackdomain name abusefintechransomwaretax scamus department of the interiorweb-phishingzerologon
(Read more...)
|
Guideline | APT 41 | |
 |
2020-09-18 16:08:39 | (Déjà vu) Chinese Hacking Group APT41 Attacks 100+ Companies Across The Globe – Expert Source/Comments (lien direct) | On Wednesday, September 16th, the Department of Justice announced that Chinese hackers from a group called APT41 hacked into at least 100 companies in the U.S and worldwide. The series of attacks involved the theft and abuse of code-signing certificates – yet another textbook example of the need to protect and manage keys and certificates, … The ISBuzz Post: This Post Chinese Hacking Group APT41 Attacks 100+ Companies Across The Globe – Expert Source/Comments | Guideline | APT 41 | |
 |
2020-09-18 00:00:00 | U.S. Justice Department Charges APT41 Hackers over Global Cyberattacks (lien direct) | The United States Justice Department announced that it was charging five Chinese citizens with hacking crimes committed against over 100 institutions in the United States and abroad. These five individuals were reportedly connected to the hacking group known as APT41.
|
Guideline | APT 41 | |
 |
2020-09-17 22:54:59 | Pirates Malaisiens arrêtés, les complices Chinois dans la nature (lien direct) | Le FBI stoppe les agissements d'un groupe de pirates informatiques connus sous le nom d'APT41. Deux pirates malaisiens arrêtés, leurs complices chinois ont disparu.... | Guideline | APT 41 | |
 |
2020-09-17 22:03:21 | Chinese Antivirus Firm Was Part of APT41 \'Supply Chain\' Attack (lien direct) | The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and "supply chain" attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm. | APT 41 | ||
 |
2020-09-17 10:59:00 | Les États-Unis veulent la peau des hackers chinois d\'APT41 (lien direct) | Les forces de l'ordre américaines ont mis sous les verrous deux complices malaisiens et démantelé l'infrastructure technique de ce groupe de pirates étatiques. Cinq résidents chinois ont par ailleurs été épinglés dans un acte d'accusation formel.  |
APT 41 | ||
|
2020-09-17 09:59:53 | APT41 actors charged for attacks on more than 100 victims globally (lien direct) | US Department of Justice announced indictments against 5 Chinese nationals alleged members of a state-sponsored hacking group known as APT41. The United States Department of Justice this week announced indictments against five Chinese nationals believed to be members of the cyber-espionage group known as APT41 (Winnti, Barium, Wicked Panda and Wicked Spider). US authorities are […] | Guideline | APT 41 | |
|
2020-09-16 18:28:28 | Feds Charge Chinese Hackers With Ripping Off Video Game Loot From 9 Companies (lien direct) | A group known as Barium allegedly attacked hundreds of targets around the globe-and manipulated in-game goods and currency. | Guideline | APT 41 | |
|
2020-09-16 15:03:00 | US charges five hackers part of Chinese state-sponsored group APT41 (lien direct) | US says APT41 orchestrated intrusions at more than 100 companies across the world, ranging from software vendors, video gaming companies, telcos, and more. | Guideline | APT 41 | |
 |
2020-09-16 09:50:50 | FBI adds 5 Chinese APT41 hackers to its Cyber\'s Most Wanted List (lien direct) | The United States government today announced charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers that are responsible for hacking than 100 companies throughout the world.
Named as APT41 and also known as 'Barium,' 'Winnti, 'Wicked Panda,' and 'Wicked Spider,' the cyber-espionage group has been operating since at least 2012 and is not just |
Guideline | APT 41 | |
 |
2020-04-02 09:00:00 | Catching APT41 exploiting a zero-day vulnerability (lien direct) | This blog looks at how the cyber-criminal group APT41 exploited a zero-day vulnerability, and examines how Darktrace's AI detected and investigated the threat at machine speed. | Vulnerability Threat Guideline | APT 41 | |
|
2020-03-27 11:28:14 | Chinese Hacker Group APT41 Uses Recent Exploits To Target Companies Worldwide (lien direct) | It has been reported that a Chinese cyberespionage group has been attacking organizations worldwide by exploiting vulnerabilities in popular business applications and devices from companies such as Cisco, Citrix and Zoho. In light of the ongoing COVID-19 crisis, the risk to companies is even greater, because IT staff are working remotely and the rush to … The ISBuzz Post: This Post Chinese Hacker Group APT41 Uses Recent Exploits To Target Companies Worldwide | Guideline | APT 41 | |
 |
2020-03-26 10:44:25 | Cisco, Citrix Flaws Exploited by Chinese Hackers (lien direct) | Researchers say that APT41's exploits are part of one of the broadest espionage campaigns they've seen from a Chinese-linked actor “in recent years.” Researchers warn that APT41, a notorious China-linked threat group, has targeted more than 75 organizations worldwide in “one of the broadest campaigns by a Chinese cyber-espionage actor observed in recent years.” […] | Threat Guideline | APT 41 | |
|
2020-03-25 22:17:01 | China-linked APT41 group exploits Citrix, Cisco, Zoho flaws (lien direct) | The China-linked group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and ManageEngine in a campaign on a global scale. The China-linked cyberespionage group tracked as APT41 exploited vulnerabilities in Citrix, Cisco, and Zoho ManageEngine in a campaign on a global scale. The campaign was uncovered by FireEye, threat actor targeted many organizations worldwide the […] | Threat Guideline | APT 41 | |
 |
2020-03-25 18:55:29 | Chinese Hackers Use Cisco, Citrix, Zoho Exploits In Targeted Attacks (lien direct) | The Chinese state-sponsored group APT41 has been at the helm of a range of attacks that used recent exploits to target security flaws in Citrix, Cisco, and Zoho appliances and devices of entities from a multitude of industry sectors spanning the globe. [...] | Guideline | APT 41 | |
 |
2020-03-25 07:00:00 | Ce n'est pas un test: APT41 lance une campagne d'intrusion mondiale en utilisant plusieurs exploits This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits (lien direct) |
À partir de cette année, Fireeye a observé chinoisL'acteur APT41 Effectuer l'une des campagnes les plus larges d'un acteur de cyber-espionnage chinois que nous avons observé ces dernières années.Entre le 20 janvier et le 11 mars, Fireeye a observé apt41 Exploiter les vulnérabilités dans Citrix NetScaler / ADC , les routeurs Cisco, et Zoho ManageEngine Desktop Central dans plus de 75 clients Fireeye.Les pays que nous avons vus ciblés comprennent l'Australie, le Canada, le Danemark, la Finlande, la France, l'Inde, l'Italie, le Japon, la Malaisie, le Mexique, les Philippines, la Pologne, le Qatar, l'Arabie saoudite, Singapour, la Suède, la Suisse, les Émirats arabes unis, le Royaume-Uni et les États-Unis.Le suivant
Beginning this year, FireEye observed Chinese actor APT41 carry out one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years. Between January 20 and March 11, FireEye observed APT41 attempt to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central at over 75 FireEye customers. Countries we\'ve seen targeted include Australia, Canada, Denmark, Finland, France, India, Italy, Japan, Malaysia, Mexico, Philippines, Poland, Qatar, Saudi Arabia, Singapore, Sweden, Switzerland, UAE, UK and USA. The following |
Vulnerability | APT 41 APT 41 APT-C-17 | ★★★ |
|
2020-02-10 08:28:13 | Malaysia\'s MyCERT warns cyber espionage campaign carried out by APT40 (lien direct) | Malaysia’s MyCERT issued a security alert to warn of a hacking campaign targeting government officials that was carried out by the China-linked APT40 group. Malaysia’s Computer Emergency Response Team (MyCERT) warns of a cyber espionage campaign carried out by the China-linked APT40 group aimed at Malaysian government officials. The attackers aimed at stealing confidential documents […] | Industrial | APT 40 | |
|
2020-02-07 01:25:41 | Malaysia warns of Chinese hacking campaign targeting government projects (lien direct) | MyCERT security alert points the finger at APT40, a Chinese state-sponsored hacking crew. | Industrial | APT 40 | |
|
2020-01-20 16:32:45 | A week in security (January 13 – 19) (lien direct) |
Our weekly security roundup for January 13-19, with a look at elastic servers, data enrichment, rootkits, regulation for deepfakes, and more.
Categories:
A week in security
Tags: apt40Ciscocitrixdata enrichmentdeepfakeselastic serversemotetrootkittravelexweleakinfo
(Read more...)
|
Industrial | APT 40 | |
|
2020-01-13 17:01:05 | Report: Chinese hacking group APT40 hides behind network of front companies (lien direct) | A group of anonymous security analysts have tracked down 13 front companies operating in the island of Hainan through which they say the Chinese state has been recruiting hackers. | APT 40 | ★★★★ | |
|
2019-11-01 09:44:09 | (Déjà vu) Telco Networks SMS Messages stolen by Chinese Cyber Espionage Group (lien direct) | APT41’s new campaign is latest to highlight trend by Chinese threat groups to attack upstream service providers as a way to reach its intended targets, FireEye says. APT41, a Chinese hacking group known for its prolific state-sponsored espionage campaigns, has begun targeting telecommunications companies with new malware designed to monitor and save SMS traffic from […] | Malware Threat Guideline | APT 41 | |
 |
2019-10-31 16:20:00 | Chinese Cyber Espionage Group Steals SMS Messages via Telco Networks (lien direct) | APT41's new campaign is latest to highlight trend by Chinese threat groups to attack upstream service providers as a way to reach its intended targets, FireEye says. | Threat Guideline | APT 41 | |
|
2019-10-31 15:48:55 | China-linked APT41 group targets telecommunications companies with new backdoor (lien direct) | China-linked APT41 group is targeting telecommunications companies with a new piece of malware used to spy on text messages of highly targeted individuals. Researchers at FireEye discovered a new backdoor tracked as MessageTap that China-linked APT41 group are using to spy on text messages sent or received by highly targeted individuals The experts found the […] | Malware Guideline | APT 41 | |
 |
2019-10-31 14:16:56 | (Déjà vu) Qui lit vos messages ? Le Dernier rapport de FireEye a identifié un malware qui infecte les serveurs SMS (lien direct) | FireEye vient de sortir ce nouveau rapport concernant les dernières activités du groupe chinois APT41. FireEye a identifié un malware unique appelé MESSAGETAP qui infecte les serveurs SMS au sein des organisations de télécommunication pour faciliter les intrusions de cyber espionnage. Et cette surveillance ne s'arrête pas aux frontières de la Chine. Un résumé des points clés ci-dessous. • APT41, un groupe de cybermenaces très avancé qui s'aligne sur les efforts d'espionnage chinois, vole des (...) - Investigations | Malware Guideline | APT 41 | |
|
2019-10-31 08:51:31 | FireEye vient de sortir un nouveau rapport concernant les dernières activités du groupe chinois APT41 (lien direct) | FireEye vient de sortir ce nouveau rapport concernant les dernières activités du groupe chinois APT41. FireEye a identifié un malware unique appelé MESSAGETAP qui infecte les serveurs SMS au sein des organisations de télécommunication pour faciliter les intrusions de cyber espionnage. Et cette surveillance ne s'arrête pas aux frontières de la Chine. Rapport complet : https://www.fireeye.com/blog/threat... • APT41, un groupe de cybermenaces très avancé qui s'aligne sur les efforts (...) - Investigations | Malware Guideline | APT 41 | |
|
2019-10-31 08:00:00 | Messagetap: Qui lit vos messages texte? MESSAGETAP: Who\\'s Reading Your Text Messages? (lien direct) |
Fireeye Mandiant a récemment découvert une nouvelle famille de logiciels malveillants utilisé par APT41 (un groupe APT chinois) conçu pour surveiller et enregistrer le trafic SMS à partir de numéros de téléphone spécifiques, de numéros IMSI et de mots clés pour le vol ultérieur.Nommé Messagetap, l'outil a été déployé par APT41 dans un fournisseur de réseaux de télécommunications à l'appui des efforts d'espionnage chinois.Les opérations d'APT41 \\ ont inclus des missions de cyber-espionnage parrainées par l'État ainsi que des intrusions financièrement motivées.Ces opérations se sont déroulées depuis 2012 à nos jours.Pour un aperçu de l'APT41, consultez notre Août 2019 Blog Post ou | Malware Tool | APT 41 | ★★★ |
|
2019-10-15 09:15:00 | Lowkey: Chasse pour l'ID de série de volume manquant LOWKEY: Hunting for the Missing Volume Serial ID (lien direct) |
En août 2019, Fireeye a publié le « Double Dragon » Rapport sur notre nouveau groupe de menaces gradué: APT41.Un groupe à double espionnage en Chine-Nexus et un groupe financièrement axé sur les financières, APT41 cible des industries telles que les jeux, les soins de santé, la haute technologie, l'enseignement supérieur, les télécommunications et les services de voyage.
Ce billet de blog concerne la porte dérobée passive sophistiquée que nous suivons en tant que Lowkey, mentionnée dans le rapport APT41 et récemment dévoilée au Fireeye Cyber Defense Summit .Nous avons observé le dispositif de ciel utilisé dans des attaques très ciblées, en utilisant des charges utiles qui fonctionnent uniquement sur des systèmes spécifiques.Famille de logiciels malveillants supplémentaires
In August 2019, FireEye released the “Double Dragon” report on our newest graduated threat group: APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services. This blog post is about the sophisticated passive backdoor we track as LOWKEY, mentioned in the APT41 report and recently unveiled at the FireEye Cyber Defense Summit. We observed LOWKEY being used in highly targeted attacks, utilizing payloads that run only on specific systems. Additional malware family |
Malware Threat | APT 41 APT-C-17 | ★★★★ |
|
2019-08-21 17:26:00 | China-linked APT41 group targets US-Based Research University (lien direct) | Security experts at FireEye observed Chinese APT41 APT group targeting a web server at a U.S.-based research university. Experts at FireEye observed Chinese APT41 APT group targeting a web server at a U.S.-based research university. The APT41 has been active since at least 2012, it was involved in both state-sponsored espionage campaigns and financially-motivated attacks […] | Guideline | APT 41 | |
 |
2019-08-20 14:32:05 | APT41 – Identification d\'un nouveau groupe de hackers Chinois ciblant la France (lien direct) |  APT41 – un acteur œuvrant principalement dans l'espionnage et le cyber crime – il est responsable d'opérations ciblées contre des organisations dans 15 pays différents, dont la France, dans de multiples secteurs d'activités dont la santé, les jeux vidéo, le high tech et les medias. |
Guideline | APT 41 | |
|
2019-08-19 12:30:00 | Game Over: détecter et arrêter une opération APT41 GAME OVER: Detecting and Stopping an APT41 Operation (lien direct) |
En août 2019, Fireeye a publié le rapport "Double Dragon" Sur notre nouveau groupe de menaces diplômées, APT41.Espionage à double espionnage China-Nexus et groupe financièrement axé sur les financières, APT41 cible des industries telles que les jeux, les soins de santé, la haute technologie, l'enseignement supérieur, les télécommunications et les services de voyage.APT41 est connu pour s'adapter rapidement aux changements et aux détections dans les environnements de victimes, recompilant souvent les logiciels malveillants dans les heures suivant l'activité des répondeurs.Dans plusieurs situations, nous avons également identifié APT41 en utilisant des vulnérabilités récemment divulguées, souvent en armement et en exploitant en quelques jours.
In August 2019, FireEye released the “Double Dragon” report on our newest graduated threat group, APT41. A China-nexus dual espionage and financially-focused group, APT41 targets industries such as gaming, healthcare, high-tech, higher education, telecommunications, and travel services. APT41 is known to adapt quickly to changes and detections within victim environments, often recompiling malware within hours of incident responder activity. In multiple situations, we also identified APT41 utilizing recently-disclosed vulnerabilities, often weaponzing and exploiting within a matter of days. |
Malware Threat | APT 41 APT 41 | ★★★★ |
|
2019-08-07 07:00:00 | APT41: un double espionnage et une opération de cybercriminalité APT41: A Dual Espionage and Cyber Crime Operation (lien direct) |
Aujourd'hui, FireEye Intelligence publie un rapport complet détaillant APT41, un groupe de cyber-menaces chinois prolifique qui effectue une activité d'espionnage parrainée par l'État parallèlement aux opérations à motivation financière.L'APT41 est unique parmi les acteurs de la Chine suivis en ce qu'il exploite les logiciels malveillants non publiques généralement réservés aux campagnes d'espionnage dans ce qui semble être une activité à des fins personnelles.Le ciblage explicite financièrement motivé est inhabituel parmi les groupes de menaces parrainés par l'État chinois, et les preuves suggèrent que l'APT41 a mené des opérations simultanées de cybercriminalité et de cyber-espionnage
Today, FireEye Intelligence is releasing a comprehensive report detailing APT41, a prolific Chinese cyber threat group that carries out state-sponsored espionage activity in parallel with financially motivated operations. APT41 is unique among tracked China-based actors in that it leverages non-public malware typically reserved for espionage campaigns in what appears to be activity for personal gain. Explicit financially-motivated targeting is unusual among Chinese state-sponsored threat groups, and evidence suggests APT41 has conducted simultaneous cyber crime and cyber espionage operations |
Threat | APT 41 APT 41 | ★★★★ |
|
2019-03-06 07:59:00 | APT40 cyberespionage group supporting growth of China\'s naval sector (lien direct) | A cyber-espionage group, tracked as APT40, apparently linked to the Chinese government is focused on targeting countries important to the country's Belt and Road Initiative. The cyber-espionage group tracked as APT40 (aka TEMP.Periscope, TEMP.Jumper, and Leviathan), apparently linked to the Chinese government, is focused on targeting countries important to the country's Belt and Road Initiative […] | Industrial | APT 40 | |
 |
2019-03-05 13:19:03 | State-Sponsored Hackers Supporting China\'s Naval Modernization Efforts: Report (lien direct) | APT40 Hackers Appear to be Supporting China's Belt and Road Initiative | Industrial | APT 40 | |
|
2019-03-04 13:00:00 | APT40: Examiner un acteur d'espionnage en Chine-Nexus APT40: Examining a China-Nexus Espionage Actor (lien direct) |
Fireeye met en évidence une opération de cyber-espionnage ciblant les technologies cruciales et les cibles de renseignement traditionnelles d'un acteur parrainé par l'État de Chine-Nexus que nous appelons APT40.L'acteur a mené des opérations depuis au moins 2013 à l'appui de l'effort de modernisation navale de la Chine.Le groupe a spécifiquement ciblé l'ingénierie, le transport et l'industrie de la défense, en particulier lorsque ces secteurs chevauchent les technologies maritimes.Plus récemment, nous avons également observé un ciblage spécifique des pays stratégiquement importants pour l'initiative Belt and Road, notamment le Cambodge, la Belgique, l'Allemagne
FireEye is highlighting a cyber espionage operation targeting crucial technologies and traditional intelligence targets from a China-nexus state sponsored actor we call APT40. The actor has conducted operations since at least 2013 in support of China\'s naval modernization effort. The group has specifically targeted engineering, transportation, and the defense industry, especially where these sectors overlap with maritime technologies. More recently, we have also observed specific targeting of countries strategically important to the Belt and Road Initiative including Cambodia, Belgium, Germany |
APT 40 APT 40 | ★★★★ | |
|
2018-12-26 15:00:00 | The Most-Read WIRED Science Stories of 2018 (lien direct) | Feast your mind on stories about brain-eating amoebas, the science of wildfires, and a criminal twist to the genetics revolution. | Guideline | APT 41 | |
|
2018-11-15 11:04:02 | Chinese TEMP.Periscope cyberespionage group was using TTPs associated with Russian APTs (lien direct) | Chinese TEMP.Periscope cyberespionage group targeted a UK-based engineering company using TTPs associated with Russia-linked APT groups. Attribution of cyber attacks is always a hard task, in many cases attackers use false flags to masquerade their identities. Chinese hackers have targeted a UK-based engineering company using techniques and artifacts attributed to the Russia-linked APT groups Dragonfly and […] | Industrial | APT 40 | |
|
2018-10-31 13:00:00 | Top Stories in October: \'Next Generation\' Voting Machines Have Alarming Vulnerabilities (lien direct) | Plus: The carousing Texan who won a Nobel, a brain-eating amoeba claims another victim, and Netflix finally cancels some shows. | Guideline | APT 41 | |
|
2018-10-02 18:53:05 | A Brain-Eating Amoeba Just Claimed Another Victim (lien direct) | Naegleria fowleri lays waste to cells in the brain, leading to a grisly demise in the very rare cases when it manages to lodge itself in a victim's nasal cavity. | Guideline | APT 41 | |
 |
2018-07-20 09:33:00 | TEMP.Periscope : Des pirates Chinois, amateurs d\'éléctions présidentielles ? (lien direct) | Il n’y aurait pas que les pirates Russes amateurs d’éléctions ? Le groupe d'espionnage chinois TEMP.Periscope cible... L'article TEMP.Periscope : Des pirates Chinois, amateurs d’éléctions présidentielles ? est apparu en premier sur Data Security Breach. | Industrial | APT 40 | |
|
2018-07-12 08:22:03 | China-based TEMP.Periscope APT targets Cambodia\'s elections (lien direct) | FireEye uncovered a large-scale Chinese phishing and hacking campaign powered by Temp.periscope APT aimed at Cambodia’s elections. Security researchers at FireEye have uncovered a large-scale Chinese phishing and hacking campaign aimed at Cambodia’s elections. The hackers distributed a remote access trojan (RAT) and data exfiltration operation targeting the poll. The experts from FireEye attributed the attacks to an APT group tracked […] | Industrial | APT 40 | |
|
2018-07-10 07:00:00 | Le groupe d'espionnage chinois Temp.Periscope cible le Cambodge avant les élections de juillet 2018 et révèle de larges opérations à l'échelle mondiale Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally (lien direct) |
Introduction
Fireeye a examiné une gamme d'activités de périccope révélant un intérêt étendu pour la politique du Cambodge \\, avec des compromis actifs de plusieurs entités cambodgiennes liées au système électoral du pays.Cela comprend les compromis des entités gouvernementales cambodgienes chargées de superviser les élections, ainsi que le ciblage des chiffres de l'opposition.Cette campagne se déroule dans la mise en ligne vers les élections générales du 29 juillet 2018 du pays.Temp.Periscope a utilisé la même infrastructure pour une gamme d'activités contre d'autres cibles plus traditionnelles, y compris la base industrielle de la défense
Introduction FireEye has examined a range of TEMP.Periscope activity revealing extensive interest in Cambodia\'s politics, with active compromises of multiple Cambodian entities related to the country\'s electoral system. This includes compromises of Cambodian government entities charged with overseeing the elections, as well as the targeting of opposition figures. This campaign occurs in the run up to the country\'s July 29, 2018, general elections. TEMP.Periscope used the same infrastructure for a range of activity against other more traditional targets, including the defense industrial base |
Industrial | APT 40 | ★★★★ |
|
2018-07-05 17:10:01 | Threat Model Thursdays: Crispin Cowan (lien direct) | Over at the Leviathan blog, Crispin Cowan writes about “The Calculus Of Threat Modeling.” Crispin and I have collaborated and worked together over the years, and our approaches are explicitly aligned around the four question frame. What are we working on? One of the places where Crispin goes deeper is definitional. He’s very precise about … Continue reading "Threat Model Thursdays: Crispin Cowan" | Threat Industrial | APT 40 | |
|
2018-03-20 09:52:03 | Un groupe de cyber-espionnage chinois s\'attaque à des entreprises américaines (lien direct) |  Un groupe de cyber-espionnage chinois (TEMP.Periscope) s'attaque à des entreprises américaines dans les secteurs de l'ingénierie et du maritime. |
Industrial | APT 40 | |
|
2018-03-17 16:49:02 | Chinese APT Group TEMP.Periscope targets US Engineering and Maritime Industries (lien direct) | The China-linked APT group Leviathan. aka TEMP.Periscope, has increased the attacks on engineering and maritime entities over the past months. Past attacks conducted by the group aimed at targets connected to South China Sea issues, most of them were research institutes, academic organizations, and private firms in the United States. The group has also targeted professional/consulting services, high-tech industry, […] | Industrial | APT 40 |
To see everything:
Our RSS (filtrered)
