What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2019-03-12 16:27:00 | The Advanced Persistent Threat files: Lazarus Group (lien direct) |
Lazarus Group, the threat actors likely behind the Sony breach and WannaCry outbreak, are in the news again. Here's what you need to know about this North Korean organization, and what you should do to protect against such nation-state attacks.
Categories:
Criminals
Threat analysis
Tags: APTLazarusNorth Korea
(Read more...)
|
Threat Medical | Wannacry APT 38 | |
 |
2019-03-05 14:15:00 | Lazarus Research Highlights Threat from North Korea (lien direct) | A widespread attack against companies and government agencies have been linked to the North Korean Lazarus group, underscoring that the countries hackers are becoming more brazen. | Threat Medical | APT 38 | |
 |
2019-03-04 11:43:02 | Researchers granted server by gov officials link Sharpshooter attacks to North Korea (lien direct) | Analysis of the server revealed links to North Korea's Lazarus Group. | Medical | APT 38 | |
 |
2019-01-31 10:29:01 | (Déjà vu) FBI Maps and Further Disrupts North Korean Jonap Botnet. (lien direct) | The United States Department of Justice (DoJ) announced its effort to “map and further disrupt” a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade.Dubbed Joanap, the botnet is believed to be part of “Hidden Cobra”-an Advanced Persistent Threat (APT) actors’ group often known as […] | Threat Medical | APT 38 | |
 |
2019-01-31 00:03:04 | FBI Mapping \'Joanap Malware\' Victims to Disrupt the North Korean Botnet (lien direct) | The United States Department of Justice (DoJ) announced Wednesday its effort to "map and further disrupt" a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade.
Dubbed Joanap, the botnet is believed to be part of "Hidden Cobra"-an Advanced Persistent Threat (APT) actors' group often known as Lazarus Group and Guardians of
|
Threat Medical | APT 38 | |
 |
2018-12-12 11:26:05 | Op \'Sharpshooter\' Uses Lazarus Group Tactics, Techniques, and Procedures (lien direct) | A new advanced threat actor has emerged on the radar, targeting organizations in the defense and the critical infrastructure sectors with fileless malware and an exploitation tool that borrows code from a trojan associated with the Lazarus group [...] | Malware Tool Threat Medical | APT 38 | |
 |
2018-11-24 10:23:02 | North Korea-linked group Lazarus targets Latin American banks (lien direct) | According to security reearchers at Trend Micro, the North Korea-linked APT group Lazarus recently targeted banks in Latin America. The North Korea-linked APT group Lazarus recently targeted banks in Latin America, Trend Micro experts reported. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts […] | Malware Medical | APT 38 | |
|
2018-11-10 14:47:00 | (Déjà vu) Symantec shared details of North Korean Lazarus\'s FastCash Trojan used to hack banks (lien direct) | North Korea-linked Lazarus Group has been using FastCash Trojan to compromise AIX servers to empty tens of millions of dollars from ATMs. Security experts from Symantec have discovered a malware, tracked as FastCash Trojan, that was used by the Lazarus APT Group, in a string of attacks against ATMs. The ATP group has been using this malware […] | Malware Hack Medical | APT 38 | |
|
2018-11-08 17:45:00 | Symantec Uncovers North Korean Group\'s ATM Attack Malware (lien direct) | Lazarus Group has been using FastCash Trojan on obsolete AIX servers to empty tens of millions of dollars from ATMs. | Malware Medical | APT 38 | |
 |
2018-11-06 08:56:00 | Worst malware and threat actors of 2018 so far (lien direct) | What's the worst malware so far into 2018? The worst botnets and banking trojans, according to Webroot, were Emotet, Trickbot, and Zeus Panda. Crysis/Dharma, GandCrab, and SamSam were the worst among ransomware. The top three in cryptomining/cryptojacking were GhostMiner, Wanna Mine, and Coinhive.And included in the list of top 10 threat actors so far this year, we find Lazarus Group, Sofacy and MuddyWater coming in the top three spots, according to AlienVault. Lazarus Group took the top spot from Sofacy this year. The reported locations for the top 10 threat actors are North Korea, with two groups; Russia, with three groups; Iran, with two groups; China, with two groups; and India, with one. Microsoft Office was the most exploited application, but Adobe Flash, WebLogic, Microsoft Windows, Drupal and GPON routers were also listed in the top 10. | Malware Threat Medical | APT 38 | |
|
2018-10-04 06:55:00 | APT38 is behind financially motivated attacks carried out by North Korea (lien direct) | Security experts from FireEye published a report on the activity of financially motivated threat actors, tracked as APT38, linked to the North Korean government. The attacks aimed at financial institutions, FireEye estimates APT38 has stolen at least a hundred million dollars from banks worldwide. APT38 appears to be a North Korea-linked group separate from the […] | Threat Medical | APT 38 | |
|
2018-10-03 20:02:03 | Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide (lien direct) | A joint technical alert from the DHS, the FBI, and the Treasury warning about a new ATM cash-out scheme, dubbed “FASTCash,” used by Hidden Cobra APT. The US-CERT has released a joint technical alert from the DHS, the FBI, and the Treasury warning about a new ATM cash-out scheme, dubbed “FASTCash,” being used by the […] | Medical | APT 38 | |
|
2018-10-03 04:18:05 | Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash (lien direct) | The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra.
Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and has previously launched attacks against a number of media organizations,
|
Medical | APT 38 | |
 |
2018-09-07 17:29:00 | (Déjà vu) Industry Reactions to U.S. Charging North Korean Hacker: Feedback Friday (lien direct) | A North Korean national has been charged by U.S. authorities over his alleged involvement in the cyberattacks carried out by the notorious Lazarus Group. | Medical | APT 38 | |
|
2018-09-07 09:00:01 | Opsec Mistakes Allowed U.S. to Link North Korean Man to Hacks (lien direct) | A 34-year-old North Korean national has been charged by U.S. authorities over his alleged involvement in the cyberattacks carried out by the Lazarus Group. An affidavit filed by an FBI special agent reveals how investigators linked the man to the notorious threat actor. | Threat Medical | APT 38 | |
|
2018-09-06 21:43:04 | How US authorities tracked down the North Korean hacker behind WannaCry (lien direct) | US authorities put together four years worth of malware samples, domain names, email and social media accounts to track down one of the Lazarus Group hackers. | Malware Medical | Wannacry APT 38 | |
|
2018-09-06 18:04:01 | U.S. Charges North Korean Over Lazarus Group Hacks (lien direct) | The U.S. Department of Justice on Thursday announced charges against a North Korean national who is believed to be a member of the notorious Lazarus Group, to which governments and the cybersecurity industry have attributed several high profile attacks. | Medical | APT 38 | |
 |
2018-08-28 13:00:00 | AlienVault Product Roundup July / August 2018 (lien direct) |
It’s been a busy summer at AlienVault! Amid some major company announcements, we continue to evolve USM Anywhere and USM Central with new features and capabilities that help you to defend against the latest threats and to streamline your security operations. You can keep up with our regular product releases by reading the release notes in the AlienVault Product Forum. Here are a few of the highlights from our July and August 2018 releases:
New EDR capabilities with the new AlienVault Agent
On July 31, 2018, we publicly launched new endpoint detection and response (EDR) capabilities in USM Anywhere, extending the platform’s powerful threat detection and response capabilities to the endpoint. Read the blog post here. By deploying the AlienVault Agent - a lightweight and adaptable endpoint agent based on osquery - you can expand your security visibility to detect modern threats and monitor critical files (FIM) on your Windows and Linux endpoints, whether in the cloud, in your data center, or remote.
The new EDR capabilities were made available automatically and seamlessly to all USM Anywhere customers, without requiring any subscription upgrades, system updates, or the purchase of add-on products to access the capabilities.
AlienApp for ConnectWise
The AlienApp for ConnectWise is now included in the Standard and Premium editions of USM Anywhere. Service management teams that use ConnectWise Manage can leverage automated service ticket creation from USM Anywhere alarms and vulnerabilities as well as synchronization of asset information.
Slaying Defects and Optimizing the UX
In addition to these new capabilities and apps, in every update this summer, the team has rolled out enhancements to the user interface and / or has addressed multiple defects and inefficiencies. Make sure to read the product release notes for all the details.
USM Central Roundup and Look Ahead
Earlier this month, Skylar Talley, AlienVault Senior Product Manager for USM Central, wrote a blog post recapping the recent improvements to USM Central and outlining his vision for the product in the next few months. You can read the full post here. The highlights include:
Two-way alarm status and label synchronization
Orchestration rules management across USM Anywhere deployments
USM Central API availability (You can find the API documentation here.)
Threat Intelligence Highlights
USM Anywhere receives continuously updated rules and (new!) endpoint queries to detect not only the latest signatures but also higher-level attack tools, tactics, and procedures – all curated for you by the machine and human intelligence of the AlienVault Labs Security Research Team.
The AlienVault Labs Security Research team publishes a weekly threat intelligence newsletter, keeping you informed of the threats they are rese |
Threat Medical | APT 38 | |
|
2018-08-27 17:06:01 | A week in security (August 20 – 26) (lien direct) |
A roundup of the security news from August 20 – 26, including a look at insider threats, several breaches, and what tech giants Google and Facebook are doing about their privacy issues.
Categories:
Security world
Week in security
Tags: a week in securitybadgelifecobalt dickenscybersecuritycybersecurity awarenessdigital entropy of deathelectionsfacebookGooglegreen card scamprivacyproject insecurityransomwarerecapryuksearch browser extensionssuperdrugthe lazarus grouptwitchvulnerabilitiesweekly blog roundup
(Read more...)
|
Medical | APT 38 | |
|
2018-08-23 15:07:00 | Lazarus Group Builds its First MacOS Malware (lien direct) | This isn't the first time Lazarus Group has infiltrated a cryptocurrency exchange as the hacking team has found new ways to achieve financial gain. | Malware Medical | APT 38 | |
|
2018-08-10 16:15:03 | The analysis of the code reuse revealed many links between North Korea malware (lien direct) | Security researchers at Intezer and McAfee have conducted a joint investigation that allowed them to collect evidence that links malware families attributed to North Korean APT groups such as the notorious Lazarus Group and Group 123. The experts focused their analysis on the code reuse, past investigations revealed that some APT groups share portions of code […] | Malware Medical Cloud | APT 38 APT 37 | |
 |
2018-08-09 13:00:01 | Examining Code Reuse Reveals Undiscovered Links Among North Korea\'s Malware Families (lien direct) | 
This research is a joint effort by Jay Rosenberg, senior security researcher at Intezer, and Christiaan Beek, lead scientist and senior principal engineer at McAfee. Intezer has also posted this story. Attacks from the online groups Lazarus, Silent Chollima, Group 123, Hidden Cobra, DarkSeoul, Blockbuster, Operation Troy, and 10 Days of Rain are believed to …
|
Malware Guideline Medical Cloud | APT 38 APT 37 | |
|
2018-06-25 18:30:00 | Malware in South Korean Cyberattacks Linked to Bithumb Heist (lien direct) | Lazarus Group is likely behind a spearphishing campaign containing malicious code to download Manuscrypt malware. | Malware Medical | Bithumb Bithumb APT 38 | |
|
2018-06-25 17:31:04 | North Korean Hackers Exploit HWP Docs in Recent Cyber Heists (lien direct) | A series of malicious Hangul Word Processor (HWP) documents used in recent attacks on cryptocurrency exchanges have been attributed to the North Korea-linked Lazarus group, AlienVault reports. | Medical | APT 38 | |
|
2018-06-18 15:18:04 | DHS, FBI published a join alert including technical details of Hidden Cobra-linked \'Typeframe\' Malware (lien direct) | The US DHS and the FBI have published a new joint report that includes technical details of a piece of malware allegedly used by the Hidden Cobra APT. A new joint report published by US DHS and FBI made the headlines, past document details TTPs associated with North Korea-linked threat groups, tracked by the US government as […] | Medical | TYPEFRAME APT 38 | |
|
2018-06-12 11:14:05 | North Korean Hackers Abuse ActiveX in Recent Attacks (lien direct) | An ActiveX zero-day vulnerability discovered recently on the website of a South Korean think tank focused on national security has been abused by the North Korean-linked Lazarus group in attacks, AlienVault reports. | Medical | APT 38 | |
 |
2018-06-12 10:30:01 | Analysis Of Banco De Chile + Continued Cyber Attacks On Banks (lien direct) | As you may have heard, Banco de Chile is the latest victim in a string of cyber attacks targeting payment transfer systems and in a similar vein to the recent Mexico heist, hackers wreaked havoc on banking operations. Ofer Israeli, CEO at Illusive Networks, believes the Lazarus Group, one of the most notorious band of cybercriminals, is behind this, … The ISBuzz Post: This Post Analysis Of Banco De Chile + Continued Cyber Attacks On Banks | Medical | APT 38 | |
|
2018-05-31 10:11:03 | North Korea-Linked Group Stops Targeting U.S. (lien direct) | A threat actor linked to North Korea's Lazarus Group has stopped targeting organizations in the United States, but remains active in Europe and East Asia. | Medical | APT 38 | |
|
2018-05-30 18:30:05 | US-CERT issued an alert on two malware associated with North Korea-linked APT Hidden Cobra (lien direct) | The Department of Homeland Security (DHS) and the FBI issued a joint Technical alert on two strain on malware, the Joanap backdoor Trojan and Brambul Server Message Block worm, associated with the HIDDEN COBRA North Korea-linked APT group. The US-CERT alert reads: “Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators […] | Medical | APT 38 | |
|
2018-05-30 10:44:00 | U.S. Attributes Two More Malware Families to North Korea (lien direct) | The U.S. Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have issued another joint technical alert on the North Korea-linked threat group known as Hidden Cobra. | Medical | APT 38 | |
|
2018-05-30 07:42:05 | FBI issues alert over two new malware linked to Hidden Cobra hackers (lien direct) | The US-CERT has released a joint technical alert from the DHS and the FBI, warning about two newly identified malware being used by the prolific North Korean APT hacking group known as Hidden Cobra.
Hidden Cobra, often known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and known to launch attacks against media organizations, aerospace,
|
Medical | APT 38 | |
|
2018-04-30 12:25:04 | Thailand seizes server linked to North Korean attack gang (lien direct) | A server hidden in a Thai university and allegedly used as part of a North Korean hacking operation has been seized by ThaiCERT. Thailand’s infosec organisation announced last Wednesday that the box was operated by the Norks-linked Hidden Cobra APT group, and was part of the command-and-control rig for a campaign called GhostSecret. View full ... | Medical | APT 38 | ★★ |
|
2018-04-30 08:06:04 | Op GhostSecret – ThaiCERT seized a server used by North Korea Hidden Cobra APT group in the Sony Picture hack (lien direct) | The Thai authorities with the support of the ThaiCERT and security first McAfee have seized a server used by North Korean Hidden Cobra APT as part of the Op GhostSecret campaign. The Thai authorities with the support of the ThaiCERT have seized a server used by North Korean hackers in the attack against Sony Picture. […] | Medical | APT 38 | |
|
2018-04-25 04:01:02 | (Déjà vu) Analyzing Operation GhostSecret: Attack Seeks to Steal Data Worldwide (lien direct) | 
McAfee Advanced Threat Research analysts have uncovered a global data reconnaissance campaign assaulting a wide number of industries including critical infrastructure, entertainment, finance, health care, and telecommunications. This campaign, dubbed Operation GhostSecret, leverages multiple implants, tools, and malware variants associated with the state-sponsored cyber group Hidden Cobra. The infrastructure currently remains active. In this post, …
|
Medical | APT 38 | |
|
2018-04-25 04:01:02 | (Déjà vu) Global Malware Campaign Pilfers Data from Critical Infrastructure, Entertainment, Finance, Health Care, and Other Industries (lien direct) | 
McAfee Advanced Threat Research analysts have uncovered a global data reconnaissance campaign assaulting a wide number of industries including critical infrastructure, entertainment, finance, health care, and telecommunications. This campaign, dubbed Operation GhostSecret, leverages multiple implants, tools, and malware variants associated with the state-sponsored cyber group Hidden Cobra. The infrastructure currently remains active. (For an extensive …
|
Medical | APT 38 | |
|
2018-04-05 09:22:01 | North Korea-Linked Lazarus APT suspected for online Casino assault (lien direct) | The North Korea-linked APT group known as Lazarus made the headlines again for attacking an online casino in Central America and other targets. The activity of the Lazarus Group (aka Hidden Cobra) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. […] | Medical | APT 38 | |
|
2018-04-04 17:40:00 | North Korean Hackers Behind Online Casino Attack: Report (lien direct) | >The infamous North Korean hacking group known as Lazarus is responsible for attacking an online casino in Central America, along with various other targets, ESET says. The Lazarus Group has been active since at least 2009 and is said to be associated with a large number of major cyber-attacks, including the $81 million cyber heist from Bangladesh's account at the New York Federal Reserve Bank. Said to be the most serious threat against banks, the group has shown increased interest in | Medical | APT 38 | |
 |
2018-04-03 13:00:03 | Lazarus KillDisks Central American casino (lien direct) | >The Lazarus Group gained notoriety especially after cyber-sabotage against Sony Pictures Entertainment in 2014. Fast forward to late 2017 and the group continues to deploy its malicious tools, including disk-wiping malware known as KillDisk, to attack a number of targets. | Medical | APT 38 | |
 |
2018-03-29 22:25:24 | WannaCry after one year (lien direct) | In the news, Boeing (an aircraft maker) has been "targeted by a WannaCry virus attack". Phrased this way, it's implausible. There are no new attacks targeting people with WannaCry. There is either no WannaCry, or it's simply a continuation of the attack from a year ago.It's possible what happened is that an anti-virus product called a new virus "WannaCry". Virus families are often related, and sometimes a distant relative gets called the same thing. I know this watching the way various anti-virus products label my own software, which isn't a virus, but which virus writers often include with their own stuff. The Lazarus group, which is believed to be responsible for WannaCry, have whole virus families like this. Thus, just because an AV product claims you are infected with WannaCry doesn't mean it's the same thing that everyone else is calling WannaCry.Famously, WannaCry was the first virus/ransomware/worm that used the NSA ETERNALBLUE exploit. Other viruses have since added the exploit, and of course, hackers use it when attacking systems. It may be that a network intrusion detection system detected ETERNALBLUE, which people then assumed was due to WannaCry. It may actually have been an nPetya infection instead (nPetya was the second major virus/worm/ransomware to use the exploit).Or it could be the real WannaCry, but it's probably not a new "attack" that "targets" Boeing. Instead, it's likely a continuation from WannaCry's first appearance. WannaCry is a worm, which means it spreads automatically after it was launched, for years, without anybody in control. Infected machines still exist, unnoticed by their owners, attacking random machines on the Internet. If you plug in an unpatched computer onto the raw Internet, without the benefit of a firewall, it'll get infected within an hour.However, the Boeing manufacturing systems that were infected were not on the Internet, so what happened? The narrative from the news stories imply some nefarious hacker activity that "targeted" Boeing, but that's unlikely.We have now have over 15 years of experience with network worms getting into strange places disconnected and even "air gapped" from the Internet. The most common reason is laptops. Somebody takes their laptop to some place like an airport WiFi network, and gets infected. They put their laptop to sleep, then wake it again when they reach their destination, and plug it into the manufacturing network. At this point, the virus spreads and infects everything. This is especially the case with maintenance/support engineers, who often have specialized software they use to control manufacturing machines, for which they have a reason to connect to the local network even if it doesn't have useful access to the Internet. A single engineer may act as a sort of Typhoid Mary, going from customer to customer, infecting each in turn whenever they open their laptop.Another cause for infection is virtual machines. A common practice is to take "snapshots" of live machines and save them to backups. Should the virtual machine crash, instead of rebooting it, it's simply restored from the backed up running image. If that backup image is infected, then bringing it out of sleep will allow the worm to start spreading.Jake Williams claims he's seen three other manufacturing networks infected with WannaCry. Why does manufacturing seem more susceptible? The reason appears to be the "killswitch" that stops WannaCry from running elsewhere. The killswitch uses a DNS lookup, stopping itself if it can resolve a certain domain. Manufacturing networks are largely disconnected from the Internet enough that such DNS lookups don't work, so the domain can't be found, so the killswitch doesn't work. Thus, manufacturing systems are no more likely to get infected, but the lack of killswitch means the virus will conti | Medical | Wannacry APT 38 | |
|
2018-03-16 13:00:00 | Things I hearted this week 16th March 2018 (lien direct) |
Last weekend, my daughter and I finally got around to watching Wonder Woman. We quite enjoyed it. There was a part in which Chris Pine’s character said, “My father told me once, he said, "If you see something wrong happening in the world, you can either do nothing, or you can do something". And I already tried nothing."
So, I turned to my daughter and asked, "When you're older will you say awesome quotes and attribute them to your dad so I'll appear all knowing and wise?"
She replied, "Yeah, I'll say 'my father told me if you see something wrong you can either do nothing, or send memes'".
Not sure if that means I’ve succeeded as a Dad or failed miserably. Hopefully she’ll come across one of these posts in the future and realise there was more to me than just memes.
Operation Bayonet
This article gives a fascinating insight into how law enforcement infiltrated and took down a drug market.
As reports of these kinds of operations become available, Hollywood should really be looking to these for inspiration. Far better plots than most fiction!
Operation Bayonet: Inside the sting that hijacked an entire dark web drug market | Wired
How many devices are misconfigured… or not configured?
I saw this blog that Anton Chuvakin posted over at Gartner stating that there’s a lot of security technology which is deployed yet misconfigured, not configured optimally, set to default, or deployed broken in other ways.
Broadly speaking, I agree, in the race to get things done, assurance often takes a back seat. But there’s no obvious answer. Testing takes time and expertise. Unless it’s automated. But even then someone needs to look at the results and get things fixed. DevSecOps maybe?
How Much of Your Security Gear Is Misconfigured or Not Configured? | Gartner
Hacking encrypted phones
Encrypted phone company Ciphr claims it was hacked by a rival company. A preview into how vicious digital rivals can get. And regardless of who is to blame, the fact remains that the real victims here are the users.
Customer Data From Encrypted Phone Company Ciphr Has Been Dumped Online | Motherboard
Hidden Cobra on Turkish Banks
Bankshot implants are distributed from a domain with a name similar to that of the cryptocurrency-lending platform Falcon Coin, but the similarly named domain is not associated with the legitimate entity. The malicious domain falcancoin.io was created December 27, 2017, and was updated on February 19, only a few days before the implants began to appear. These implants are variations of earlier forms of Bankshot, a remote access tool that gives an attacker full capability on a victim’s system. This implant also contains functionality to wipe files and content from the targeted system to erase evidence or perform other destructive actions. Bankshot was first reported by the Department of Homeland Security on December 13, 2017, and has only recently resurfaced in newly compiled variants. The sample we analyzed is 99% similar to the documented Bankshot variants from 2017.
|
Medical | Equifax APT 38 | |
|
2018-03-10 06:53:00 | North Korean Hidden Cobra APT targets Turkish financial industry with new Bankshot malware (lien direct) | McAfee Advanced Threat Research team discovered that the Hidden Cobra APT group is targeting financial organizations in Turkey. North Korea-linked APT group Hidden Cobra (aka Lazarus Group) is targeting the Turkish financial system. Experts from McAfee observed the hackers using the Bankshot implant in targeted attacks against the financial organizations in Turkey. The attack resembles previous attacks conducted […] | Medical | APT 38 | |
|
2018-03-09 17:22:01 | New North Korea-linked Cyberattacks Target Financial Institutions (lien direct) | New North Korean Hidden Cobra / Lazarus Campaign Targets Financial Institutions in Turkey Hidden Cobra, also known as the Lazarus Group from North Korea, is now targeting the Turkish financial system with a new and 'aggressive' operation that resembles earlier attacks against the global SWIFT financial network. | Medical | APT 38 | |
|
2018-03-08 14:00:03 | Hidden Cobra Targets Turkish Financial Sector With New Bankshot Implant (lien direct) | 
This post was prepared with contributions from Asheer Malhotra, Charles Crawford, and Jessica Saavedra-Morales. On February 28, the McAfee Advanced Threat Research team discovered that the cybercrime group Hidden Cobra continues to target cryptocurrency and financial organizations. In this analysis, we observed the return of Hidden Cobra's Bankshot malware implant surfacing in the Turkish financial …
|
Medical | APT 38 | ★★★ |
 |
2018-02-13 18:45:01 | Hidden Cobra, un malveillant made un Corée du Nord (lien direct) | Le FBI et le DHS viennent de publier un document concernant Hidden Cobra. Un logiciel d’espionnage qui serait la création de pirates informatiques officiant pour la Corée du Nord. Le site Data Security Breach revient sur une alerte lancée par le Department of Homeland Security (DHS) et le Fédé... Cet article Hidden Cobra, un malveillant made un Corée du Nord est apparu en premier sur ZATAZ. | Medical | APT 38 | |
 |
2018-02-13 18:27:03 | Opération de la Corée du nord baptisée HIDDEN COBRA (lien direct) | HIDDEN COBRA, une attaque informatique signée par des pirates informatiques de la Corée du Nord selon les... Cet article Opération de la Corée du nord baptisée HIDDEN COBRA est diffusé par Data Security Breach. | Medical | APT 38 | |
|
2018-01-25 19:26:13 | A look into the cyber arsenal used by Lazarus APT hackers in recent attacks against financial institutions (lien direct) | >Security experts at Trend Micro have analyzed malware and a tool used by the Lazarus APT group in the recent attacks against financial institutions. Security experts at Trend Micro have analyzed the attacks conducted by the notorious Lazarus APT group against financial institutions. The activity of the Lazarus Group surged in 2014 and 2015, its […] | Medical | APT 38 | |
|
2018-01-25 15:01:52 | North Korea-linked Lazarus Hackers Update Arsenal of Hacking Tools (lien direct) | Recent cyberattacks associated with the North Korea-linked Lazarus group have used an evolved backdoor, along with a Remote Controller tool, Trend Micro reports. | Medical | APT 38 | |
|
2017-12-20 05:18:48 | Greedy North Korean Hackers Targeting Cryptocurrencies and Point-of-Sale Terminals (lien direct) | The North Korean hacking group has turned greedy.
Security researchers have uncovered a new widespread malware campaign targeting cryptocurrency users, believed to be originated from Lazarus Group, a state-sponsored hacking group linked to the North Korean government.
Active since 2009, Lazarus Group has been attributed to many high profile attacks, including Sony Pictures Hack, $81 million
|
Medical | APT 38 | |
|
2017-12-15 21:04:37 | Lazarus APT Group targets a London cryptocurrency company (lien direct) | >Security experts from Secureworks revealed the Lazarus APT group launched a spearphishing campaign against a London cryptocurrency company. The dreaded Lazarus APT group is back and launched a spearphishing campaign against a London cryptocurrency company to steal employee credentials. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks […] | Medical | APT 38 | |
|
2017-12-15 14:00:00 | Things I Hearted This Week 15th December 2017 (lien direct) |
Continuing the trend from last week, I’ll continue trying to put a positive spin on the week’s security news.
Why? I hear you ask. Well, I’ve been mulling over the whole optimist thing, and glass half full analogy and it does work wonders. Side note, a tweet about half full / empty glasses and infosec took on a life of its own a few days ago.
But I’m reminded of the ending monologue by Morgan Freeman in “The Shawshank Redemption”, in which he starts off by saying, “Get busy living or get busy dying.”
So the thought of the week is, “Get busy securing, or get busy insecuring.” Hmm doesn’t quite have the same ring to it. Will have to think of a better word – but you catch my drift. Let’s jump into this week’s interesting security bits
Mirai Mirai on the wall
I picture Brian Krebs as being a Liam Neeson type – he sees that his website is under attack by a never-before seen DDoS attack. He mutters to himself, “I don’t know who you are, but I will hunt you, I will find you, and I will blog about it until you get arrested, prosecuted, and thrown in jail.”
It so happens that this week the hackers behind the Mirai botnet and a series of DDoS attacks pled guilty.
The Hackers Behind Some of the Biggest DDoS Attacks in History Plead Guilty | Motherboard
Mirai IoT Botnet Co-Authors Plead Guilty | KrebsonSecurity
Botnet Creators Who Took Down the Internet Plead Guilty | Gizmondo
Bug Laundering Bounties
Apparently, HBO negotiated with hackers. Paying them $250,000 under the guise of a bug bounty as opposed to a ransom.
Maybe in time, it will be found that HBO acted above board, maybe it was a sting operation, maybe it was a misconstrued email.
The worrying fact is that any payment exchange system can be used to launder money. However, bug bounty providers don’t (as far as I can tell) have financial services obligations. Does the bug bounty industry need more regulation (shudder)?
Leaked email shows HBO negotiating with hackers | Calgary Herald
Remember the 'Game of Thrones' leak? An Iranian hacker was charged with stealing HBO scripts to raise bitcoin | USA Today
Uber used bug bounty program to launder blackmail payment to hacker | ars Technica
Inside a low budget consumer hardware espionage implant
I’m not much of a hardware expert – actually, I’m not much of a hardware novice either. But this writeup by Mich is awesome. I didn’t even know there were so many ways to sniff, intercept and basically mess around with stuff at such small scale. It’s extremely detailed and I’ve permanently bookmarked it for future reference.
|
Guideline Medical Cloud | Uber APT 38 APT 37 |
To see everything:
Our RSS (filtrered)
