SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2024-06-05 14:00:00	Phishing pour l'or: cyber-menaces auxquelles sont confrontés les Jeux olympiques de Paris 2024 Phishing for Gold: Cyber Threats Facing the 2024 Paris Olympics (lien direct)	Written by: Michelle Cantos, Jamie Collier Executive Summary Mandiant assesses with high confidence that the Paris Olympics faces an elevated risk of cyber threat activity, including cyber espionage, disruptive and destructive operations, financially-motivated activity, hacktivism, and information operations. Olympics-related cyber threats could realistically impact various targets including event organizers and sponsors, ticketing systems, Paris infrastructure, and athletes and spectators traveling to the event. Mandiant assesses with high confidence that Russian threat groups pose the highest risk to the Olympics. While China, Iran, and North Korea state sponsored actors also pose a moderate to low risk. To reduce the risk of cyber threats associated with the Paris Olympics, organizations should update their threat profiles, conduct security awareness training, and consider travel-related cyber risks. The security community is better prepared for the cyber threats facing the Paris Olympics than it has been for previous Games, thanks to the insights gained from past events. While some entities may face unfamiliar state-sponsored threats, many of the cybercriminal threats will be familiar. While the technical disruption caused by hacktivism and information operations is often temporary, these operations can have an outsized impact during high-profile events with a global audience. Introduction The 2024 Summer Olympics taking place in Paris, France between July and August creates opportunities for a range of cyber threat actors to pursue profit, notoriety, and intelligence. For organizations involved in the event, understanding relevant threats is key to developing a resilient security posture. Defenders should prepare against a variety of threats that will likely be interested in targeting the Games for different reasons: Cyber espionage groups are likely to target the 2024 Olympics for information gathering purposes, due to the volume of government officials and senior decision makers attending. Disruptive and destructive operations could potentially target the Games to cause negative psychological effects and reputational damage. This type of activity could take the form of website defacements, distributed denial of service (DDoS) attacks, the deployment of wiper malware, and operational technology (OT) targeting. As a high profile, large-scale sporting event with a global audience, the Olympics represents an ideal stage for such operations given that the impact of any disruption would be significantly magnified. Information operations will likely leverage interest in the Olympics to spread narratives and disinformation to target audiences. In some cases, threat actors may leverage disruptive and destructive attacks to amplify the spread of particular narratives in hybrid operations. Financially-motivated actors are likely to target the Olympics in v	Ransomware Malware Threat Studies Mobile Cloud Technical	APT 15 APT 31 APT 42
	2018-09-13 11:00:00	APT10 ciblant les sociétés japonaises à l'aide de TTPS mis à jour APT10 Targeting Japanese Corporations Using Updated TTPs (lien direct)	Introduction En juillet 2018, les appareils FireEye ont détecté et bloqué ce qui semble être une activité APT10 (Menupass) ciblant le secteur des médias japonais.APT10 est un groupe de cyber-espionnage chinois que Fireeye a suivi depuis 2009, et ils ont une histoire de ciblant les entités japonaises . Dans cette campagne, le groupe a envoyé des e-mails de phishing de lance contenant des documents malveillants qui ont conduit à l'installation de la porte dérobée Uppercut.Cette porte dérobée est bien connue dans la communauté de la sécurité comme Anel , et il venait en bêta ou en RC (candidat à la libération) jusqu'à récemment.Une partie de cet article de blog discutera du Introduction In July 2018, FireEye devices detected and blocked what appears to be APT10 (Menupass) activity targeting the Japanese media sector. APT10 is a Chinese cyber espionage group that FireEye has tracked since 2009, and they have a history of targeting Japanese entities. In this campaign, the group sent spear phishing emails containing malicious documents that led to the installation of the UPPERCUT backdoor. This backdoor is well-known in the security community as ANEL, and it used to come in beta or RC (release candidate) until recently. Part of this blog post will discuss the	Technical	APT 10 APT 10	★★★★
	2017-04-06 14:00:00	APT10 (Menupass Group): Nouveaux outils, la dernière campagne de la campagne mondiale de la menace de longue date APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat (lien direct)	APT10 Background APT10 (Menupass Group) est un groupe de cyber-espionnage chinois que Fireeye a suivi depuis 2009. Ils ont historiquement ciblé la construction et l'ingénierie, l'aérospatiale et les sociétés de télécommunications et les gouvernements aux États-Unis, en Europe et au Japon.Nous pensons que le ciblage de ces industries a soutenu les objectifs de sécurité nationale chinoise, notamment l'acquisition de précieuses informations militaires et de renseignement ainsi que le vol de données commerciales confidentielles pour soutenir les sociétés chinoises.Pwc et Bae ont récemment publié un blog conjoint > APT10 Background APT10 (MenuPass Group) is a Chinese cyber espionage group that FireEye has tracked since 2009. They have historically targeted construction and engineering, aerospace, and telecom firms, and governments in the United States, Europe, and Japan. We believe that the targeting of these industries has been in support of Chinese national security goals, including acquiring valuable military and intelligence information as well as the theft of confidential business data to support Chinese corporations. PwC and BAE recently issued a joint blog detailing extensive APT10 activity.	Threat Technical	APT 10 APT 10	★★★★
	2014-09-03 18:00:29	Le groupe APT préféré de Darwin \\ Darwin\\'s Favorite APT Group (lien direct)	Introduction Les attaquants appelés APT12 (également connu sous le nom d'Ixeshe, Dyncalc et DNSCALC) ont récemment lancé une nouvelle campagne ciblant les organisations au Japon et à Taïwan.L'APT12 serait un groupe de cyber-espionnage qui aurait des liens avec l'armée de libération du peuple chinois.Les objectifs d'APT12 \\ sont conformes aux objectifs de la République de Chine (PRC) de la République de Chine (PRC).Les intrusions et les campagnes menées par ce groupe sont en ligne avec les objectifs de la RPC et l'intérêt personnel à Taïwan.De plus, les nouvelles campagnes que nous avons révélées mettent davantage met en évidence la corrélation entre les groupes APT qui cessent et réoulèvent Introduction The attackers referred to as APT12 (also known as IXESHE, DynCalc, and DNSCALC) recently started a new campaign targeting organizations in Japan and Taiwan. APT12 is believed to be a cyber espionage group thought to have links to the Chinese People\'s Liberation Army. APT12\'s targets are consistent with larger People\'s Republic of China (PRC) goals. Intrusions and campaigns conducted by this group are in-line with PRC goals and self-interest in Taiwan. Additionally, the new campaigns we uncovered further highlight the correlation between APT groups ceasing and retooling	Technical	APT 12	★★★★

Last update at: 2024-06-06 18:08:05
See our sources.

To see everything: Our RSS (filtrered)