This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T03:01:49+00:00 www.secnews.physaphae.fr IndustrialCyber - cyber risk firms for industrial The French foreign ministry has attributed a series of cyberattacks on national interests to APT28, a group linked... ]]> 2025-05-01T07:20:07+00:00 https://industrialcyber.co/critical-infrastructure/french-foreign-ministry-blames-russian-gru-linked-apt28-for-cyberattacks-on-national-entities-urges-global-action/ www.secnews.physaphae.fr/article.php?IdArticle=8670091 False None APT 28 2.0000000000000000 HackRead - Chercher Cyber France accuses Russia’s APT28 hacking group (Fancy Bear) of targeting French government entities in a cyber espionage campaign.…]]> 2025-04-30T17:13:50+00:00 https://hackread.com/tv5monde-govt-france-russia-apt28-cyberattacks/ www.secnews.physaphae.fr/article.php?IdArticle=8670013 False None APT 28 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The French government has criticized Russia\'s APT28 group for attacking 12 entities in a long-running espionage campaign]]> 2025-04-30T08:45:00+00:00 https://www.infosecurity-magazine.com/news/france-russia-apt28-cyberespionage/ www.secnews.physaphae.fr/article.php?IdArticle=8669856 False None APT 28 4.0000000000000000 Silicon - Site de News Francais 2025-04-30T00:00:00+00:00 https://www.silicon.fr/Thematique/cybersecurite-1371/Breves/apt28-france-attribue-russie-473545.htm#utm_source=IndexThematique&utm_medium=Rss&utm_campaign= www.secnews.physaphae.fr/article.php?IdArticle=8669905 False None APT 28 4.0000000000000000 Recorded Future - FLux Recorded Future In a rare public attribution, the French foreign ministry said on Tuesday it “condemns in the strongest possible terms” the actions of the GRU-linked threat actor known as APT28 for attacks against local entities.]]> 2025-04-29T16:52:25+00:00 https://therecord.media/france-blames-russian-military-intelligence-for-hacks-against-local-orgs www.secnews.physaphae.fr/article.php?IdArticle=8669551 False Threat APT 28 4.0000000000000000 ProofPoint - Cyber Firms 2025-04-17T10:31:17+00:00 https://www.proofpoint.com/us/blog/threat-insight/around-world-90-days-state-sponsored-actors-try-clickfix www.secnews.physaphae.fr/article.php?IdArticle=8664262 False Malware,Tool,Vulnerability,Threat,Prediction,Cloud APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin\'s efforts to gather economic and political intelligence in Central Asia. The campaign has been assessed to be the work of an intrusion set dubbed UAC-0063, which likely shares overlap with APT28, a nation-state group affiliated with Russia\'s General Staff Main]]> 2025-01-14T14:40:00+00:00 https://thehackernews.com/2025/01/russian-linked-hackers-target.html www.secnews.physaphae.fr/article.php?IdArticle=8637076 False Malware,Threat APT 28 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber The malware-laced files include draft versions of diplomatic statements, correspondence letters, internal administrative notes and other documents.

---

>The malware-laced files include draft versions of diplomatic statements, correspondence letters, internal administrative notes and other documents. ]]> 2025-01-13T21:41:42+00:00 https://cyberscoop.com/fancy-bear-kazakhstan-russia-sekoia/ www.secnews.physaphae.fr/article.php?IdArticle=8636876 False None APT 28 3.0000000000000000 Sekoia - Cyber Firms This report was originally published for our customers on 12 December 2024. Introduction On Wednesday, 27 November 2024, Russian President Putin was on a 2-day state visit in Kazakhstan to discuss with local representatives the implementation of energy projects and to counter Chinese and Western influence. Putin said he was visiting his “true ally”, yet […] La publication suivante Double-Tap Campaign : Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations est un article de Sekoia.io Blog.

---

>This report was originally published for our customers on 12 December 2024. Introduction On Wednesday, 27 November 2024, Russian President Putin was on a 2-day state visit in Kazakhstan to discuss with local representatives the implementation of energy projects and to counter Chinese and Western influence. Putin said he was visiting his “true ally”, yet […] La publication suivante Double-Tap Campaign : Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations est un article de Sekoia.io Blog.]]> 2025-01-13T08:25:11+00:00 https://blog.sekoia.io/double-tap-campaign-russia-nexus-apt-possibly-related-to-apt28-conducts-cyber-espionage-on-central-asia-and-kazakhstan-diplomatic-relations/ www.secnews.physaphae.fr/article.php?IdArticle=8636627 False None APT 28 3.0000000000000000 Dark Reading - Informationweek Branch In a "new class of attack," the Russian APT breached a target in Washington, DC, by credential-stuffing wireless networks in close proximity to it and daisy-chaining a vector together in a resourceful and creative way, according to researchers.]]> 2024-11-25T18:18:12+00:00 https://www.darkreading.com/cyberattacks-data-breaches/fancy-bear-nearest-neighbor-attack-wi-fi www.secnews.physaphae.fr/article.php?IdArticle=8617716 False None APT 28 2.0000000000000000 TroyHunt - Blog Security “Nearest Neighbor Attack” finally lets Russia\'s Fancy Bear into target\'s Wi-Fi network.]]> 2024-11-23T02:03:27+00:00 https://arstechnica.com/security/2024/11/spies-hack-wi-fi-networks-in-far-off-land-to-launch-attack-on-target-next-door/ www.secnews.physaphae.fr/article.php?IdArticle=8616357 False Hack APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe. Recorded Future\'s Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063, which, in turn, overlaps with APT28. The]]> 2024-11-22T17:36:00+00:00 https://thehackernews.com/2024/11/russian-hackers-deploy-hatvibe-and.html www.secnews.physaphae.fr/article.php?IdArticle=8615986 False Malware,Threat APT 28 2.0000000000000000 Bleeping Computer - Magazine Américain Russian state hackers APT28 (Fancy Bear/Forest Blizzard/Sofacy) breached a U.S. company through its enterprise WiFi network while being thousands of miles away, by leveraging a novel technique called "nearest neighbor attack." [...]]]> 2024-11-22T14:33:54+00:00 https://www.bleepingcomputer.com/news/security/hackers-breach-us-firm-over-wi-fi-from-russia-in-nearest-neighbor-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8616182 False None APT 28 4.0000000000000000 Wired Threat Level - Security News In a first, Russia\'s APT28 hacking group appears to have remotely breached the Wi-Fi of an espionage target by hijacking a laptop in another building across the street.]]> 2024-11-22T12:03:48+00:00 https://www.wired.com/story/russia-gru-apt28-wifi-daisy-chain-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8615983 False Hack APT 28 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-04T12:25:16+00:00 https://community.riskiq.com/article/d6da7f0d www.secnews.physaphae.fr/article.php?IdArticle=8605948 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Medical,Cloud,Technical APT 41,APT 28,APT 31,Guam 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC 2024-11-01T19:39:00+00:00 https://cybersecurity.att.com/blogs/labs-research/ngioweb-remains-active-7-years-later www.secnews.physaphae.fr/article.php?IdArticle=8604836 False Malware,Vulnerability,Threat,Mobile,Technical APT 28 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-28T12:22:25+00:00 https://community.riskiq.com/article/524cfa51 www.secnews.physaphae.fr/article.php?IdArticle=8602832 False Ransomware,Tool,Vulnerability,Threat APT 28 4.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-23T16:34:48+00:00 https://community.riskiq.com/article/7c0b1160 www.secnews.physaphae.fr/article.php?IdArticle=8601330 False Vulnerability,Threat APT 28 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Like many countries across the globe, Mexico faces a cyber threat landscape made up of a complex interplay of global and local threats, with threat actors carrying out attempted intrusions into critical sectors of Mexican society. Mexico also faces threats posed by the worldwide increase in multifaceted extortion, as ransomware and data theft continue to rise. Threat actors with an array of motivations continue to seek opportunities to exploit the digital infrastructure that Mexicans rely on across all aspects of society. This joint blog brings together our collective understanding of the cyber threat landscape impacting Mexico, combining insights from Google\'s Threat Analysis Group (TAG) and Mandiant\'s frontline intelligence. By sharing our global perspective, especially during today\'s Google for Mexico event, we hope to enable greater resiliency in mitigating these threats. Cyber Espionage Operations Targeting Mexico As the 12th largest economy in the world, Mexico draws attention from cyber espionage actors from multiple nations, with targeting patterns mirroring broader priorities and focus areas that we see elsewhere. Since 2020, cyber espionage groups from more than 10 countries have targeted users in Mexico; however, more than 77% of government-backed phishing activity is concentrated among groups from the People\'s Republic of China (PRC), North Korea, and Russia. Figure 1: Government-backed phishing activity targeting Mexico, January 2020 – August 2024 The examples here highlight recent and historical examples where cyber espionage actors have targeted users and organizations in Mexico. It should be noted that these campaigns describe targeting and do not indicate successful compromise or exploitation. PRC Cyber Espionage Activity Targeting Mexico Since 2020, we have observed activity from seven cyber espionage groups with links to the PRC targeting users in Mexico, accounting for a third of government-backed phishing activity in the country. This volume of PRC cyber espionage is similar to activity in other regions where Chinese government investment has been focused, such as countries within China\'s Belt and Road Initiative. In addition to activity targeting Gmail users, PRC-backed groups have targeted Mexican government agencies, higher ]]> 2024-09-10T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-targeting-mexico/ www.secnews.physaphae.fr/article.php?IdArticle=8574054 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Cloud,Commercial APT 28 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-12T10:35:06+00:00 https://community.riskiq.com/article/e60227f4 www.secnews.physaphae.fr/article.php?IdArticle=8556324 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Mobile,Industrial,Cloud APT 28 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-05T21:26:54+00:00 https://community.riskiq.com/article/00383b84 www.secnews.physaphae.fr/article.php?IdArticle=8552380 False Malware,Tool,Vulnerability,Threat APT 28 4.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2024-08-05T15:01:41+00:00 https://www.globalsecuritymag.fr/cybercriminalite-fighting-ursa-utilise-une-annonce-de-vente-de-voiture-comme.html www.secnews.physaphae.fr/article.php?IdArticle=8552154 False Malware,Threat APT 28 3.0000000000000000 Dark Reading - Informationweek Branch The scheme, from the group also known as APT28, involves targeting Eastern European diplomats in need of personal transportation, tempting them with a purported good deal on a Audi Q7 Quattro SUV.]]> 2024-08-05T11:38:04+00:00 https://www.darkreading.com/threat-intelligence/russia-fighting-ursa-apt-car-ads-headlace-malware www.secnews.physaphae.fr/article.php?IdArticle=8552054 False Malware APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. "The campaign likely targeted diplomats and began as early as March 2024," Palo Alto Networks Unit 42 said in a report published today, attributing it with medium to high level of confidence to APT28, which is also referred to as]]> 2024-08-02T21:46:00+00:00 https://thehackernews.com/2024/08/apt28-targets-diplomats-with-headlace.html www.secnews.physaphae.fr/article.php?IdArticle=8549910 False Malware,Threat APT 28 4.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-29T10:58:35+00:00 https://community.riskiq.com/article/72f3426d www.secnews.physaphae.fr/article.php?IdArticle=8546560 False Ransomware,Data Breach,Spam,Malware,Tool,Vulnerability,Threat,Legislation,Mobile,Industrial,Medical APT 28,APT 36 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial L'Ukraine Computer Emergency Response Team (CERT-UA) a révélé des informations sur une cyberattaque réalisée par le groupe UAC-0063, qui ...

---

>The Ukraine Computer Emergency Response Team (CERT-UA) disclosed information about a cyberattack conducted by the UAC-0063 group, which... ]]> 2024-07-24T08:35:32+00:00 https://industrialcyber.co/ransomware/ukraine-cert-ua-reveals-cyberattack-by-uac-0063-group-on-scientific-institution-linked-to-russian-apt28/ www.secnews.physaphae.fr/article.php?IdArticle=8543283 False None APT 28 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-23T20:53:33+00:00 https://community.riskiq.com/article/078e5560 www.secnews.physaphae.fr/article.php?IdArticle=8542990 True Malware,Vulnerability,Threat APT 28 3.0000000000000000 Mandiant - Blog Sécu de Mandiant   As North Atlantic Treaty Organization (NATO) members and partners gather for a historic summit, it is important to take stock of one of its most pressing challenges-the cyber threat. The Alliance faces a barrage of malicious cyber activity from all over the globe, carried out by emboldened state-sponsored actors, hacktivists, and criminals who are willing to cross lines and carry out activity that was previously considered unlikely or inconceivable. In addition to military targets, NATO must consider the risks that hybrid threats like malicious cyber activity pose to hospitals, civil society, and other targets, which could impact resilience in a contingency. The war in Ukraine is undoubtedly linked to escalating cyber threat activity, but many of these threats will continue to grow separately and in parallel.  NATO must contend with covert, aggressive malicious cyber actors that are seeking to gather intelligence, preparing to or currently attacking critical infrastructure, and working to undermine the Alliance with elaborate disinformation schemes. In order to protect its customers and clients, Google is closely tracking cyber threats, including those highlighted in this report; however, this is just a glimpse at a much larger and evolving landscape. Cyber Espionage NATO\'s adversaries have long sought to leverage cyber espionage to develop insight into the political, diplomatic, and military disposition of the Alliance and to steal its defense technologies and economic secrets. However, intelligence on the Alliance in the coming months will be of heightened importance. This year\'s summit is a transition period, with the appointment of Mark Rutte as the new Secretary General and a number of adaptations expected to be rolled out to shore up the Alliance\'s defense posture and its long-term support for Ukraine. Successful cyber espionage from threat actors could potentially undermine the Alliance\'s strategic advantage and inform adversary leadership on how to anticipate and counteract NATO\'s initiatives and investments. NATO is targeted by cyber espionage activity from actors around the world with varying capabilities. Many still rely on technically simple but operationally effective methods, like social engineering. Others have evolved and elevated their tradecraft to levels that distinguish themselves as formidable adversaries for even the most experienced defenders. APT29 (ICECAP) Publicly attributed to the Russian Foreign Intelligence Services (SVR) by several governments, APT29 is heavily focused on diplomatic and political intelligence collection, principally targeting Europe and NATO member states. APT29 has been involved in multiple high-profile breaches of technology firms that were designed to provide access to the public sector. In the past year, Mandiant has observed APT29 targeting technology companies and IT service providers in NATO member countries to facilitate third-party and software supply chain compromises of government and poli]]> 2024-07-08T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-facing-nato/ www.secnews.physaphae.fr/article.php?IdArticle=8532698 False Ransomware,Malware,Tool,Vulnerability,Threat,Legislation,Medical,Cloud,Technical APT 29,APT 28 3.0000000000000000 Mandiant - Blog Sécu de Mandiant   Individuals and organizations in Brazil face a unique cyber threat landscape because it is a complex interplay of global and local threats, posing significant risks to individuals, organizations, and critical sectors of Brazilian society. Many of the cyber espionage threat actors that are prolific in campaigns across the globe are also active in carrying out attempted intrusions into critical sectors of Brazilian society. Brazil also faces threats posed by the worldwide increase in multifaceted extortion, as ransomware and data theft continue to rise. At the same time, the threat landscape in Brazil is shaped by a domestic cybercriminal market, where threat actors coordinate to carry out account takeovers, conduct carding and fraud, deploy banking malware and facilitate other cyber threats targeting Brazilians. The rise of the Global South, with Brazil at the forefront, marks a significant shift in the geopolitical landscape; one that extends into the cyber realm. As Brazil\'s influence grows, so does its digital footprint, making it an increasingly attractive target for cyber threats originating from both global and domestic actors. This blog post brings together Google\'s collective understanding of the Brazilian threat landscape, combining insights from Google\'s Threat Analysis Group (TAG) and Mandiant\'s frontline intelligence. As Brazil\'s economic and geopolitical role in global affairs continues to rise, threat actors from an array of motivations will further seek opportunities to exploit the digital infrastructure that Brazilians rely upon across all aspects of society. By sharing our global perspective, we hope to enable greater resiliency in mitigating these threats. Google uses the results of our research to improve the safety and security of our products, making them secure by default. Chrome OS has built-in and proactive security to protect from ransomware, and there have been no reported ransomware attacks ever on any business, education, or consumer Chrome OS device. Google security teams continuously monitor for new threat activity, and all identified websites and domains are added to Safe Browsing to protect users from further exploitation. We deploy and constantly update Android detections to protect users\' devices and prevent malicious actors from publishing malware to the Google Play Store. We send targeted Gmail and Workspace users government-backed attacker alerts, notifying them of the activity and encouraging potential targets to enable Enhanced Safe Browsing for Chrome and ensure that all devices are updated.   Cyber Espionage Operations Targeting Brazil Brazil\'s status as a globally influential power and the largest economy in South America have drawn attention from c]]> 2024-06-12T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-targeting-brazil/ www.secnews.physaphae.fr/article.php?IdArticle=8516847 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Mobile,Medical,Cloud,Technical APT 28 2.0000000000000000 LogPoint - Blog Secu En bref : Le groupe de cyberespionnage Forest Blizzard est attribué au GRU (l\'agence de renseignement militaire russe).Forest Blizzard est également connu sous ses nombreux pseudonymes : APT 28, Fancy Bear, Pawn Storm, Sednit Gang, Sofacy Group, BlueDelta et STRONTIUM.Forest Blizzard est connu pour faire évoluer constamment ses tactiques, développer des outils personnalisés (comme GooseEgg) et [...]

---

>En bref : Le groupe de cyberespionnage Forest Blizzard est attribué au GRU (l\'agence de renseignement militaire russe).Forest Blizzard est également connu sous ses nombreux pseudonymes : APT 28, Fancy Bear, Pawn Storm, Sednit Gang, Sofacy Group, BlueDelta et STRONTIUM.Forest Blizzard est connu pour faire évoluer constamment ses tactiques, développer des outils personnalisés (comme GooseEgg) et [...] ]]> 2024-06-03T08:02:06+00:00 https://www.logpoint.com/fr/blog/apt28-decouverte-nouvel-arsenal-de-forest-blizzard/ www.secnews.physaphae.fr/article.php?IdArticle=8514116 False Tool APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russian GRU-backed threat actor APT28 has been attributed as behind a series of campaigns targeting networks across Europe with the HeadLace malware and credential-harvesting web pages. APT28, also known by the names BlueDelta, Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy, and TA422, is an advanced persistent threat (APT) group affiliated with]]> 2024-05-31T15:40:00+00:00 https://thehackernews.com/2024/05/russian-hackers-target-europe-with.html www.secnews.physaphae.fr/article.php?IdArticle=8510552 False Malware,Threat APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked nation-state actor called APT28. "The campaign sent emails with content intended to arouse the recipient\'s interest and persuade him to click on the link," the computer emergency response team, CERT Polska, said in a Wednesday bulletin. Clicking on the link]]> 2024-05-09T20:50:00+00:00 https://thehackernews.com/2024/05/kremlin-backed-apt28-targets-polish.html www.secnews.physaphae.fr/article.php?IdArticle=8496647 False Malware APT 28 3.0000000000000000 Global Security Mag - Site de news francais rapports spéciaux / / affiche

---

Ermittlungen haben ergeben, dass die russische Hackergruppe APT28 (Advanced Persistent Threat) auch Fancy Bear, Forest Blizzard oder Pawn Storm genannt, hinter den Cyberangriffen auf E-Mail-Konten der SPD im Januar 2023 steckt. - Sonderberichte / affiche]]> 2024-05-08T12:53:05+00:00 https://www.globalsecuritymag.fr/wenn-cyberangriffe-die-demokratie-bedrohen.html www.secnews.physaphae.fr/article.php?IdArticle=8495923 False None APT 28 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes en cyberLes meilleures attaques et violations dans une déclaration conjointe avec l'Allemagne et l'OTAN, la République tchèque a découvert une campagne de cyber-espionnage par l'acteur affilié à l'État russe APT28.Ces cyberattaques ont ciblé les institutions tchèques utilisant une nouvelle vulnérabilité dans Microsoft [& # 8230;]

---

>For the latest discoveries in cyber research for the week of 29th April, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES In a joint statement with Germany and NATO, the Czech Republic uncovered a cyber espionage campaign by Russian state affiliated actor APT28. These cyber-attacks targeted Czech institutions using a new vulnerability in Microsoft […] ]]> 2024-05-06T11:21:36+00:00 https://research.checkpoint.com/2024/6th-may-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8494575 False Vulnerability,Threat APT 28 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial La Tchéche conjointement avec l'Allemagne, la Lituanie, la Pologne, la Slovaquie, la Suède, l'Union européenne, l'OTAN et les partenaires internationaux condamnent le ...

---

>The Czechia jointly with Germany, Lithuania, Poland, Slovakia, Sweden, the European Union, NATO, and international partners condemns the... ]]> 2024-05-06T11:07:37+00:00 https://industrialcyber.co/critical-infrastructure/russian-apt28-hackers-exploit-outlook-flaw-to-target-czech-german-polish-organizations/ www.secnews.physaphae.fr/article.php?IdArticle=8494573 False Threat APT 28 4.0000000000000000 Zataz - Magazine Francais de secu 2024-05-05T13:18:36+00:00 https://www.zataz.com/le-retour-des-cyber-ours-russes-dans-les-affaires-politiques-mondiales/ www.secnews.physaphae.fr/article.php?IdArticle=8494072 False None APT 28 2.0000000000000000 Techworm - News hackers russes ne ralentissent pas dans les cyberattaques. L'attaque présumée s'est produite contre le Parti social-démocrate (SPD).Leurs comptes de messagerie ont été compromis dans l'attaque. Cette saga de piratage a commencé il y a plus de deux ans pendant la guerre russe-Ukraine et elle a progressivement augmenté au cours du temps. comment il a commencé Un groupe appelé APT28, également connu sous le nom de Fancy Bear, qui aurait des liens avec le gouvernement russe, a été accusé d'avoir fait de nombreuses cyberattaques partout dans le monde, y compris en Allemagne et quelques entités tchèques. Ils ont trouvé un Vulnérabilité Dans Microsoft Outlook et l'utiliser pour entrer dans les e-mails SPD. La vulnérabilité, un CVE-2023-23397 zéro-jour, est un bogue d'escalade de privilège essentiel dans Outlook qui pourrait permettre aux attaquants d'accéder aux hachages net-ntlmv2, puis de les utiliser pour s'authentifier à l'aide d'une attaque de relais. Le gouvernement allemand dit que non seulement le SPD mais aussi les entreprises allemandes en défense et en aérospatiale. Il comprenait également des objectifs de technologie de l'information, ainsi que des choses liées à la guerre en Ukraine. Ces cyberattaques ont commencé vers mars 2022, après que la Russie ait envahi l'Ukraine. Le gouvernement allemand a allégué que le service de renseignement militaire de la Russie, Gru, était derrière ces attaques. Ils ont même convoqué un diplomate russe en réponse à ces accusations. La Russie a nié les allégations La Russie a nié les allégations et appelé les accusations comme & # 8220; non fondée et sans fondement & # 8221;. Le gouvernement dirigé par Poutine a nié des cyber-incidences similaires aux actes parrainés par l'État dans le passé. L'Occident a été rigide dans son récit de l'implication de la Russie dans les cyberattaques depuis des décennies maintenant. pas le premier rodéo Récemment, le ministre australien des Affaires étrangères a rejoint d'autres pays en disant que l'APT28, qui serait lié à la Russie, était derrière certaines cyberattaques. Ce n'est pas la première fois que les pirates russes sont accusés d'espionnage de l'Allemagne. En 2020, Angela Merkel, qui était la chancelière de l'Allemagne à l'époque, a accusé la Russie de l'espionner. Un incident majeur imputé aux pirates russes a été en 2015 lorsqu'ils ont attaqué le Parlement de l'Allemagne, ce qui l'a fait fermer pendant des jours. ]]> 2024-05-04T21:52:07+00:00 https://www.techworm.net/2024/05/russian-cyberattack-germany-czechoslovakia.html www.secnews.physaphae.fr/article.php?IdArticle=8493664 False Hack,Vulnerability,Threat APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S. The Czech Republic\'s Ministry of Foreign Affairs (MFA), in a statement, said some unnamed]]> 2024-05-04T14:08:00+00:00 https://thehackernews.com/2024/05/microsoft-outlook-flaw-exploited-by.html www.secnews.physaphae.fr/article.php?IdArticle=8493491 False Hack APT 28 3.0000000000000000 Bleeping Computer - Magazine Américain ​NATO and the European Union, with international partners, formally condemned a long-term cyber espionage campaign against European countries conducted by the Russian threat group APT28. [...]]]> 2024-05-03T11:47:35+00:00 https://www.bleepingcomputer.com/news/security/nato-and-eu-condemn-russias-cyberattacks-against-germany-czechia/ www.secnews.physaphae.fr/article.php?IdArticle=8493049 False Threat APT 28 3.0000000000000000 TrendLabs Security - Editeur Antivirus This blog entry aims to highlight the dangers of internet-facing routers and elaborate on Pawn Storm\'s exploitation of EdgeRouters, complementing the FBI\'s advisory from February 27, 2024.]]> 2024-05-01T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/e/router-roulette.html www.secnews.physaphae.fr/article.php?IdArticle=8491686 False None APT 28 3.0000000000000000 Mandiant - Blog Sécu de Mandiant   Executive Summary The election cybersecurity landscape globally is characterized by a diversity of targets, tactics, and threats. Elections attract threat activity from a variety of threat actors including: state-sponsored actors, cyber criminals, hacktivists, insiders, and information operations as-a-service entities. Mandiant assesses with high confidence that state-sponsored actors pose the most serious cybersecurity risk to elections. Operations targeting election-related infrastructure can combine cyber intrusion activity, disruptive and destructive capabilities, and information operations, which include elements of public-facing advertisement and amplification of threat activity claims. Successful targeting does not automatically translate to high impact. Many threat actors have struggled to influence or achieve significant effects, despite their best efforts.  When we look across the globe we find that the attack surface of an election involves a wide variety of entities beyond voting machines and voter registries. In fact, our observations of past cycles indicate that cyber operations target the major players involved in campaigning, political parties, news and social media more frequently than actual election infrastructure.   Securing elections requires a comprehensive understanding of many types of threats and tactics, from distributed denial of service (DDoS) to data theft to deepfakes, that are likely to impact elections in 2024. It is vital to understand the variety of relevant threat vectors and how they relate, and to ensure mitigation strategies are in place to address the full scope of potential activity.  Election organizations should consider steps to harden infrastructure against common attacks, and utilize account security tools such as Google\'s Advanced Protection Program to protect high-risk accounts. Introduction  The 2024 global election cybersecurity landscape is characterized by a diversity of targets, tactics, and threats. An expansive ecosystem of systems, administrators, campaign infrastructure, and public communications venues must be secured against a diverse array of operators and methods. Any election cybersecurity strategy should begin with a survey of the threat landscape to build a more proactive and tailored security posture.  The cybersecurity community must keep pace as more than two billion voters are expected to head to the polls in 2024. With elections in more than an estimated 50 countries, there is an opportunity to dynamically track how threats to democracy evolve. Understanding how threats are targeting one country will enable us to better anticipate and prepare for upcoming elections globally. At the same time, we must also appreciate the unique context of different countries. Election threats to South Africa, India, and the United States will inevitably differ in some regard. In either case, there is an opportunity for us to prepare with the advantage of intelligence.  ]]> 2024-04-25T10:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-global-elections/ www.secnews.physaphae.fr/article.php?IdArticle=8500393 False Ransomware,Malware,Hack,Tool,Vulnerability,Threat,Legislation,Cloud,Technical APT 40,APT 29,APT 28,APT 43,APT 31,APT 42 3.0000000000000000 HackRead - Chercher Cyber Par waqas Mettez à jour les fenêtres maintenant ou soyez piraté: Microsoft met en garde contre la vulnérabilité activement exploitée! Ceci est un article de HackRead.com Lire le post original: Russian APT28 Exploitation de Windows Vulnérabilité avec l'outil Gooseegg

---

>By Waqas Update Windows Now or Get Hacked: Microsoft Warns of Actively Exploited Vulnerability! This is a post from HackRead.com Read the original post: Russian APT28 Exploiting Windows Vulnerability with GooseEgg Tool]]> 2024-04-24T11:54:21+00:00 https://www.hackread.com/russia-apt28-windows-vulnerability-gooseegg-tool/ www.secnews.physaphae.fr/article.php?IdArticle=8487950 False Tool,Vulnerability APT 28 3.0000000000000000 Techworm - News son avis . Microsoft a observé APT28 en utilisant GooseEgg dans le cadre des activités post-compromis contre diverses cibles, y compris les organisations gouvernementales, non gouvernementales, de l'éducation et des transports en Ukraine, en Europe occidentale et en Amérique du Nord. Bien que Gooseegg soit une application de lanceur simple, il peut engendrer d'autres applications sur la ligne de commande avec des autorisations élevées. Cela permet aux acteurs de menace de prendre en charge les activités malveillantes telles que l'exécution du code distant, l'installation d'une porte dérobée et le déplacement latéralement à travers des réseaux compromis. Les gouvernements américains et britanniques ont lié Forest Blizzard à l'unité 26165 de la Fédération de Russie \'s Military Intelligence Agency, la principale Direction du renseignement de l'état-major général des Forces armées de la Fédération de Russie (GRU). «Microsoft a observé qu'après avoir obtenu l'accès à un appareil cible, Forest Blizzard utilise GooseEgg pour élever les privilèges dans l'environnement.GooseEgg est généralement déployé avec un script de lot, que nous avons observé en utilisant le nom execute.bat et doit.bat .Ce script de lot écrit le fichier servtask.bat, qui contient des commandes pour enregistrer / compresser les ruches de registre.Le script de lot invoque l'exécutable de GooseEgg apparié et configure la persistance en tant que tâche planifiée conçue pour exécuter servtask.bat », lit le Advisory publié par Microsoft lundi. Les chercheurs de Microsoft ont noté qu'un fichier DLL malveillant intégré généralement, qui comprend l'expression « wayzgoose»; par exemple, wayzgoose23.dll , est une application de lanceur utilisée par la menaceLes acteurs doivent lancer d'autres charges utiles avec des autorisations au niveau du système et installer une porte dérobée, se déplacer latéralement dans le réseau de la victime et exécuter à distance le code sur les systèmes violés. Comme mentionné précédemment, la société a corrigé le défaut de sécurité des spouleurs imprimés en 2022. Il a également corrigé les vulnérabilités imprimées précédemment exploitées en 2021. «Les clients qui n'ont pas encore mis en œuvre ces correctifs sont invités à le faire dès que possible pour la sécurité de leur organisation», a déclaré Microsoft dans son avis. De plus, la société recommande également de dé]]> 2024-04-23T22:47:49+00:00 https://www.techworm.net/2024/04/russia-apt28-hackers-exploit-windows-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8487554 False Malware,Tool,Vulnerability,Threat APT 28 3.0000000000000000 Dark Reading - Informationweek Branch The infamous Russian threat actor has created a custom tool called GooseEgg to exploit CVE-2022-38028 in cyber-espionage attacks against targets in Ukraine, Western Europe, and North America.]]> 2024-04-23T13:21:39+00:00 https://www.darkreading.com/endpoint-security/russia-fancy-bear-pummels-windows-print-spooler-bug www.secnews.physaphae.fr/article.php?IdArticle=8487418 False Tool,Threat APT 28 3.0000000000000000 SecurityWeek - Security News Russia-linked APT28 deploys the GooseEgg post-exploitation tool against numerous US and European organizations. ]]> 2024-04-23T12:50:57+00:00 https://www.securityweek.com/russian-cyberspies-deliver-gooseegg-malware-to-government-organizations/ www.secnews.physaphae.fr/article.php?IdArticle=8487450 False Malware,Tool APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg. The post-compromise tool, which is said to have been used since at least June 2020 and possibly as early as April 2019, leveraged a now-patched flaw that allowed for]]> 2024-04-23T09:53:00+00:00 https://thehackernews.com/2024/04/russias-apt28-exploited-windows-print.html www.secnews.physaphae.fr/article.php?IdArticle=8487211 False Malware,Tool,Threat APT 28 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Microsoft has warned of a long-running credential stealing campaign from Russia\'s APT28]]> 2024-04-23T08:45:00+00:00 https://www.infosecurity-magazine.com/news/russian-apt28-gooseegg-hacking/ www.secnews.physaphae.fr/article.php?IdArticle=8487291 False None APT 28 3.0000000000000000 The Register - Site journalistique Anglais Putin\'s pals use \'GooseEgg\' malware to launch attacks you can defeat with patches or deletion Russian spies are exploiting a years-old Windows print spooler vulnerability and using a custom tool called GooseEgg to elevate privileges and steal credentials across compromised networks, according to Microsoft Threat Intelligence.…]]> 2024-04-23T01:15:11+00:00 https://go.theregister.com/feed/www.theregister.com/2024/04/23/russia_fancy_bear_goose_egg/ www.secnews.physaphae.fr/article.php?IdArticle=8487124 False Malware,Tool,Vulnerability,Threat APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. "The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated]]> 2024-03-18T11:29:00+00:00 https://thehackernews.com/2024/03/apt28-hacker-group-targeting-europe.html www.secnews.physaphae.fr/article.php?IdArticle=8465853 False Threat APT 28 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-03-05T19:03:47+00:00 https://community.riskiq.com/article/ed40fbef www.secnews.physaphae.fr/article.php?IdArticle=8459485 False Ransomware,Malware,Tool,Vulnerability,Threat,Studies,Medical,Technical APT 28,ChatGPT,APT 4 2.0000000000000000 SecurityWeek - Security News The US government says Russia\'s APT28 group compromised Ubiquiti EdgeRouters to run cyberespionage operations worldwide. ]]> 2024-02-28T12:36:12+00:00 https://www.securityweek.com/us-government-urges-cleanup-of-routers-infected-by-russias-apt28/ www.secnews.physaphae.fr/article.php?IdArticle=8456413 False None APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take protective measures, weeks after a botnet comprising infected routers was felled by law enforcement as part of an operation codenamed Dying Ember. The botnet, named MooBot, is said to have been used by a Russia-linked threat actor known as]]> 2024-02-28T11:17:00+00:00 https://thehackernews.com/2024/02/cybersecurity-agencies-warn-ubiquiti.html www.secnews.physaphae.fr/article.php?IdArticle=8456273 False Threat APT 28 2.0000000000000000 The Register - Site journalistique Anglais Takedown d'un botnet géré par la Russie sur les routeurs OBICiti OS compromis & # 8211;Sous la forme d'un avertissement que la Russie peut réessayer, de sorte que les propriétaires des appareils devraient prendre des précautions.… ]]> 2024-02-28T04:32:14+00:00 https://go.theregister.com/feed/www.theregister.com/2024/02/28/ubiquiti_botnet_second_warning/ www.secnews.physaphae.fr/article.php?IdArticle=8456233 False None APT 28 2.0000000000000000 Bleeping Computer - Magazine Américain Russian APT28 military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners. [...]]]> 2024-02-27T12:25:08+00:00 https://www.bleepingcomputer.com/news/security/russian-hackers-hijack-ubiquiti-routers-to-launch-stealthy-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8455988 False None APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. government on Thursday said it disrupted a botnet comprising hundreds of small office and home office (SOHO) routers in the country that was put to use by the Russia-linked APT28 actor to conceal its malicious activities. "These crimes included vast spear-phishing and similar credential harvesting campaigns against targets of intelligence interest to the Russian government, such as U.S.]]> 2024-02-16T12:19:00+00:00 https://thehackernews.com/2024/02/us-government-disrupts-russian-linked.html www.secnews.physaphae.fr/article.php?IdArticle=8450766 False None APT 28 2.0000000000000000 Dark Reading - Informationweek Branch The feds disrupted a Russian intelligence SOHO router botnet notable for being built with Moobot malware rather than custom code.]]> 2024-02-15T20:29:21+00:00 https://www.darkreading.com/cyberattacks-data-breaches/doj-breaks-russian-military-botnet- www.secnews.physaphae.fr/article.php?IdArticle=8450559 False Malware APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide. The attacks, attributed to an "aggressive" hacking crew called APT28, have set their eyes on organizations dealing with foreign affairs, energy, defense, and transportation, as well as those involved with]]> 2024-02-02T20:19:00+00:00 https://thehackernews.com/2024/02/russian-apt28-hackers-targeting-high.html www.secnews.physaphae.fr/article.php?IdArticle=8446026 False None APT 28 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Trend Micro reported recent attacks focused on government sectors, including foreign affairs, energy, defense and transportation]]> 2024-01-31T16:30:00+00:00 https://www.infosecurity-magazine.com/news/pawn-storms-stealthy-net-ntlmv2/ www.secnews.physaphae.fr/article.php?IdArticle=8445246 False Prediction APT 28 3.0000000000000000 TrendLabs Security - Editeur Antivirus Based on our estimates, from approximately April 2022 until November 2023, Pawn Storm attempted to launch NTLMv2 hash relay attacks through different methods, with huge peaks in the number of targets and variations in the government departments that it targeted.]]> 2024-01-31T00:00:00+00:00 https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth.html www.secnews.physaphae.fr/article.php?IdArticle=8445083 False None APT 28 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Between December 15-25, 2023, a series of cyberattacks were identified involving the distribution of emails containing links to purported "documents" among government organizations. Clicking on these links resulted in malware infecting computers. Investigation revealed that the links redirected victims to a website where a JavaScript-based download initiated a shortcut file. Opening this file triggered a PowerShell command to download and execute a decoy document, a Python interpreter, and a classified MASEPIE file named Client.py. Subsequently, various tools including OPENSSH, STEELHOOK PowerShell scripts, and the OCEANMAP backdoor were downloaded, with additional tools like IMPACKET and SMBEXEC created for network reconnaissance and lateral movement. The overall tactics, techniques, and tools used pointed to the APT28 group. Notably, the attack strategy indicated a broader plan to compromise the entire organization\'s information and communication system, emphasizing the potential threat to the entire network. Similar attacks were also reported against Polish organizations. #### Reference URL(s) 1. https://cert.gov.ua/article/6276894 #### Publication Date January 3, 2024 #### Author(s) CERT-UA ]]> 2024-01-03T19:16:54+00:00 https://community.riskiq.com/article/3c424c10 www.secnews.physaphae.fr/article.php?IdArticle=8433900 False Malware,Tool,Threat APT 28 4.0000000000000000 Recorded Future - FLux Recorded Future Les chercheurs ont découvert une nouvelle opération de cyber contre des organisations ukrainiennes et polonaises, l'attribuant au groupe de pirates russes contrôlé par l'État connu sous le nom de Fancy Bear.Lors des attaques de décembre, des pirates russes ont envoyé des courriels de phishing à leurs victimes avec des pièces jointes malveillantes.Une fois ouverts, ces pièces jointes infectées par les appareils ciblés par le nouveau malware Masepie, selon [un

---

Researchers have discovered a new cyber operation against Ukrainian and Polish organizations, attributing it to the Russian state-controlled hacker group known as Fancy Bear. During the attacks in December, Russian hackers sent phishing emails to their victims with malicious attachments. Once opened, these attachments infected targeted devices with the novel Masepie malware, according to [a]]> 2023-12-29T13:18:00+00:00 https://therecord.media/fancy-bear-apt28-ukraine-new-malware-masepie www.secnews.physaphae.fr/article.php?IdArticle=8430796 False Malware APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russian nation-state threat actor known as APT28 has been observed making use of lures related to the ongoing Israel-Hamas war to facilitate the delivery of a custom backdoor called HeadLace. IBM X-Force is tracking the adversary under the name ITG05, which is also known as BlueDelta, Fancy Bear, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron Twilight, Sednit, Sofacy, and]]> 2023-12-12T20:22:00+00:00 https://thehackernews.com/2023/12/russian-apt28-hackers-targeting-13.html www.secnews.physaphae.fr/article.php?IdArticle=8421570 False Threat APT 28 3.0000000000000000 Recorded Future - FLux Recorded Future Les chercheurs en cybersécurité ont découvert une autre campagne dans laquelle les pirates associés aux renseignements militaires de la Russie exploitent une vulnérabilité dans les logiciels Microsoft pour cibler des entités critiques, y compris celles des pays membres de l'OTAN.Selon un Rapport par Palo Alto Networks \\ 'Unit 42, l'acteur de menace russe connue sous le nom de Fancy Bear ou APT28 a violé Microsoft Outlook sur

---

Cybersecurity researchers have discovered another campaign in which hackers associated with Russia\'s military intelligence are exploiting a vulnerability in Microsoft software to target critical entities, including those in NATO member countries. According to a report by Palo Alto Networks\' Unit 42, the Russian threat actor known as Fancy Bear or APT28 breached Microsoft Outlook over]]> 2023-12-08T15:16:00+00:00 https://therecord.media/microsoft-outlook-vulnerability-apt28-hackers-russia-nato www.secnews.physaphae.fr/article.php?IdArticle=8420218 False Vulnerability,Threat APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a critical security flaw in its Outlook email service to gain unauthorized access to victims\' accounts within Exchange servers. The tech giant attributed the intrusions to a threat actor it called Forest Blizzard (formerly Strontium), which is also widely tracked under the monikers APT28,]]> 2023-12-05T12:29:00+00:00 https://thehackernews.com/2023/12/microsoft-warns-of-kremlin-backed-apt28.html www.secnews.physaphae.fr/article.php?IdArticle=8419205 False Vulnerability,Threat APT 28 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Notorious Russian APT28 group is actively exploiting CVE-2023-23397 to hijack Exchange email accounts]]> 2023-12-05T10:40:00+00:00 https://www.infosecurity-magazine.com/news/russian-apt28-exploits-outlook-bug/ www.secnews.physaphae.fr/article.php?IdArticle=8419247 False None APT 28 3.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2023-12-05T10:24:45+00:00 https://www.globalsecuritymag.fr/Cybersecurite-la-defense-l-aerospatial-la-finance-la-production-et-la.html www.secnews.physaphae.fr/article.php?IdArticle=8419243 False None APT 28 3.0000000000000000 ProofPoint - Cyber Firms 2023-12-05T05:00:40+00:00 https://www.proofpoint.com/us/blog/threat-insight/ta422s-dedicated-exploitation-loop-same-week-after-week www.secnews.physaphae.fr/article.php?IdArticle=8419228 False Malware,Vulnerability,Threat APT 28 3.0000000000000000 HackRead - Chercher Cyber Par waqas Forest Blizzard (AKA Strontium, APT28 et Fancy Bear) aurait des affiliations avec ou le soutien de la Russian Military Intelligence Agency. Ceci est un article de HackRead.com Lire le post original: Vulnérabilité des perspectives de Microsoft exploitées par le groupe de blizzard de forêt russe

---

>By Waqas Forest Blizzard (aka STRONTIUM, APT28, and Fancy Bear) is thought to have affiliations with or support from the Russian military intelligence agency. This is a post from HackRead.com Read the original post: Microsoft Outlook Vulnerability Exploited by Russian Forest Blizzard Group]]> 2023-12-04T18:58:53+00:00 https://www.hackread.com/microsoft-outlook-vulnerability-russia-forest-blizzard/ www.secnews.physaphae.fr/article.php?IdArticle=8419086 False Vulnerability APT 28 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates associés aux renseignements militaires de la Russie exploitent toujours activement une vulnérabilité dans les logiciels Microsoft pour accéder aux e-mails des victimes, a annoncé lundi la société.L'acteur de menace, suivi par Microsoft sous le nom de Forest Blizzard mais également connu sous le nom de Fancy Bear ou APT28, a tenté d'utiliser le bogue pour obtenir un accès non autorisé à l'e-mail

---

Hackers associated with Russia\'s military intelligence are still actively exploiting a vulnerability in Microsoft software to gain access to victims\' emails, the company said Monday. The threat actor, tracked by Microsoft as Forest Blizzard but also known as Fancy Bear or APT28, has been attempting to use the bug to gain unauthorized access to email]]> 2023-12-04T15:16:00+00:00 https://therecord.media/unpatched-microsoft-outlook-email-attacks-fancy-bear www.secnews.physaphae.fr/article.php?IdArticle=8419047 False Vulnerability,Threat APT 28 2.0000000000000000 Bleeping Computer - Magazine Américain After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. [...]]]> 2023-11-19T11:14:25+00:00 https://www.bleepingcomputer.com/news/security/russian-hackers-use-ngrok-feature-and-winrar-exploit-to-attack-embassies/ www.secnews.physaphae.fr/article.php?IdArticle=8414888 False Vulnerability,Threat APT 29,APT 28 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The notorious Russian hackers known as Sandworm targeted an electrical substation in Ukraine last year, causing a brief power outage in October 2022. The findings come from Google\'s Mandiant, which described the hack as a "multi-event cyber attack" leveraging a novel technique for impacting industrial control systems (ICS). "The actor first used OT-level living-off-the-land (LotL) techniques to]]> 2023-11-10T17:52:00+00:00 https://thehackernews.com/2023/11/russian-hackers-sandworm-cause-power.html www.secnews.physaphae.fr/article.php?IdArticle=8409099 False Hack,Industrial APT 28 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates russes parrainés par l'État ont lancé une attaque sophistiquée contre une installation énergétique ukrainienne l'année dernière, provoquant une panne de courant temporaire avant des frappes de missiles généralisées sur les infrastructures critiques dans tout le pays, ont annoncé jeudi des chercheurs.L'attaque en octobre 2022, attribuée au célèbre groupe de sable

---

Russian state-sponsored hackers launched a sophisticated attack on a Ukrainian energy facility last year, causing a temporary power outage before widespread missile strikes on critical infrastructure throughout the country, researchers said Thursday. The attack in October 2022, attributed to the notorious Russian group Sandworm, is a rare example of a cyber incident disrupting the physical]]> 2023-11-09T16:00:00+00:00 https://therecord.media/sandworm-attack-ukraine-energy-facility-missile-strikes www.secnews.physaphae.fr/article.php?IdArticle=8408571 False None APT 28 3.0000000000000000 Mandiant - Blog Sécu de Mandiant In late 2022, Mandiant responded to a disruptive cyber physical incident in which the Russia-linked threat actor Sandworm targeted a Ukrainian critical infrastructure organization. This incident was a multi-event cyber attack that leveraged a novel technique for impacting industrial control systems (ICS) / operational technology (OT). The actor first used OT-level living off the land (LotL) techniques to likely trip the victim\'s substation circuit breakers, causing an unplanned power outage that coincided with mass missile strikes on critical infrastructure across Ukraine. Sandworm later]]> 2023-11-09T15:00:00+00:00 https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology www.secnews.physaphae.fr/article.php?IdArticle=8408922 False Threat,Industrial APT 28 2.0000000000000000 The Register - Site journalistique Anglais Online attack coincided with major military action, Mandiant says Blackouts in Ukraine last year were not just caused by missile strikes on the nation but also by a seemingly coordinated cyberattack on one of its power plants. That\'s according to Mandiant\'s threat intel team, which said Russia\'s Sandworm crew was behind the two-pronged power-outage and data-wiping attack.…]]> 2023-11-09T08:00:09+00:00 https://go.theregister.com/feed/www.theregister.com/2023/11/09/russias_sandworm_power_plant_attack/ www.secnews.physaphae.fr/article.php?IdArticle=8408330 False Threat APT 28 2.0000000000000000 Wired Threat Level - Security News Russia\'s most notorious military hackers successfully sabotaged Ukraine\'s power grid for the third time last year. And in this case, the blackout coincided with a physical attack.]]> 2023-11-09T08:00:00+00:00 https://www.wired.com/story/sandworm-ukraine-third-blackout-cyberattack/ www.secnews.physaphae.fr/article.php?IdArticle=8408327 False None APT 28 2.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Le célèbre groupe de piratage russe connu sous le nom de Sandworm a abattu une sous-station qui a provoqué une brève panne, selon un nouveau rapport mandiant.

---

>The notorious Russian hacking group known as Sandworm took down a substation that caused a brief outage, according to a new Mandiant report. ]]> 2023-11-09T08:00:00+00:00 https://cyberscoop.com/sandworm-russia-ukraine-grid/ www.secnews.physaphae.fr/article.php?IdArticle=8408328 False None APT 28 2.0000000000000000 Recorded Future - FLux Recorded Future Un groupe de piratage associé à l'agence de renseignement militaire de la Russie a espionné les universités françaises, les entreprises, les groupes de réflexion et les agences gouvernementales, selon un nouveau rapport de la principale agence de cybersécurité de France.Les pirates, connus sous le nom de Fancy Bear ou APT28, naviguent furtivement aux réseaux français depuis la seconde moitié de 2021, essayant d'obtenir divers

---

A hacking group associated with Russia\'s military intelligence agency has been spying on French universities, businesses, think tanks, and government agencies, according to a new report from France\'s top cybersecurity agency. The hackers, known as Fancy Bear or APT28, have been stealthily navigating French networks since the second half of 2021, trying to obtain various]]> 2023-10-27T13:45:00+00:00 https://therecord.media/france-russia-fancybear-apt28-government-universities-think-tanks-espionage www.secnews.physaphae.fr/article.php?IdArticle=8401449 False None APT 28 3.0000000000000000 AhnLab - Korean Security Firm juillet 2023 Problèmes majeurs sur les groupes APT 1) APT28 2) APT29 3) APT31 4) Camouflaged Hunter 5) Chicheur charmant 6) Gamaredon 7) Kimsuky 8) Konni 9) Lazarus 10) Mustang Panda 11) Patchwork 12) Eyes rouges 13) Pirates d'espace 14) Turla 15) ATIP_2023_JUL_JULAT RAPPORT D'APTER LE Rapport sur les APT

---

July 2023 Major Issues on APT Groups 1) APT28 2) APT29 3) APT31 4) Camouflaged Hunter 5) Charming Kitten 6) Gamaredon 7) Kimsuky 8) Konni 9) Lazarus 10) Mustang Panda 11) Patchwork 12) Red Eyes 13) Space Pirates 14) Turla 15) Unclassified ATIP_2023_Jul_Threat Trend Report on APT Groups ]]> 2023-09-11T05:02:48+00:00 https://asec.ahnlab.com/en/56971/ www.secnews.physaphae.fr/article.php?IdArticle=8381128 False Threat,Prediction APT 38,APT 37,APT 37,APT 35,APT 35,APT 29,APT 29,APT 28,APT 28,APT 31 2.0000000000000000 Dark Reading - Informationweek Branch The group, best known for 2016 US election interference and other attacks on Ukraine, used phishing emails offering pictures of women to lure its victim into opening a malicious attachment.]]> 2023-09-06T17:50:00+00:00 https://www.darkreading.com/attacks-breaches/russia-fancy-bear-apt-ukrainian-energy-facility www.secnews.physaphae.fr/article.php?IdArticle=8379761 False None APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country. The intrusion, per the agency, started with a phishing email containing a link to a malicious ZIP archive that activates the infection chain. “Visiting the link will download a ZIP archive containing three JPG images (]]> 2023-09-06T13:32:00+00:00 https://thehackernews.com/2023/09/ukraines-cert-thwarts-apt28s.html www.secnews.physaphae.fr/article.php?IdArticle=8379534 False None APT 28 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The attack has been carried out using legitimate services and standard software functions, CERT-UA observed]]> 2023-09-06T11:30:00+00:00 https://www.infosecurity-magazine.com/news/russia-apt28-attack-ukraine-power/ www.secnews.physaphae.fr/article.php?IdArticle=8379605 False None APT 28,APT 28 4.0000000000000000 Recorded Future - FLux Recorded Future Un tristement célèbre groupe de cyberespionnage russe a été surpris en train d'attaquer une installation énergétique critique en Ukraine, a annoncé mardi une agence gouvernementale.Un expert en cybersécurité travaillant pour l'organisation ciblée a contrecarré l'attaque, selon ]]> 2023-09-05T20:01:00+00:00 https://therecord.media/ukraine-energy-facility-cyberattack-fancy-bear-email www.secnews.physaphae.fr/article.php?IdArticle=8379317 False None APT 28,APT 28 2.0000000000000000 AhnLab - Korean Security Firm Tendances du groupe APT & # 8211;Juin 2023 1) Andariel 2) APT28 3) Cadet Blizzard (Dev-0586) 4) Camaro Dragon 5) Chicheau charmant (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3Chang (Apt15, Nickel) 8) Kimsuky 9) Lazarus 10) Eau boueuse 11) Mustang Panda 12) Oceanlotus 13) Patchwork (éléphant blanc) 14) REd Eyes (APT37) 15) Sharp Panda 16) Sidecopy 17) Soldat Stealth ATIP_2023_JUN_THREAT Rapport de tendance sur les groupes APT

---

APT Group Trends – June 2023  1) Andariel 2) APT28 3) Cadet Blizzard (DEV-0586) 4) Camaro Dragon 5) Charming Kitten (Mint Sandstorm) 6) Gamaredon (Shuckworm) 7) Ke3chang (APT15, Nickel) 8) Kimsuky 9) Lazarus 10) Muddy Water 11) Mustang Panda 12) OceanLotus 13) Patchwork (White Elephant) 14) Red Eyes (APT37) 15) Sharp Panda 16) SideCopy 17) Stealth Soldier ATIP_2023_Jun_Threat Trend Report on APT Groups ]]> 2023-08-16T06:46:45+00:00 https://asec.ahnlab.com/en/56195/ www.secnews.physaphae.fr/article.php?IdArticle=8370575 False Threat,Prediction APT 38,APT 37,APT 37,APT 35,APT 35,APT 32,APT 32,APT 28,APT 28,APT 15,APT 15,APT 25 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC account for a huge 62% of all commercial attacks, a clear indication of the scale of the challenge faced by the supply chain and the logistics industry as a whole. There are solutions out there, however, and the most simple of these concerns a simple upskilling of supply chain professionals to be aware of cybersecurity systems and threats. In an industry dominated by the need for trust, this is something that perhaps can come naturally for the supply chain. Building trust and awareness At the heart of a successful supply chain relationship is trust between partners. Building that trust, and securing high quality business partners, relies on a few factors. Cybersecurity experts and responsible officers will see some familiarity - due diligence, scrutiny over figures, and continuous monitoring. In simple terms, an effective framework of checking and rechecking work, monitored for compliance on all sides. These factors are a key part of new federal cybersecurity rules, according to news agency Reuters. Among other measures are a requirement for companies to have rigorous control over system patching, and measures that would require cloud hosted services to identify foreign customers. These are simple but important steps, and give a hint to supply chain businesses as to what they should be doing; putting in measures to monitor, control, and enact compliance on cybersecurity threats. That being said, it can be the case that the software isn’t in place within individual businesses to ensure that level of control. The right tools, and the right personnel, is also essential. The importance of software Back in April, the UK’s National Cyber Security Centre released details of specific threats made by Russian actors against business infrastructure in the USA and UK. Highlighted in this were specific weaknesses in business systems, and that includes in hardware and software used by millions of businesses worldwide. The message is simple - even industry standard software and devices have their problems, and businesses have to keep track of that. There are two arms to ensure this is completed. Firstly, the business should have a cybersecurity officer in place whose role it is to monitor current measures and ensure they are kept up to date. Secondly, budget and time must be allocated at an executive level firstly to promote networking between the business and cybersecurity firms, and between partner businesses to ensure that even cybersecurity measures are implemented across the chain. Utilizing AI There is something of a digital arms race when it comes to artificial intelligence. As ZDNet notes, the lack of clear regulation is providing a lot of leeway for malicious actors to innovate, but for businesses to act, too. While regulations are now coming in, it remains that there is a clear role for AI in prevention. According t]]> 2023-08-14T10:00:00+00:00 https://cybersecurity.att.com/blogs/security-essentials/building-cybersecurity-into-the-supply-chain-is-essential-as-threats-mount www.secnews.physaphae.fr/article.php?IdArticle=8369852 False Threat,Cloud APT 28,ChatGPT 2.0000000000000000 AhnLab - Korean Security Firm Les cas de grands groupes APT pour le mai 2023 réunis à partir de documents rendus publics par des sociétés de sécurité et des institutions sont comme commesuit.& # 8211;Agrius & # 8211;Andariel & # 8211;APT28 & # 8211;APT29 & # 8211;APT-C-36 (Blind Eagle) & # 8211;Camaro Dragon & # 8211;CloudWizard & # 8211;Earth Longzhi (APT41) & # 8211;Goldenjackal & # 8211;Kimsuky & # 8211;Lazarus & # 8211;Lancefly & # 8211;Oilalpha & # 8211;Red Eyes (Apt37, Scarcruft) & # 8211;Sidecopy & # 8211;Sidewinder & # 8211;Tribu transparente (APT36) & # 8211;Volt Typhoon (Silhouette de bronze) ATIP_2023_MAY_TRADEAT Rapport sur les groupes APT_20230609

---

The cases of major APT groups for May 2023 gathered from materials made public by security companies and institutions are as follows. – Agrius – Andariel – APT28 – APT29 – APT-C-36 (Blind Eagle) – Camaro Dragon – CloudWizard – Earth Longzhi (APT41) – GoldenJackal – Kimsuky – Lazarus – Lancefly – OilAlpha – Red Eyes (APT37, ScarCruft) – SideCopy – SideWinder – Transparent Tribe (APT36) – Volt Typhoon (Bronze Silhouette) ATIP_2023_May_Threat Trend Report on APT Groups_20230609 ]]> 2023-07-07T02:33:29+00:00 https://asec.ahnlab.com/en/55184/ www.secnews.physaphae.fr/article.php?IdArticle=8353225 False Threat,Prediction APT 41,APT 38,APT 37,APT 37,APT 29,APT 29,APT 28,APT 28,APT 36,APT 36,Guam,Guam,APT-C-17,APT-C-17,GoldenJackal,GoldenJackal,APT-C-36 3.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #26  |   June 27th, 2023 [Eyes Open] The FTC Reveals the Latest Top Five Text Message Scams The U.S. Federal Trade Commission (FTC) has published a data spotlight outlining the most common text message scams. Phony bank fraud prevention alerts were the most common type of text scam last year. "Reports about texts impersonating banks are up nearly tenfold since 2019 with median reported individual losses of $3,000 last year," the report says. These are the top five text scams reported by the FTC: Copycat bank fraud prevention alerts Bogus "gifts" that can cost you Fake package delivery problems Phony job offers Not-really-from-Amazon security alerts "People get a text supposedly from a bank asking them to call a number ASAP about suspicious activity or to reply YES or NO to verify whether a transaction was authorized. If they reply, they\'ll get a call from a phony \'fraud department\' claiming they want to \'help get your money back.\' What they really want to do is make unauthorized transfers. "What\'s more, they may ask for personal information like Social Security numbers, setting people up for possible identity theft." Fake gift card offers took second place, followed by phony package delivery problems. "Scammers understand how our shopping habits have changed and have updated their sleazy tactics accordingly," the FTC says. "People may get a text pretending to be from the U.S. Postal Service, FedEx, or UPS claiming there\'s a problem with a delivery. "The text links to a convincing-looking – but utterly bogus – website that asks for a credit card number to cover a small \'redelivery fee.\'" Scammers also target job seekers with bogus job offers in an attempt to steal their money and personal information. "With workplaces in transition, some scammers are using texts to perpetrate old-school forms of fraud – for example, fake \'mystery shopper\' jobs or bogus money-making offers for driving around with cars wrapped in ads," the report says. "Other texts target people who post their resumes on employment websites. They claim to offer jobs and even send job seekers checks, usually with instructions to send some of the money to a different address for materials, training, or the like. By the time the check bounces, the person\'s money – and the phony \'employer\' – are long gone." Finally, scammers impersonate Amazon and send fake security alerts to trick victims into sending money. "People may get what looks like a message from \'Amazon,\' asking to verify a big-ticket order they didn\'t place," the FTC says. "Concerned ]]> 2023-06-27T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-26-eyes-open-the-ftc-reveals-the-latest-top-five-text-message-scams www.secnews.physaphae.fr/article.php?IdArticle=8349704 False Ransomware,Spam,Malware,Hack,Tool,Threat FedEx,APT 28,APT 15,ChatGPT,ChatGPT 2.0000000000000000 Anomali - Firm Blog Figure 1 - Diagrammes de résumé du CIO.Ces graphiques résument les CIO attachés à ce magazine et donnent un aperçu des menaces discutées. Cyber News et Intelligence des menaces événement de sécurité mondiale anomali Intel - Progress Software Vulnerabilities & ndash;Moveit & amp;DataDirect Connect (Publié: 16 juin 2023) Après la découverte de CVE-2023-34362 et son exploitation antérieure par un affilié des ransomwares CLOP, plusieurs vulnérabilités supplémentaires ont été découvertes dans Moveit Transfer (CVE-2023-35036 et CVE-2023-35708) et d'autres produits de logiciels de progrès (CVE et CVE-2023-34363 et CVE-2023-34364).Alors que le site de fuite de Darkweb du groupe (> _clop ^ _- les fuites) a commencé à s'adresser aux entités compromises, l'événement d'exploitation original a été évalué comme un événement de sécurité mondial.Ceci est basé sur la liste croissante des organisations violées connues et l'utilisation de Moveit parmi des milliers d'organisations à travers le monde, y compris les secteurs public, privé et gouvernemental. Commentaire des analystes: Les défenseurs du réseau doivent suivre les étapes d'assainissement des logiciels de progrès qui incluent le durcissement, la détection, le nettoyage et l'installation des récentes correctifs de sécurité de transfert Moveit.Les règles YARA et les indicateurs basés sur l'hôte associés à l'exploitation de déplacement observé sont disponibles dans la plate-forme Anomali pour la détection et la référence historique. mitre att & amp; ck: [mitre att & amp; ck] t1190 - exploiter le publicApplication | [mitre att & amp; ck] t1036 - masquée | [mitre att & amp; ck] t1560.001 - Données collectées par les archives: archive via l'utilité Signatures (Sigma Rules): Exploitation potentielle de transfert de déplacement | exploitation movet . (Règles Yara) lemurloot webshell dll charges utiles - yara by mandiant | scénarisation de la webshell lemurloot ASP.net - yara par mandiant | exploitation movet - yara par Florian Roth | moveit_transfer_exploit_webshell_aspx | moveit_transfer_exploit_webshell_dll Tags: Target-Software: Moveit Transfer, Vulnérabilité: CVE-2023-34362, Vulnérabilité: CVE-2023-35036, Vulnérabilité: CVE-2023-35708, Vulnérabilité: CVE-2023-34363, Vulnérabilité:CVE-2023-34364, Target-Country: ÉtatsType: ransomware, malware: Lemurloot, Type de logiciels malveillants: webs]]> 2023-06-21T20:11:00+00:00 https://www.anomali.com/blog/anomali-cyber-watch-cadet-blizzard-new-gru-apt-chameldoh-hard-to-detect-linux-rat-stealthy-doublefinger-targets-cryptocurrency www.secnews.physaphae.fr/article.php?IdArticle=8347828 False Ransomware,Tool,Threat,Cloud APT 28 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates avec un infâme cyber-groupe militaire russe ont ciblé le gouvernement ukrainien et une entreprise impliquée dans l'aviation militaire depuis que l'invasion de Moscou a commencé par son voisin, a déclaré mardi l'agence de la cyber-ukraine.L'équipe d'intervention d'urgence informatique de l'Ukraine \\ (CER-UA) et des chercheurs de Future \\ 's groupe insikt

---

Hackers with an infamous Russian military cyber group have targeted the Ukrainian government and a company involved in military aviation since Moscow\'s invasion of its neighbor began, Ukraine\'s cyber agency reported Tuesday. Ukraine\'s computer emergency response team (CERT-UA) and researchers from Recorded Future\'s Insikt Group attributed the campaign to APT28 - also known as Fancy]]> 2023-06-20T19:45:00+00:00 https://therecord.media/russia-fancy-bear-hackers-targeted-ukraine www.secnews.physaphae.fr/article.php?IdArticle=8347459 False None APT 28 2.0000000000000000 Bleeping Computer - Magazine Américain A threat group tracked as APT28 and linked to Russia\'s General Staff Main Intelligence Directorate (GRU) has breached Roundcube email servers belonging to multiple Ukrainian organizations, including government entities. [...]]]> 2023-06-20T09:00:00+00:00 https://www.bleepingcomputer.com/news/security/russian-apt28-hackers-breach-ukrainian-govt-email-servers/ www.secnews.physaphae.fr/article.php?IdArticle=8347329 False Threat APT 28 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #19  |   May 9th, 2023 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages. "Google Chrome users who use the browser regularly should be wary of a new attack campaign that distributes malware by posing as a Google Chrome update error message," Trend Micro warns. "The attack campaign has been operational since February 2023 and has a large impact area." The message displayed reads, "UPDATE EXCEPTION. An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update." A link is provided at the bottom of the bogus error message that takes the user to what\'s misrepresented as a link that will support a Chrome manual update. In fact the link will download a ZIP file that contains an EXE file. The payload is a cryptojacking Monero miner. A cryptojacker is bad enough since it will drain power and degrade device performance. This one also carries the potential for compromising sensitive information, particularly credentials, and serving as staging for further attacks. This campaign may be more effective for its routine, innocent look. There are no spectacular threats, no promises of instant wealth, just a notice about a failed update. Users can become desensitized to the potential risks bogus messages concerning IT issues carry with them. Informed users are the last line of defense against attacks like these. New school security awareness training can help any organization sustain that line of defense and create a strong security culture. Blog post with links:https://blog.knowbe4.com/fake-chrome-update-error-messages A Master Class on IT Security: Roger A. Grimes Teaches You Phishing Mitigation Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they\'re more targeted, more cunning and more dangerous. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more. Join Roger A. Grimes, KnowBe4\'s Data-Driven Defense Evangelist, ]]> 2023-05-09T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-19-watch-your-back-new-fake-chrome-update-error-attack-targets-your-users www.secnews.physaphae.fr/article.php?IdArticle=8334782 False Ransomware,Data Breach,Spam,Malware,Tool,Threat,Prediction NotPetya,NotPetya,APT 28,ChatGPT,ChatGPT 2.0000000000000000 The Register - Site journalistique Anglais Nasty emails designed to infect systems with info-stealing malware The Kremlin-backed threat group APT28 is flooding Ukrainian government agencies with email messages about bogus Windows updates in the hope of dropping malware that will exfiltrate system data.…]]> 2023-05-02T06:37:07+00:00 https://go.theregister.com/feed/www.theregister.com/2023/05/02/russia_apt28_ukraine_phishing/ www.secnews.physaphae.fr/article.php?IdArticle=8332710 False Malware,Threat APT 28,APT 28 2.0000000000000000 Dark Reading - Informationweek Branch The phishing emails were sent using names of system administrators and a letter containing instructions to protect against hackers.]]> 2023-05-01T20:10:00+00:00 https://www.darkreading.com/attacks-breaches/apt28-employs-windows-update-lures-to-trick-ukrainian-targets www.secnews.physaphae.fr/article.php?IdArticle=8332620 False None APT 28,APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks perpetrated by Russian nation-state hackers targeting various government bodies in the country. The agency attributed the phishing campaign to APT28, which is also known by the names Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, and Sofacy. The email messages come with the subject line "]]> 2023-05-01T14:22:00+00:00 https://thehackernews.com/2023/05/apt28-targets-ukrainian-government.html www.secnews.physaphae.fr/article.php?IdArticle=8332497 False None APT 28,APT 28 3.0000000000000000 TechRepublic - Security News US Les États-Unis, l'Europe et l'Ukraine seraient des cibles dans cette menace malveillante.Apprenez à protéger les routeurs Cisco affectés.

---

>The U.S., Europe and Ukraine are reportedly targets in this malware threat. Learn how to protect affected Cisco routers. ]]> 2023-04-28T16:36:57+00:00 https://www.techrepublic.com/article/apt28-cisco-routers-security-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8331913 False Malware,Vulnerability,Threat APT 28,APT 28 2.0000000000000000 knowbe4 - cybersecurity services CyberheistNews Vol 13 #16  |   April 18th, 2023 [Finger on the Pulse]: How Phishers Leverage Recent AI Buzz Curiosity leads people to suspend their better judgment as a new campaign of credential theft exploits a person\'s excitement about the newest AI systems not yet available to the general public. On Tuesday morning, April 11th, Veriti explained that several unknown actors are making false Facebook ads which advertise a free download of AIs like ChatGPT and Google Bard. Veriti writes "These posts are designed to appear legitimate, using the buzz around OpenAI language models to trick unsuspecting users into downloading the files. However, once the user downloads and extracts the file, the Redline Stealer (aka RedStealer) malware is activated and is capable of stealing passwords and downloading further malware onto the user\'s device." Veriti describes the capabilities of the Redline Stealer malware which, once downloaded, can take sensitive information like credit card numbers, passwords, and personal information like user location, and hardware. Veriti added "The malware can upload and download files, execute commands, and send back data about the infected computer at regular intervals." Experts recommend using official Google or OpenAI websites to learn when their products will be available and only downloading files from reputable sources. With the rising use of Google and Facebook ads as attack vectors experts also suggest refraining from clicking on suspicious advertisements promising early access to any product on the Internet. Employees can be helped to develop sound security habits like these by stepping them through monthly social engineering simulations. Blog post with links:https://blog.knowbe4.com/ai-hype-used-for-phishbait [New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform! The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters with]]> 2023-04-25T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-13-17-head-start-effective-methods-how-to-teach-social-engineering-to-an-ai www.secnews.physaphae.fr/article.php?IdArticle=8330904 False Spam,Malware,Hack,Threat APT 28,ChatGPT,ChatGPT 3.0000000000000000 Soc Radar - Blog spécialisé SOC Les acteurs de l'État-nation russe utilisent une vulnérabilité de code à distance correcée dans les appareils de réseau Cisco pour mener ...

---

>Russian nation-state actors are using a patched remote code execution vulnerability in Cisco network appliances to conduct... ]]> 2023-04-20T11:23:59+00:00 https://socradar.io/apt28-exploits-cisco-vulnerability-to-deploy-malware-in-espionage-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8329638 False Malware,Vulnerability APT 28 2.0000000000000000 Dark Reading - Informationweek Branch The nation-stage threat group deployed custom malware on archaic versions of Cisco\'s router operating system. Experts warn that such attacks targeting network infrastructure are on the rise.]]> 2023-04-19T21:40:00+00:00 https://www.darkreading.com/attacks-breaches/russian-fancy-bear-apt-exploited-unpatched-cisco-routers-to-hack-us-eu-government-agencies www.secnews.physaphae.fr/article.php?IdArticle=8329462 False Malware,Hack,Threat APT 28 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Elite hackers associated with Russia\'s military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google\'s Threat Analysis Group (TAG), which is monitoring the activities of the actor under the name FROZENLAKE, said the attacks continue the "group\'s 2022 focus]]> 2023-04-19T21:11:00+00:00 https://thehackernews.com/2023/04/google-tag-warns-of-russian-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8329398 False Threat APT 28 2.0000000000000000 SecurityWeek - Security News Les agences gouvernementales américaines et britanniques ont émis un avertissement conjoint pour le groupe russe APT28 ciblant les routeurs Cisco en exploitant une ancienne vulnérabilité.

---

>US and UK government agencies have issued a joint warning for Russian group APT28 targeting Cisco routers by exploiting an old vulnerability. ]]> 2023-04-19T09:03:31+00:00 https://www.securityweek.com/us-uk-russia-exploiting-old-vulnerability-to-hack-cisco-routers/ www.secnews.physaphae.fr/article.php?IdArticle=8329305 False Hack,Vulnerability APT 28 2.0000000000000000 Recorded Future - FLux Recorded Future Le géant de la Cybersecurity and Infrastructure Security Agency and Technology Cisco a publié mardi des avis mettant en vedette les attaques contre des routeurs qui seraient exploités par des pirates militaires russes.Dans son rapport, la CISA a été rejointe par le FBI, la NSA et le Centre national de cybersécurité du Royaume-Uni (NCSC) pour souligner les actions d'APT28 & # 8211;que les agences croient

---

The Cybersecurity and Infrastructure Security Agency and technology giant Cisco released advisories on Tuesday spotlighting attacks on routers allegedly being exploited by Russian military hackers. In its report, CISA was joined by the FBI, NSA and the UK National Cyber Security Centre (NCSC) in highlighting the actions of APT28 – which the agencies believe is]]> 2023-04-18T18:50:00+00:00 https://therecord.media/cisa-cisco-russia-military-hackers-routers www.secnews.physaphae.fr/article.php?IdArticle=8328996 False None APT 28 2.0000000000000000