What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-11-10 17:52:00 | Des pirates russes Sandworm provoquent une panne de courant en Ukraine au milieu des frappes de missiles Russian Hackers Sandworm Cause Power Outage in Ukraine Amidst Missile Strikes (lien direct) |
Les pirates russes notoires connus sous le nom de Sandworm ont ciblé une sous-station électrique en Ukraine l'année dernière, provoquant une brève panne de courant en octobre 2022.
Les résultats proviennent du mandiant de Google \\, qui a décrit le hack comme une "cyberattaque multi-événements" en tirant parti d'une nouvelle technique pour avoir un impact sur les systèmes de contrôle industriel (CI).
"L'acteur a d'abord utilisé
The notorious Russian hackers known as Sandworm targeted an electrical substation in Ukraine last year, causing a brief power outage in October 2022. The findings come from Google\'s Mandiant, which described the hack as a "multi-event cyber attack" leveraging a novel technique for impacting industrial control systems (ICS). "The actor first used OT-level living-off-the-land (LotL) techniques to |
Hack Industrial | APT 28 | ★★★ |
 |
2023-11-09 15:00:00 | Le ver de sable perturbe le pouvoir en Ukraine en utilisant une nouvelle attaque contre la technologie opérationnelle Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology (lien direct) |
fin 2022, Mandiant a répondu à un incident de cyber-physique perturbateur dans lequel l'acteur de menace lié à la Russie a ciblé une organisation d'infrastructure critique ukrainienne.Cet incident était une cyberattaque multi-événements qui a exploité une nouvelle technique pour avoir un impact sur les systèmes de contrôle industriel (CI) / technologie opérationnelle (OT).L'acteur a d'abord utilisé le niveau OT vivant des techniques terrestres (LOTL) pour déclencher probablement les disjoncteurs de sous-station de la victime, provoquant une panne de courant imprévue qui coïncidait avec les frappes de missiles de masse sur les infrastructures critiques à travers l'Ukraine.Sandworm plus tard
In late 2022, Mandiant responded to a disruptive cyber physical incident in which the Russia-linked threat actor Sandworm targeted a Ukrainian critical infrastructure organization. This incident was a multi-event cyber attack that leveraged a novel technique for impacting industrial control systems (ICS) / operational technology (OT). The actor first used OT-level living off the land (LotL) techniques to likely trip the victim\'s substation circuit breakers, causing an unplanned power outage that coincided with mass missile strikes on critical infrastructure across Ukraine. Sandworm later |
Threat Industrial | APT 28 | ★★ |
 |
2021-07-20 15:00:00 | Anomali Cyber Watch: China Blamed for Microsoft Exchange Attacks, Israeli Cyber Surveillance Companies Help Oppressive Governments, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, APT, Espionage, Ransomware, Targeted Campaigns, DLL Side-Loading, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
UK and Allies Accuse China for a Pervasive Pattern of Hacking, Breaching Microsoft Exchange Servers
(published: July 19, 2021)
On July 19th, 2021, the US, the UK, and other global allies jointly accused China in a pattern of aggressive malicious cyber activity. First, they confirmed that Chinese state-backed actors (previously identified under the group name Hafnium) were responsible for gaining access to computer networks around the world via Microsoft Exchange servers. The attacks took place in early 2021, affecting over a quarter of a million servers worldwide. Additionally, APT31 (Judgement Panda) and APT40 (Kryptonite Panda) were attributed to Chinese Ministry of State Security (MSS), The US Department of Justice (DoJ) has indicted four APT40 members, and the Cybersecurity and Infrastructure Security Agency (CISA) shared indicators of compromise of the historic APT40 activity.
Analyst Comment: Network defense-in-depth and adherence to information security best practices can assist organizations in reducing the risk. Pay special attention to the patch and vulnerability management, protecting credentials, and continuing network hygiene and monitoring. When possible, enforce the principle of least privilege, use segmentation and strict access control measures for critical data. Organisations can use Anomali Match to perform real time forensic analysis for tracking such attacks.
MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 | [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Exploitation of Remote Services - T1210
Tags: Hafnium, Judgement Panda, APT31, TEMP.Jumper, APT40, Kryptonite Panda, Zirconium, Leviathan, TEMP.Periscope, Microsoft Exchange, CVE-2021-26857, CVE-2021-26855, CVE-2021-27065, CVE-2021-26858, Government, EU, UK, North America, China
NSO’s Spyware Sold to Authoritarian Regimes Used to Target Activists, Politicians and Journalists
(published: July 18, 2021)
Israeli surveillance company NSO Group supposedly sells spyware to vetted governments bodies to fight crime and terrorism. New research discovered NSO’s tools being used against non-criminal actors, pro-democracy activists and journalists investigating corruption, political opponents and government critics, diplomats, etc. In some cases, the timeline of this surveillance coincided with journalists' arrests and even murders. The main penetration tool used by NSO is malware Pegasus that targets both iPho |
Ransomware Malware Tool Vulnerability Threat Studies Guideline Industrial | APT 41 APT 40 APT 28 APT 31 |
1
We have: 3 articles.
We have: 3 articles.
To see everything:
Our RSS (filtrered)
