What's new arround internet
Last one

Src Date (GMT) Titre Description Tags Stories Notes
Mandiant.webp 2025-02-11 20:00:00 Cybercrime: A Multifaceted National Security Threat (lien direct) Executive Summary Cybercrime makes up a majority of the malicious activity online and occupies the majority of defenders\' resources. In 2024, Mandiant Consulting responded to almost four times more intrusions conducted by financially motivated actors than state-backed intrusions. Despite this overwhelming volume, cybercrime receives much less attention from national security practitioners than the threat from state-backed groups. While the threat from state-backed hacking is rightly understood to be severe, it should not be evaluated in isolation from financially motivated intrusions.  A hospital disrupted by a state-backed group using a wiper and a hospital disrupted by a financially motivated group using ransomware have the same impact on patient care. Likewise, sensitive data stolen from an organization and posted on a data leak site can be exploited by an adversary in the same way data exfiltrated in an espionage operation can be. These examples are particularly salient today, as criminals increasingly target and leak data from hospitals. Healthcare\'s share of posts on data leak sites has doubled over the past three years, even as the number of data leak sites tracked by Google Threat Intelligence Group has increased by nearly 50% year over year. The impact of these attacks mean that they must be taken seriously as a national security threat, no matter the motivation of the actors behind it. Cybercrime also facilitates state-backed hacking by allowing states to purchase cyber capabilities, or co-opt criminals to conduct state-directed operations to steal data or engage in disruption. Russia has drawn on criminal capabilities to fuel the cyber support to their war in Ukraine. GRU-linked APT44 (aka Sandworm), a unit of Russian military intelligence, has employed malware available from cybercrime communities to conduct espionage and disruptive operations in Ukraine and CIGAR (aka RomCom), a group that historically focused on cybercrime, has conducted espionage operations against the Ukrainian government since 2022. However, this is not limited to Russia. Iranian threat groups deploy ransomware to raise funds while simultaneously conducting espionage, and Chinese espionage groups often supplement their income with cybercrime. Most notably, North Korea uses state-backed groups to directly generate revenue for the regime. North Korea has heavily targeted cryptocurrencies, compromising exchanges and individual victims\' crypto wallets.  Despite the overlaps in effects and collaboration with states, tackling the root causes of cybercrime requires fundamentally different solutions. Cybercrime involves collaboration between disparate groups often across borders and without respect to sovereignty. Any solution requires international cooperation by both law enforcement and intelligence agencies to track, arrest, and prosecute these criminals. Individual takedowns can have important temporary effects, but the collaborative nature of cybercrime means that the disrupted group will be quickly replaced by others offering the same service. Achieving broader success will require collaboration between countries and public and private sectors on systemic solutions such as increasing education and resilience efforts. aside_block Ransomware Malware Tool Vulnerability Threat Legislation Medical Cloud Technical APT 41 APT 38 APT 29 APT 43 APT 44 ★★★
Mandiant.webp 2024-07-25 14:00:00 APT45: Machine militaire numérique de la Corée du Nord
APT45: North Korea\\'s Digital Military Machine (lien direct)		 Written by: Taylor Long, Jeff Johnson, Alice Revelli, Fred Plan, Michael Barnhart
  Executive Summary APT45 is a long-running, moderately sophisticated North Korean cyber operator that has carried out espionage campaigns as early as 2009. APT45 has gradually expanded into financially-motivated operations, and the group\'s suspected development and deployment of ransomware sets it apart from other North Korean operators.  APT45 and activity clusters suspected of being linked to the group are strongly associated with a distinct genealogy of malware families separate from peer North Korean operators like TEMP.Hermit and APT43.  Among the groups assessed to operate from the Democratic People\'s Republic of Korea (DPRK), APT45 has been the most frequently observed targeting critical infrastructure. Overview Mandiant assesses with high confidence that APT45 is a moderately sophisticated cyber operator that supports the interests of the DPRK. Since at least 2009, APT45 has carried out a range of cyber operations aligned with the shifting geopolitical interests of the North Korean state. Although the group\'s earliest observed activities consisted of espionage campaigns against government agencies and defense industries, APT45 has expanded its remit to financially-motivated operations, including targeting of the financial vertical; we also assess with moderate confidence that APT45 has engaged in the development of ransomware. Additionally, while multiple DPRK-nexus groups focused on healthcare and pharmaceuticals during the initial stages of the COVID-19 pandemic, APT45 has continued to target this vertical longer than other groups, suggesting an ongoing mandate to collect related information. Separately, the group has conducted operations against nuclear-related entities, underscoring its role in supporting DPRK priorities. apt45 logo Shifts in Targeting and Expanding Operations Similar to other cyber threat activity attributed to North Korea-nexus groups, shifts in APT45 operations have reflected the DPRK\'s changing priorities. Malware samples indicate the group was active as early as 2009, although an observed focus on government agencies and the defense industry was observed beginning in 2017. Identified activity in 2019 aligned with Pyongyang\'s continued interest in nuclear issues and energy. Although it is not clear if financially-motivated operations are a focus of APT45\'s current mandate, the group is distinct from other North Korean operators in its suspected interest in ransomware. Given available information, it is possible that APT45 is carrying out financially-motivated cybercrime not only in support of its own operations but to generate funds for other North Korean state priorities. Financial Sector Like other North Korea		 Ransomware Malware Tool Threat Medical APT 37 APT 43 ★★★★★
itsecurityguru.webp 2020-11-17 11:19:05 COVID-19 vaccine research firms targeted by Russian and North Korean hackers (lien direct) Microsoft has recently alerted governments across the globe that the North Korean hacker groups Cerium and Zinc, as well as the Russian hacker group Strontium, have been targeting organisations involved in COVID-19 vaccine research using brute-force, credential stuffing and spear-phishing attacks. Tom Burt, Microsoft’s Corporate Vice President for Customer Security & Trust, said in a […] Medical APT 38 APT 28 APT 43
SecurityAffairs.webp 2020-11-13 17:18:12 Three APT groups have targeted at least seven COVID-19 vaccine makers (lien direct) At least the three nation-state actors have targeted seven COVID-19 vaccine makers, they are Strontium, Lazarus Group, and Cerium, Microsoft warns. Microsoft revealed that at least three APT groups have targeted seven companies involved in COVID-19 vaccines research and treatments. “In recent months, we've detected cyberattacks from three nation-state actors targeting seven prominent companies directly […] Medical APT 38 APT 28 APT 43
ZDNet.webp 2020-11-13 14:00:00 Microsoft says three APTs have targeted seven COVID-19 vaccine makers (lien direct) The three state-sponsored hacker groups (APTs) are Russia's Strontium (Fancy Bear) and North Korea's Zinc (Lazarus Group) and Cerium. Medical APT 38 APT 28 APT 43
Last update at: 2025-05-10 14:07:21
See our sources.
My email:

To see everything: Our RSS (filtrered) Twitter