What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-11 13:47:19 | CISA Orde les agences affectées par Microsoft Hack pour atténuer les risques CISA orders agencies impacted by Microsoft hack to mitigate risks (lien direct) |
CISA a publié une nouvelle directive d'urgence ordonnant aux agences fédérales américaines de répondre aux risques résultant de la violation de plusieurs comptes de messagerie Microsoft d'entreprise par le groupe de piratage russe APT29.[...]
CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. [...] |
Hack | APT 29 | ★★★ |
 |
2024-03-09 09:31:00 | Microsoft confirme que les pirates russes ont volé le code source, certains secrets des clients Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets (lien direct) |
Vendredi, Microsoft a révélé que l'acteur de menace soutenu par le Kremlin connu sous le nom de & nbsp; Midnight Blizzard & nbsp; (aka apt29 ou confort) a réussi à accéder à certains de ses référentiels de code source et systèmes internes après A & NBSP; hack qui est venu à la lumière & NBSP; en janvier 2024.
"Ces dernières semaines, nous avons vu des preuves que Midnight Blizzard utilise des informations initialement exfiltrées de notre
Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024. "In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our |
Hack Threat | APT 29 | ★★★ |
|
2023-10-30 17:54:13 | La SEC poursuit Solarwinds pour les investisseurs trompeurs avant 2020 Hack SEC sues SolarWinds for misleading investors before 2020 hack (lien direct) |
La Commission américaine des Securities and Exchange (SEC) a accusé aujourd'hui des solarwind de frauder les investisseurs en dissimulant prétendument les problèmes de défense de la cybersécurité avant une division de piratage de décembre 2020 à l'APT29, la division de piratage du Russian Foreign Intelligence Service (SVR).[...]
The U.S. Securities and Exchange Commission (SEC) today charged SolarWinds with defrauding investors by allegedly concealing cybersecurity defense issues before a December 2020 linked to APT29, the Russian Foreign Intelligence Service (SVR) hacking division. [...] |
Hack | Solardwinds APT 29 | ★★★ |
 |
2023-03-14 22:00:00 | Kremlin-backed hackers blamed in recent phishing attempts on EU agencies (lien direct) |
A Russian state-backed hacker group known as Nobelium is behind recent attempted cyberattacks on diplomatic entities and government agencies in the European Union, cybersecurity researchers say. In a campaign identified in early March, the hackers sent phishing emails with content related to diplomatic relations between Poland and the U.S., according to a report by cybersecurity |
Hack | APT 29 | ★★★ |
 |
2022-08-30 15:01:00 | Anomali Cyber Watch: First Real-Life Video-Spoofing Attack, MagicWeb Backdoors via Non-Standard Key Identifier, LockBit Ransomware Blames Victim for DDoSing Back, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Authentication, DDoS, Fingerprinting, Iran, North Korea, Ransomware, and Russia. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
LastPass Hackers Stole Source Code
(published: August 26, 2022)
In August 2022, an unidentified threat actor gained access to portions of the password management giant LastPass development environment. LastPass informed that it happened through a single compromised developer account and the attacker took portions of source code and some proprietary LastPass technical information. The company claims that this incident did not affect customer data or encrypted password vaults.
Analyst Comment: This incident doesn’t seem to have an immediate impact on LastPass users. Still, organizations relying on LastPass should raise the concern in their risk assessment since “white-box hacking” (when source code of the attacking system is known) is easier for threat actors. Organizations providing public-facing software should take maximum measures to block threat actors from their development environment and establish robust and transparent security protocols and practices with all third parties involved in their code development.
Tags: LastPass, Password manager, Data breach, Source code
Mercury Leveraging Log4j 2 Vulnerabilities in Unpatched Systems to Target Israeli
(published: August 25, 2022)
Starting in July 2022, a new campaign by Iran-sponsored group Static Kitten (Mercury, MuddyWater) was detected targeting Israeli organizations. Microsoft researchers detected that this campaign was leveraging exploitation of Log4j 2 vulnerabilities (CVE-2021-45046 and CVE-2021-44228) in SysAid applications (IT management tools). For persistence Static Kitten was dropping webshells, creating local administrator accounts, stealing credentials, and adding their tools in the startup folders and autostart extensibility point (ASEP) registry keys. Overall the group was heavily using various open-source and built-in operating system tools: eHorus remote management software, Ligolo reverse tunneling tool, Mimikatz credential theft tool, PowerShell programs, RemCom remote service, Venom proxy tool, and Windows Management Instrumentation (WMI).
Analyst Comment: Network defenders should monitor for alerts related to web shell threats, suspicious RDP sessions, ASEP registry anomaly, and suspicious account creation. Similarly, SysAid users can monitor for webshells and abnormal processes related to SysAisServer instance. Even though Static Kitten was observed leveraging the Log4Shell vulnerabilities in the past (targeting VMware apps), most of their attacks still start with spearphishing, often from a compromised email account.
MITRE ATT&CK: [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] OS Credential Dumping - T1003 | [MITRE ATT&CK] Phishing - T1566 | |
Ransomware Hack Tool Vulnerability Threat Guideline Cloud | APT 37 APT 29 LastPass | |
|
2022-08-19 11:10:55 | Russian APT29 hackers abuse Azure services to hack Microsoft 365 users (lien direct) | The state-backed Russian cyberespionage group Cozy Bear has been particularly prolific in 2022, targeting Microsoft 365 accounts in NATO countries and attempting to access foreign policy information. [...] | Hack | APT 29 | |
 |
2021-04-15 22:20:58 | US Gov sanctions Russia and expels 10 diplomats over SolarWinds hack (lien direct) | The U.S. and UK attributed with “high confidence” the recently disclosed supply chain attack on SolarWinds to Russia’s Foreign Intelligence Service (SVR). The U.S. and U.K. attributed with “high confidence” the supply chain attack on SolarWinds to operatives working for Russia’s Foreign Intelligence Service (SVR) (ska APT29, Cozy Bear, and The Dukes). The UK, US […] | Hack | APT 29 | |
 |
2019-10-17 10:45:00 | Cozy Bear Emerges from Hibernation to Hack EU Ministries (lien direct) | The cyber-espionage group, linked to Russia and blamed for hacking the Democratic National Committee in 2016, has been using covert communications and other techniques to escape detection for at least two years. | Hack | APT 29 | |
 |
2019-01-19 00:27:03 | DNC says Russia tried to hack its servers again in November 2018 (lien direct) | Democrats say the spear-phishing attack, which was attributed to Russian group Cozy Bear, was unsuccessful. | Hack | APT 29 |
1
We have: 9 articles.
We have: 9 articles.
To see everything:
Our RSS (filtrered)
