This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T02:22:12+00:00 www.secnews.physaphae.fr SentinelOne (APT) - Cyber Firms New ScarCruft activity suggests the adversary is planning to target cybersecurity professionals and businesses.]]> 2024-01-22T13:55:47+00:00 https://www.sentinelone.com/labs/a-glimpse-into-future-scarcruft-campaigns-attackers-gather-strategic-intelligence-and-target-cybersecurity-professionals/ www.secnews.physaphae.fr/article.php?IdArticle=8441698 False None APT 37 3.0000000000000000 Dark Reading - Informationweek Branch The FalseFont backdoor allows operators to remotely access an infected system and launch additional files.]]> 2023-12-22T16:45:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/iran-peach-sandstorm-cyberattackers-global-defense www.secnews.physaphae.fr/article.php?IdArticle=8427467 False None APT 33 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Organizations in the Defense Industrial Base (DIB) sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont. The findings come from Microsoft, which is tracking the activity under its weather-themed moniker Peach Sandstorm (formerly Holmium), which is also known as APT33, Elfin, and Refined Kitten. "]]> 2023-12-22T11:04:00+00:00 https://thehackernews.com/2023/12/microsoft-warns-of-new-falsefont.html www.secnews.physaphae.fr/article.php?IdArticle=8427216 False Threat,Industrial APT33,APT 33 3.0000000000000000 HackRead - Chercher Cyber waqas PEACH SANDSTORM, également reconnu comme l'Holmium, s'est récemment concentré sur les cibles de la base industrielle de la défense mondiale (DIB). Ceci est un article de HackRead.com Lire le post original: L'Iran & # 8217; s Peach Sandstorm Deploy Deploy Falsefont Backdoor dans le secteur de la défense

---

By Waqas Peach Sandstorm, also recognized as HOLMIUM, has recently focused on global Defense Industrial Base (DIB) targets. This is a post from HackRead.com Read the original post: Iran’s Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector]]> 2023-12-21T20:46:58+00:00 https://www.hackread.com/iran-peach-sandstorm-falsefont-backdoor-defense/ www.secnews.physaphae.fr/article.php?IdArticle=8426987 False Industrial APT 33 2.0000000000000000 Bleeping Computer - Magazine Américain Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide. [...]]]> 2023-12-21T15:28:06+00:00 https://www.bleepingcomputer.com/news/security/microsoft-hackers-target-defense-firms-with-new-falsefont-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8426986 False Malware APT33,APT 33 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company ESET. The attacks also involved the use of an updated version of a known OilRig downloader]]> 2023-12-14T18:00:00+00:00 https://thehackernews.com/2023/12/iranian-state-sponsored-oilrig-group.html www.secnews.physaphae.fr/article.php?IdArticle=8422615 False Malware,Threat APT 34 2.0000000000000000 Recorded Future - FLux Recorded Future Un groupe de cyber-espionnage lié au gouvernement iranien a développé plusieurs nouveaux téléchargeurs de logiciels malveillants au cours des deux dernières années et les a récemment utilisés pour cibler des organisations en Israël.Des chercheurs de la société Slovaquie ESET attribué Les téléchargeurs nouvellement découverts au groupe iranien de menace persistant avancé Oilrig, également connu sous le nom d'APT34.Selon les rapports précédents

---

A cyber-espionage group linked to the Iranian government developed several new malware downloaders over the past two years and has recently been using them to target organizations in Israel. Researchers at the Slovakia-based company ESET attributed the newly discovered downloaders to the Iranian advanced persistent threat group OilRig, also known as APT34. Previous reports said]]> 2023-12-14T16:30:00+00:00 https://therecord.media/oilrig-apt34-iran-linked-hackers-new-downloaders-israel www.secnews.physaphae.fr/article.php?IdArticle=8422737 False Malware,Threat APT 34 2.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET ESET researchers document a series of new OilRig downloaders, all relying on legitimate cloud service providers for C&C communications]]> 2023-12-14T10:30:00+00:00 https://www.welivesecurity.com/en/eset-research/oilrig-persistent-attacks-cloud-service-powered-downloaders/ www.secnews.physaphae.fr/article.php?IdArticle=8422763 False Cloud APT 34 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Cisco Talos has discovered a new campaign conducted by the Lazarus Group, called "Operation Blacksmith," which employs at least three new DLang-based malware families, two of which are remote access trojans (RATs), where one of these uses Telegram bots and channels as a medium of command and control (C2) communications. The RATs are named "NineRAT" and "DLRAT," and the downloader is called "BottomLoader." The campaign consists of continued opportunistic targeting of enterprises globally that publicly host and expose their vulnerable infrastructure to n-day vulnerability exploitation such as CVE-2021-44228 (Log4j). Lazarus has targeted manufacturing, agricultural, and physical security companies. The malware is written in DLang, indicating a definitive shift in TTPs from APT groups falling under the Lazarus umbrella with the increased adoption of malware being authored using non-traditional frameworks such as the Qt framework, including MagicRAT and QuiteRAT. #### Reference URL(s) 1. https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/ #### Publication Date December 11, 2023 #### Author(s) Jungsoo An ]]> 2023-12-13T19:34:57+00:00 https://community.riskiq.com/article/04580784 www.secnews.physaphae.fr/article.php?IdArticle=8422247 False Malware,Vulnerability APT 38 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Le phosphore a appelé les organisations avec des systèmes cyber-physiques (CPS) pour résoudre les problèmes de mauvaise configuration clés qui les rendent vulnérables ...

---

>Phosphorus has called upon organizations with cyber-physical systems (CPS) to address key misconfiguration issues that leave them vulnerable... ]]> 2023-12-13T10:21:31+00:00 https://industrialcyber.co/news/phosphorus-cps-protection-platform-is-said-to-match-cisa-mitigation-guidance-for-top-misconfiguration-risk/ www.secnews.physaphae.fr/article.php?IdArticle=8422006 False None APT 35 3.0000000000000000 The Register - Site journalistique Anglais Sure, they do crimes. But the plausible deniability governments adore means they deserve a different label Cybercrime gangs like the notorious Lazarus group and spyware vendors like Israel\'s NSO should be considered cyber mercenaries – and become the subject of a concerted international response – according to a Monday report from Delhi-based think tank Observer Research Foundation (ORF).…]]> 2023-12-13T06:05:28+00:00 https://go.theregister.com/feed/www.theregister.com/2023/12/13/cyber_mercenary_orf_report/ www.secnews.physaphae.fr/article.php?IdArticle=8421881 False None APT 38 2.0000000000000000 Silicon - Site de News Francais 2023-12-12T10:21:10+00:00 https://www.silicon.fr/log4j-menace-persiste-474135.html www.secnews.physaphae.fr/article.php?IdArticle=8421459 False None APT 38 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Cisco Talos discovered a new campaign conducted by the Lazarus Group that it has codenamed \'Operation Blacksmith,\' employing... ]]> 2023-12-12T09:32:48+00:00 https://industrialcyber.co/threats-attacks/cisco-reveals-operation-blacksmith-as-lazarus-targets-organizations-with-new-telegram-based-malware-in-dlang/ www.secnews.physaphae.fr/article.php?IdArticle=8421437 False Malware APT 38 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates connectés à Groupe de Lazarus de la Corée du Nord ont exploité le Vulnérabilité LOG4J Dans une campagne d'attaques ciblant les entreprises dans les secteurs de la fabrication, de l'agriculture et de la sécurité physique.Connu sous le nom de «Faire du forgeron de l'opération», la campagne a vu les pirates de Lazarus utiliser au moins trois nouvelles familles de logiciels malveillants, selon des chercheurs de Cisco Talos qui ont nommé l'un des

---

Hackers connected to North Korea\'s Lazarus Group have been exploiting the Log4j vulnerability in a campaign of attacks targeting companies in the manufacturing, agriculture and physical security sectors. Known as “Operation Blacksmith,” the campaign saw Lazarus hackers use at least three new malware families, according to researchers at Cisco Talos who named one of the]]> 2023-12-11T20:30:00+00:00 https://therecord.media/north-korean-hackers-using-log www.secnews.physaphae.fr/article.php?IdArticle=8421198 False Malware,Vulnerability APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The notorious North Korea-linked threat actor known as the Lazarus Group has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts. Cisco Talos is tracking the activity under the name Operation Blacksmith, noting the use of three DLang-based]]> 2023-12-11T18:30:00+00:00 https://thehackernews.com/2023/12/lazarus-group-using-log4j-exploits-to.html www.secnews.physaphae.fr/article.php?IdArticle=8421079 False Threat APT 38 3.0000000000000000 The Register - Site journalistique Anglais 2023-12-11T18:08:15+00:00 https://go.theregister.com/feed/www.theregister.com/2023/12/11/lazarus_group_edang/ www.secnews.physaphae.fr/article.php?IdArticle=8421157 False Malware APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cisco Talos said Operation Blacksmith leveraged the flaw in publicly facing VMWare Horizon servers]]> 2023-12-11T17:00:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-group-log4shell-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8421119 False None APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang. [...]]]> 2023-12-11T16:25:32+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-drop-new-rat-malware-using-2-year-old-log4j-bug/ www.secnews.physaphae.fr/article.php?IdArticle=8421215 False Malware,Threat APT 38 2.0000000000000000 Dark Reading - Informationweek Branch The infamous vulnerability may be on the older side at this point, but North Korea\'s primo APT Lazarus is creating new, unique malware around it at a remarkable clip.]]> 2023-12-11T16:15:00+00:00 https://www.darkreading.com/threat-intelligence/lazarus-group-still-juicing-log4shell-rats-written-d www.secnews.physaphae.fr/article.php?IdArticle=8421118 False Malware,Vulnerability APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future La police métropolitaine de Séoul a accusé mardi un groupe de piratage nord-coréen de cibler des sociétés sud-coréennes liées à l'industrie de la défense et de voler des informations sensibles sur les systèmes d'armes anti-aériens.Dans un communiqué de presse, faire connaître l'enquête sur le groupe de piratage d'Andariel - qui a des liens vers le célèbre groupe de Lazare - la police a déclaré qu'ils

---

The Seoul Metropolitan Police on Tuesday accused a North Korean hacking group of targeting South Korean companies connected to the defense industry and stealing sensitive information about anti-aircraft weapon systems. In a press release publicizing the investigation into the Andariel hacking group - which has links to the notorious Lazarus Group - police said they]]> 2023-12-06T21:30:00+00:00 https://therecord.media/north-korea-hackers-stole-anti-aircraft-system-data www.secnews.physaphae.fr/article.php?IdArticle=8419690 False None APT 38 3.0000000000000000 Dark Reading - Informationweek Branch The prolific threat actor has laundered hundreds of millions of dollars in stolen virtual currency through the service.]]> 2023-11-30T17:35:00+00:00 https://www.darkreading.com/cyberattacks-data-breaches/feds-seize-sinbad-crypto-mixer-used-by-north-korea-s-lazarus www.secnews.physaphae.fr/article.php?IdArticle=8418122 False Threat APT 38,APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors from the Democratic People\'s Republic of Korea (DPRK) are increasingly targeting the cryptocurrency sector as a major revenue generation mechanism since at least 2017 to get around sanctions imposed against the country. "Even though movement in and out of and within the country is heavily restricted, and its general population is isolated from the rest of the world, the regime\'s]]> 2023-11-30T17:25:00+00:00 https://thehackernews.com/2023/11/north-koreas-lazarus-group-rakes-in-3.html www.secnews.physaphae.fr/article.php?IdArticle=8418053 False Threat APT 38,APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Treasury Department on Wednesday imposed sanctions against Sinbad, a virtual currency mixer that has been put to use by the North Korea-linked Lazarus Group to launder ill-gotten proceeds. "Sinbad has processed millions of dollars\' worth of virtual currency from Lazarus Group heists, including the Horizon Bridge and Axie Infinity heists," the department said. "Sinbad is also used by]]> 2023-11-30T11:39:00+00:00 https://thehackernews.com/2023/11/us-treasury-sanctions-sinbad.html www.secnews.physaphae.fr/article.php?IdArticle=8417988 False None APT 38,APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future Le département du Trésor américain le mercredi sanctionné Un mélangeur de crypto-monnaie populaire utilisé pour blanchir les fonds volés par des pirates liés au gouvernement nord-coréen.Le Contrôle des actifs étrangers (OFAC) du Département du Trésor a annoncé de nouvelles sanctions sur Sinbad.io, qui, selon les responsables

---

The U.S. Treasury Department on Wednesday sanctioned a popular cryptocurrency mixer used to launder funds stolen by hackers connected to the North Korean government. The Treasury Department\'s Office of Foreign Assets Control (OFAC) announced new sanctions on Sinbad.io, which officials said has been used by North Korea\'s Lazarus Group to process millions of dollars\' worth]]> 2023-11-29T21:45:00+00:00 https://therecord.media/us-treasury-sanctions-sinbad-crypto-mixer www.secnews.physaphae.fr/article.php?IdArticle=8417908 False None APT 38,APT 38 2.0000000000000000 HackRead - Chercher Cyber Par waqas US Treasury sanctions Sinbad.io pour blanchir des millions de fonds volés liés au groupe de Lazarus de la Corée du Nord. Ceci est un article de HackRead.com Lire le message original: US saisit le mélangeur Bitcoin Sinbad.io utilisé par Lazarus Group

---

>By Waqas US Treasury Sanctions Sinbad.io for Laundering Millions in Stolen Funds Linked to North Korea\'s Lazarus Group. This is a post from HackRead.com Read the original post: US Seizes Bitcoin Mixer Sinbad.io Used by Lazarus Group]]> 2023-11-29T19:37:23+00:00 https://www.hackread.com/us-seizes-bitcoin-mixer-sinbad-io-lazarus-group/ www.secnews.physaphae.fr/article.php?IdArticle=8417881 False None APT 38,APT 38 2.0000000000000000 Dark Reading - Informationweek Branch Lazarus and its cohorts are switching loaders and other code between RustBucket and KandyKorn macOS malware to fool victims and researchers.]]> 2023-11-28T17:30:00+00:00 https://www.darkreading.com/threat-intelligence/north-korean-apts-mix-and-match-malware-components-to-evade-detection www.secnews.physaphae.fr/article.php?IdArticle=8417572 False Malware APT 38,APT 38 2.0000000000000000 Kovrr - cyber risk management platform 2023-11-28T00:00:00+00:00 https://www.kovrr.com/reports/investigating-the-risk-of-compromised-credentials-and-internet-exposed-assets www.secnews.physaphae.fr/article.php?IdArticle=8417472 False Ransomware,Threat,Studies,Prediction,Cloud APT 39,APT 39,APT 17 3.0000000000000000 Wired Threat Level - Security News Whether you have sore muscles, tired eyes, or dull skin, there\'s a Therabody massager on sale that could help.]]> 2023-11-27T13:17:33+00:00 https://www.wired.com/story/therabody-theragun-cyber-monday-deals-2023/ www.secnews.physaphae.fr/article.php?IdArticle=8417208 False None APT 37 1.00000000000000000000 AhnLab - Korean Security Firm tout en surveillant les attaques récentes du groupe de menace Andariel, le centre d'intervention d'urgence de sécurité Ahnlab (ASEC) a découvert que le Centre d'AndarieAttaquer le cas dans lequel le groupe est supposé exploiter la vulnérabilité de l'exécution du code distant Apache ActiveMQ (CVE-2023-46604) pour installer des logiciels malveillants.Le groupe Andariel Threat cible généralement les entreprises et les institutions sud-coréennes, et le groupe est connu pour être soit dans une relation coopérative du groupe de menaces de Lazare, soit dans un groupe subsidiaire de Lazarus.Leurs attaques contre la Corée du Sud ont été les premières ...

---

While monitoring recent attacks by the Andariel threat group, AhnLab Security Emergency response Center (ASEC) has discovered the attack case in which the group is assumed to be exploiting Apache ActiveMQ remote code execution vulnerability (CVE-2023-46604) to install malware. The Andariel threat group usually targets South Korean companies and institutions, and the group is known to be either in a cooperative relationship of the Lazarus threat group, or a subsidiary group of Lazarus. Their attacks against South Korea were first... ]]> 2023-11-27T01:16:58+00:00 https://asec.ahnlab.com/en/59318/ www.secnews.physaphae.fr/article.php?IdArticle=8417067 False None APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain A joint advisory by the National Cyber Security Centre (NCSC) and Korea\'s National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea\'s National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou [...]]]> 2023-11-24T12:28:14+00:00 https://www.bleepingcomputer.com/news/security/uk-and-south-korea-hackers-use-zero-day-in-supply-chain-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8416630 False None APT 38 3.0000000000000000 Bleeping Computer - Magazine Américain Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide. [...]]]> 2023-11-22T13:06:25+00:00 https://www.bleepingcomputer.com/news/security/microsoft-lazarus-hackers-breach-cyberlink-in-supply-chain-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8416021 False Malware APT 38,APT 38 3.0000000000000000 AhnLab - Korean Security Firm L'équipe d'analyse ASEC a identifié les circonstances du groupe Andariel distribuant des logiciels malveillants via une attaque en utilisant une certaine gestion des actifsprogramme.Le groupe Andariel est connu pour être dans une relation coopérative avec ou une organisation filiale du groupe Lazare.Le groupe Andariel lance généralement des attaques de phishing de lance, d'arrosage ou de chaîne d'approvisionnement pour la pénétration initiale.Il existe également un cas où le groupe a exploité une solution de gestion centrale pendant le processus d'installation de logiciels malveillants.Récemment, le groupe Andariel ...

---

The ASEC analysis team identified the circumstances of the Andariel group distributing malware via an attack using a certain asset management program. The Andariel group is known to be in a cooperative relationship with or a subsidiary organization of the Lazarus group. The Andariel group usually launches spear phishing, watering hole, or supply chain attacks for initial penetration. There is also a case where the group exploited a central management solution during the malware installation process. Recently, the Andariel group... ]]> 2023-11-20T06:31:18+00:00 https://asec.ahnlab.com/en/59073/ www.secnews.physaphae.fr/article.php?IdArticle=8414705 False Malware,Technical APT 38,APT 38 3.0000000000000000 CompromisingPositions - Podcast Cyber Jenny \'The People Hacker\' RadcliffePeople Hacker: Confessions of a Burglar For Hire by Jenny Radcliffe]]> 2023-11-16T00:00:00+00:00 https://www.compromisingpositions.co.uk/podcast/episode-8-cybercrime-the-greatest-heist-in-human-history www.secnews.physaphae.fr/article.php?IdArticle=8517016 False None APT 32 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. Microsoft attributed the activity to a threat actor it calls Sapphire Sleet, describing it as a "shift in the persistent actor\\\'s tactics." Sapphire Sleet, also called APT38, BlueNoroff, CageyChameleon, and CryptoCore, has a]]> 2023-11-11T19:03:00+00:00 https://thehackernews.com/2023/11/microsoft-warns-of-fake-skills.html www.secnews.physaphae.fr/article.php?IdArticle=8409670 False Threat APT 38,APT 38 3.0000000000000000 Recorded Future - FLux Recorded Future Un groupe de piratage iranien a ciblé les organisations dans les secteurs du transport, de la logistique et de la technologie d'Israël le mois dernier au milieu d'une augmentation de la cyber-activité iranienne depuis le début de la guerre d'Israël avec le Hamas.Des chercheurs de la société de cybersécurité Crowdstrike \'s Counter Adversary Operations ont attribué l'activité à Charming Kitten, un Group iranien avancé de menace persistante (APT) , dans un [rapport

---

An Iranian hacking group targeted organizations in Israel\'s transportation, logistics and technology sectors last month amid an uptick in Iranian cyber activity since the start of Israel\'s war with Hamas. Researchers at the cybersecurity company CrowdStrike\'s Counter Adversary Operations attributed the activity to Charming Kitten, an Iranian advanced persistent threat (APT) group, in a [report]]> 2023-11-09T18:00:00+00:00 https://therecord.media/charming-kitten-targeted-israel-cyberattacks www.secnews.physaphae.fr/article.php?IdArticle=8408636 False Threat APT 35 2.0000000000000000 HackRead - Chercher Cyber Par waqas Bluenoroff est un sous-groupe du plus grand groupe soutenu par l'État nord-coréen appelé Lazarus. Ceci est un article de HackRead.com Lire le post original: Bluenoroff APT lié à Lazare ciblant les macOS avec des logiciels malveillants objcshellz

---

>By Waqas BlueNoroff is a subgroup of the larger North Korean state-backed group called Lazarus. This is a post from HackRead.com Read the original post: Lazarus-Linked BlueNoroff APT Targeting macOS with ObjCShellz Malware]]> 2023-11-08T10:34:54+00:00 https://www.hackread.com/lazarus-bluenoroff-apt-macos-objcshellz-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8407874 False Malware APT 38,APT 38 2.0000000000000000 CyberWarzone - Cyber News [plus ...]

---

Ever found yourself musing over the future of combat at sea? I mean, it’s not your everyday chatter, but imagine the ocean teeming with these [more...]]]> 2023-11-05T17:35:51+00:00 https://cyberwarzone.com/are-maritime-drones-the-future-of-naval-warfare/ www.secnews.physaphae.fr/article.php?IdArticle=8406328 False None APT 32 2.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed Un autre jour, une autre opération de logiciels malveillants par le tristement célèbre groupe de Lazare ciblant les ingénieurs de la blockchain et les utilisateurs de crypto. Ceci est un article de HackRead.com Lire le post original: Lazarus groupe LazarusUtilise des logiciels malveillants de Kandykorn MacOS pour le vol cryptographique

---

>By Deeba Ahmed Another day, another malware operation by the infamous Lazarus group targeting blockchain engineers and crypto users. This is a post from HackRead.com Read the original post: Lazarus Group uses KandyKorn macOS malware for crypto theft]]> 2023-11-03T20:01:17+00:00 https://www.hackread.com/lazarus-kandykorn-macos-malware-crypto/ www.secnews.physaphae.fr/article.php?IdArticle=8405492 False Malware APT 38,APT 38 3.0000000000000000 Dark Reading - Informationweek Branch Posing as fellow engineers, the North Korean state-sponsored cybercrime group Lazarus tricked crypto-exchange developers into downloading the hard-to-detect malware.]]> 2023-11-03T18:55:00+00:00 https://www.darkreading.com/endpoint/kandykorn-macos-malware-lures-crypto-engineers www.secnews.physaphae.fr/article.php?IdArticle=8405460 False Malware APT 38,APT 38 2.0000000000000000 SecurityWeek - Security News Security researchers uncover new macOS and Windows malware associated with the North Korea-linked Lazarus Group. ]]> 2023-11-03T14:10:49+00:00 https://www.securityweek.com/north-korean-hackers-use-new-kandykorn-macos-malware-in-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8405892 False Malware APT 38,APT 38 2.0000000000000000 Bleeping Computer - Magazine Américain A new macOS malware dubbed \'KandyKorn\' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform. [...]]]> 2023-11-02T15:22:01+00:00 https://www.bleepingcomputer.com/news/security/new-macos-kandykorn-malware-targets-cryptocurrency-engineers/ www.secnews.physaphae.fr/article.php?IdArticle=8404890 False Malware APT 38,APT 38 3.0000000000000000 Dark Reading - Informationweek Branch The government-backed APT\'s new malware framework represents a step up in Iran\'s cyber sophistication.]]> 2023-11-02T14:46:00+00:00 https://www.darkreading.com/dr-global/-scarred-manticore-unleashes-most-advanced-iranian-espionage www.secnews.physaphae.fr/article.php?IdArticle=8404734 False Malware APT 34 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates liés à la Corée du Nord ciblent les ingénieurs de blockchain \\ 'Apple avec de nouveaux logiciels malveillants avancés, ont révélé des chercheurs.Les tactiques et les techniques utilisées dans la campagne chevauchent l'activité du groupe de pirates nord-coréen parrainé par l'État Lazarus, comme l'a rapporté la société de cybersécurité Elastic Security Labs.L'objectif probable des pirates est de voler la crypto-monnaie comme

---

Hackers linked to North Korea are targeting blockchain engineers\' Apple devices with new, advanced malware, researchers have found. The tactics and techniques used in the campaign overlap with the activity of the North Korean state-sponsored hacker group Lazarus, as reported by cybersecurity firm Elastic Security Labs. The hackers\' likely goal is to steal cryptocurrency as]]> 2023-11-02T12:47:00+00:00 https://therecord.media/blockchain-engineers-crypto-exchange-macos-malware-north-korea www.secnews.physaphae.fr/article.php?IdArticle=8404681 False Malware APT 38,APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) State-sponsored threat actors from the Democratic People\'s Republic of Korea (DPRK) have been found targeting blockchain engineers of an unnamed crypto exchange platform via Discord with a novel macOS malware dubbed KANDYKORN. Elastic Security Labs said the activity, traced back to April 2023, exhibits overlaps with the infamous adversarial collective Lazarus Group, citing an analysis of the]]> 2023-11-01T14:32:00+00:00 https://thehackernews.com/2023/11/north-korean-hackers-tageting-crypto.html www.secnews.physaphae.fr/article.php?IdArticle=8403987 False Malware,Threat APT 38,APT 38 2.0000000000000000 HackRead - Chercher Cyber deeba ahmed Les chercheurs pensent que l'objectif principal derrière cette campagne est l'espionnage. Ceci est un article de HackRead.com Lire le post original: L'Iran Manticore cicatriciel des Targets du Moyen-Orient avec des logiciels malveillants liontail

---

By Deeba Ahmed Researchers believe that the primary goal behind this campaign is espionage. This is a post from HackRead.com Read the original post: Iran’s Scarred Manticore Targets Middle East with LIONTAIL Malware]]> 2023-11-01T08:20:47+00:00 https://www.hackread.com/iran-scarred-manticore-middle-east-liontail-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8403968 False Malware APT 34,APT 34 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) #### Description Check Point Research (CPR) is monitoring an ongoing Iranian espionage campaign by Scarred Manticore, an actor affiliated with the Ministry of Intelligence and Security (MOIS). The attacks rely on LIONTAIL, an advanced passive malware framework installed on Windows servers. For stealth purposes, LIONTIAL implants utilize direct calls to Windows HTTP stack driver HTTP.sys to load memory-residents payloads. The current campaign peaked in mid-2023, going under the radar for at least a year. The campaign targets high-profile organizations in the Middle East with a focus on government, military, and telecommunications sectors, in addition to IT service providers, financial organizations and NGOs. Scarred Manticore has been pursuing high-value targets for years, utilizing a variety of IIS-based backdoors to attack Windows servers. These include a variety of custom web shells, custom DLL backdoors, and driver-based implants. While the main motivation behind Scarred Manticore\'s operation is espionage, some of the tools described in this report have been associated with the MOIS-sponsored destructive attack against Albanian government infrastructure (referred to as DEV-0861). #### Reference URL(s) 1. https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/ #### Publication Date October 31, 2023 #### Author(s) Check Point Research ]]> 2023-10-31T19:45:32+00:00 https://community.riskiq.com/article/b37061cc www.secnews.physaphae.fr/article.php?IdArticle=8403717 False Malware,Tool APT 34,APT 34 2.0000000000000000 Recorded Future - FLux Recorded Future Un acteur iranien de la menace nationale cible des organisations de haut niveau au Moyen-Orient dans une campagne d'espionnage en cours, selon un nouveau rapport.Suivi en tant que Manticore marqué, le groupe cible principalement les secteurs du gouvernement, des militaires et des télécommunications en Arabie saoudite, aux Émirats arabes unis, en Jordanie, au Koweït, à Oman, en Irak et en Israël.Ces dernières années, Manticore marqué a

---

An Iranian nation-state threat actor is targeting high-profile organizations in the Middle East in an ongoing espionage campaign, according to a new report. Tracked as Scarred Manticore, the group primarily targets government, military, and telecom sectors in Saudi Arabia, the United Arab Emirates, Jordan, Kuwait, Oman, Iraq, and Israel. In recent years, Scarred Manticore has]]> 2023-10-31T19:30:00+00:00 https://therecord.media/iranian-hackers-spy-on-governments-military-middle-east www.secnews.physaphae.fr/article.php?IdArticle=8403704 False Threat APT 34 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Discovered by Check Point Research (CPR) and Sygnia, the campaign peaked in mid-2023]]> 2023-10-31T16:30:00+00:00 https://www.infosecurity-magazine.com/news/scarred-manticore-targets-middle/ www.secnews.physaphae.fr/article.php?IdArticle=8403582 False Malware APT 34 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Faits saillants: 1. Intrudeurs silencieux: Manticore marqué, un groupe de cyber-menaces iranien lié à Mois (Ministère des renseignements & # 38; Security), gère tranquillement une opération d'espionnage sophistiquée furtive au Moyen-Orient.En utilisant leur dernier cadre d'outils de logiciels malveillants, Liontail, ils volent sous le radar depuis plus d'un an.2. Secteurs ciblés: La campagne se concentre sur les grands joueurs-gouvernement, militaire, télécommunications, informatique, finance et ONG au Moyen-Orient.Manticore marqué est une question de données systématiquement en train de saisir des données, montrant leur engagement envers les cibles de grande valeur.3. Évolution des tactiques: le livre de jeu de Manticore Scarre est passé des attaques de base de shell sur les serveurs Windows à [& # 8230;]

---

>Highlights: 1. Silent Intruders: Scarred Manticore, an Iranian cyber threat group linked to MOIS (Ministry of Intelligence & Security), is quietly running a stealthy sophisticated spying operation in the Middle East. Using their latest malware tools framework, LIONTAIL, they have been flying under the radar for over a year. 2. Targeted Sectors: The campaign focuses on big players-government, military, telecom, IT, finance, and NGOs in the Middle East. Scarred Manticore is all about systematically nabbing data, showing their commitment to high-value targets. 3. Evolution of Tactics: Scarred Manticore’s playbook has evolved from basic web shell attacks on Windows Servers to […] ]]> 2023-10-31T10:56:45+00:00 https://blog.checkpoint.com/security/unraveling-the-scarred-manticore-saga-a-riveting-epic-of-high-stakes-espionage-unfolding-in-the-heart-of-the-middle-east/ www.secnews.physaphae.fr/article.php?IdArticle=8403439 False Malware,Tool,Threat APT 34 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Résultats clés Introduction Les recherches sur les points de contrôle, en collaboration avec l'équipe de réponse aux incidents de Sygnia \\, ont suivi et répondu aux activités de & # 160; marqué Manticore, un acteur iranien de la menace nationale qui cible principalement le gouvernement etsecteurs de télécommunications au Moyen-Orient.Manticore marqué, lié au prolifique acteur iranien Oilrig (alias APT34, Europium, Hazel Sandstorm), a constamment poursuivi [& # 8230;]

---

>Key Findings Introduction Check Point Research, in collaboration with Sygnia\'s Incident Response Team, has been tracking and responding to the activities of Scarred Manticore, an Iranian nation-state threat actor that primarily targets government and telecommunication sectors in the Middle East. Scarred Manticore, linked to the prolific Iranian actor OilRig (a.k.a APT34, EUROPIUM, Hazel Sandstorm), has persistently pursued […] ]]> 2023-10-31T10:56:34+00:00 https://research.checkpoint.com/2023/from-albania-to-the-middle-east-the-scarred-manticore-is-listening/ www.secnews.physaphae.fr/article.php?IdArticle=8403445 False Threat APT 34,APT 34 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Kaspersky unveiled the cyber campaign at the Security Analyst Summit]]> 2023-10-30T17:00:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-group-targets-legitimate/ www.secnews.physaphae.fr/article.php?IdArticle=8403072 False Malware APT 38 2.0000000000000000 CyberWarzone - Cyber News [Plus ...]

---

The recent unveiling of a sinister alliance between an IT company and North Korean hackers, it’s evident that the cyber threat landscape has taken a [more...]]]> 2023-10-30T11:51:07+00:00 https://cyberwarzone.com/north-korean-lazarus-hackers-and-it-companys-billion-won-ransomware-heist/ www.secnews.physaphae.fr/article.php?IdArticle=8402774 False Ransomware,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-aligned Lazarus Group has been attributed as behind a new campaign in which an unnamed software vendor was compromised through the exploitation of known security flaws in another high-profile software. The attack sequences, according to Kaspersky, culminated in the deployment of malware families such as SIGNBT and LPEClient, a known hacking tool used by the threat actor for]]> 2023-10-27T20:27:00+00:00 https://thehackernews.com/2023/10/n-korean-lazarus-group-targets-software.html www.secnews.physaphae.fr/article.php?IdArticle=8401494 False Malware,Tool,Threat APT 38,APT 38 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates connectés au gouvernement nord-coréen ont exploité une vulnérabilité dans un fournisseur de logiciels «haut de gamme» pour cibler ses clients, selon un récent Rapport .À la mi-juillet, les chercheurs de la société de cybersécurité Kaspersky ont détecté une série d'attaques contre plusieurs victimes ciblées via un logiciel de sécurité non identifié conçu pour crypter les communications Web à l'aide du numérique

---

Hackers connected to the North Korean government have exploited a vulnerability in a “high-profile” software vendor to target its customers, according to a recent report. In mid-July, researchers from the cybersecurity firm Kaspersky detected a series of attacks on several victims who were targeted through unidentified security software designed to encrypt web communications using digital]]> 2023-10-27T16:30:00+00:00 https://therecord.media/north-korean-hackers-exploit-software-vulnerability www.secnews.physaphae.fr/article.php?IdArticle=8401515 False Vulnerability,Threat APT 38 4.0000000000000000 Bleeping Computer - Magazine Américain The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer. [...]]]> 2023-10-27T12:15:29+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-breached-dev-repeatedly-to-deploy-signbt-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8401514 False Malware APT 38,APT 38 3.0000000000000000 Kaspersky - Kaspersky Research blog We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns]]> 2023-10-27T06:00:12+00:00 https://securelist.com/unveiling-lazarus-new-campaign/110888/ www.secnews.physaphae.fr/article.php?IdArticle=8401253 False None APT 38,APT 38 2.0000000000000000 DarkTrace - DarkTrace: AI bases detection Darktrace helps security operations centre (SOC) teams become more efficient by drastically cutting down the time needed to investigate incidents.]]> 2023-10-26T13:08:32+00:00 https://darktrace.com/blog/expediting-the-investigation-of-widespread-trojan-infections-with-darktrace www.secnews.physaphae.fr/article.php?IdArticle=8400834 False None APT 39 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Résumé En octobre 2023, Netskope a analysé un document de mots malveillant et le malware qu'il contenait, surnommé «Menorah».Le malware a été attribué à un groupe de menaces persistant avancé APT34 et aurait été distribué par phisse de lance.Le fichier de bureau malveillant utilise le code VBA dispersé et obscurci pour échapper à la détection.Le groupe avancé des menaces persistantes cible [& # 8230;]

---

>Summary In October 2023, Netskope analyzed a malicious Word document and the  malware it contained, dubbed “Menorah.” The malware was attributed to an advanced persistent threat group APT34, and was reported to be distributed via spear-phishing. The malicious Office file uses dispersed and obfuscated VBA code to evade detection.  The advanced persistent threat group targets […] ]]> 2023-10-25T19:00:00+00:00 https://www.netskope.com/blog/netskope-threat-coverage-menorah www.secnews.physaphae.fr/article.php?IdArticle=8400546 False Malware,Threat APT 34 2.0000000000000000 AhnLab - Korean Security Firm août 2023 Problèmes majeurs sur les groupes de l'APT 1) Andariel 2) APT29 3) APT31 4) amer 5)Bronze Starlight 6) Callisto 7) Cardinbee 8) Typhoon de charbon de bois (Redhotel) 9) Terre estrie 10) Typhon de lin 11) Groundpeony 12) Chisel infâme 13) Kimsuky 14) Lazarus 15)Moustachedbouncher 16) Éléphant mystérieux (APT-K-47) 17) Nobelium (Blizzard de minuit) 18) Red Eyes (APT37) Aug_Thereat Trend Rapport sur les groupes APT

---

August 2023 Major Issues on APT Groups 1) Andariel 2) APT29 3) APT31 4) Bitter 5) Bronze Starlight 6) Callisto 7) Carderbee 8) Charcoal Typhoon (RedHotel) 9) Earth Estries 10) Flax Typhoon 11) GroundPeony 12) Infamous Chisel 13) Kimsuky 14) Lazarus 15) MoustachedBouncher 16) Mysterious Elephant (APT-K-47) 17) Nobelium (Midnight Blizzard) 18) Red Eyes (APT37) Aug_Threat Trend Report on APT Groups ]]> 2023-10-23T02:22:16+00:00 https://asec.ahnlab.com/en/57930/ www.secnews.physaphae.fr/article.php?IdArticle=8399124 False Threat,Prediction APT 38,APT 38,APT 37,APT 29,APT 31 3.0000000000000000 SecurityWeek - Security News Le groupe de piratage lié à l'Iran, Crambus, a passé huit mois dans un réseau compromis d'un gouvernement du Moyen-Orient, les rapports de l'unité de cybersécurité de Broadcom \\ de Broadcom.

---

>Iran-linked hacking group Crambus spent eight months inside a compromised network of a Middle Eastern government, Broadcom\'s Symantec cybersecurity unit reports. ]]> 2023-10-20T12:29:53+00:00 https://www.securityweek.com/iranian-hackers-lurked-for-8-months-in-government-network/ www.secnews.physaphae.fr/article.php?IdArticle=8398261 False None APT 34 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates liés au gouvernement d'Iran \\ ont passé huit mois à l'intérieur des systèmes d'un gouvernement du Moyen-Orient non spécifié, volant des fichiers et des e-mails, selon des chercheurs.La société de cybersécurité Symantec a attribué la campagne à un groupe qu'il appelle CambusMais d'autres appellent APT34, Oilrig ou Muddywater.L'intrusion a duré de février à septembre et tandis que le

---

Hackers connected to Iran\'s government spent eight months inside the systems of an unspecified Middle East government, stealing files and emails, according to researchers. Cybersecurity firm Symantec attributed the campaign to a group it calls Crambus but others refer to as APT34, OilRig or MuddyWater. The intrusion lasted from February to September, and while the]]> 2023-10-19T20:23:00+00:00 https://therecord.media/iran-linked-hackers-8-months-middle-east-government www.secnews.physaphae.fr/article.php?IdArticle=8397883 False Threat APT 34 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iran-linked OilRig threat actor targeted an unnamed Middle East government between February and September 2023 as part of an eight-month-long campaign. The attack led to the theft of files and passwords and, in one instance, resulted in the deployment of a PowerShell backdoor called PowerExchange, the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News]]> 2023-10-19T15:45:00+00:00 https://thehackernews.com/2023/10/iran-linked-oilrig-targets-middle-east.html www.secnews.physaphae.fr/article.php?IdArticle=8397652 False Threat APT 34 3.0000000000000000 Dark Reading - Informationweek Branch The state-sponsored threat actors (aka APT34, Crambus, Helix Kitten, or OilRig) spent months seemingly taking whatever government data they wished, using never-before-seen tools.]]> 2023-10-19T14:22:00+00:00 https://www.darkreading.com/dr-global/iran-linked-muddywater-spies-middle-east-govt-eight-months www.secnews.physaphae.fr/article.php?IdArticle=8397738 False Threat APT 34 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korean threat actors are actively exploiting a critical security flaw in JetBrains TeamCity to opportunistically breach vulnerable servers, according to Microsoft. The attacks, which entail the exploitation of CVE-2023-42793 (CVSS score: 9.8), have been attributed to Diamond Sleet (aka Labyrinth Chollima) and Onyx Sleet (aka Andariel or Silent Chollima). It\'s worth noting that both the]]> 2023-10-19T12:41:00+00:00 https://thehackernews.com/2023/10/microsoft-warns-of-north-korean-attacks.html www.secnews.physaphae.fr/article.php?IdArticle=8397598 False Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked Lazarus Group (aka Hidden Cobra or TEMP.Hermit) has been observed using trojanized versions of Virtual Network Computing (VNC) apps as lures to target the defense industry and nuclear engineers as part of a long-running campaign known as Operation Dream Job. "The threat actor tricks job seekers on social media into opening malicious apps for fake job interviews," Kaspersky]]> 2023-10-18T20:21:00+00:00 https://thehackernews.com/2023/10/lazarus-group-targeting-defense-experts.html www.secnews.physaphae.fr/article.php?IdArticle=8397305 False Threat APT 38,APT 38,APT 37 2.0000000000000000 Recorded Future - FLux Recorded Future Les pirates ont ciblé plus d'une douzaine d'entreprises de pétrole, de gaz et de défense en Europe de l'Est avec une version mise à jour du cadre de la porte dérobée MATA, selon récent Research .La porte dérobée MATA était auparavant attribué au groupe de pirates nord-coréen Lazarus.Les chercheurs de la société de cybersécurité Kaspersky, qui ont découvert cette campagne, ne se sont pas directement liés

---

Hackers have targeted more than a dozen oil, gas and defense firms in Eastern Europe with an updated version of the MATA backdoor framework, according to recent research. The MATA backdoor was previously attributed to the North Korean hacker group Lazarus. Researchers at the cybersecurity firm Kaspersky, who uncovered this campaign, did not directly link]]> 2023-10-18T20:15:00+00:00 https://therecord.media/eastern-europe-energy-and-defense-targeted-mata www.secnews.physaphae.fr/article.php?IdArticle=8397422 False Threat,Industrial APT 38 4.0000000000000000 Bleeping Computer - Magazine Américain Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. [...]]]> 2023-10-18T18:33:02+00:00 https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-critical-teamcity-flaw-to-breach-networks/ www.secnews.physaphae.fr/article.php?IdArticle=8397455 False Vulnerability APT 38 3.0000000000000000 AhnLab - Korean Security Firm Le groupe Lazare est un groupe de piratage connu pour être parrainé par l'État et mène activement des activités de piratageDans le monde entier pour le gain financier, le vol de données et d'autres fins.Un aperçu simplifié de l'attaque du trou d'arrosage du groupe Lazare qui a abusé de la vulnérabilité inisafée est la suivante: un lien malveillant a été inséré dans un article spécifique sur un site Web d'actualités.Par conséquent, les entreprises et les institutions qui ont cliqué sur cet article étaient ciblées pour le piratage.Les pirates ont exploité des sites Web coréens vulnérables avec C2 ...

---

The Lazarus group is a hacking group that is known to be state-sponsored and is actively conducting hacking activities worldwide for financial gain, data theft, and other purposes. A simplified overview of the Lazarus group’s watering hole attack that abused the INISAFE vulnerability is as follows: a malicious link was inserted within a specific article on a news website. Consequently, companies and institutions that clicked on this article were targeted for hacking. The hackers exploited vulnerable Korean websites with C2... ]]> 2023-10-17T00:55:09+00:00 https://asec.ahnlab.com/en/57736/ www.secnews.physaphae.fr/article.php?IdArticle=8396477 False Vulnerability APT 38 2.0000000000000000 AhnLab - Korean Security Firm aperçu1.Analyse de la porte dérobée de Volgmer….1.1.Version précoce de Volgmer …… .. 1.1.1.Analyse des compte-gouttes Volgmer …… .. 1.1.2.Analyse de la porte dérobée de Volgmer….1.2.Version ultérieure de Volgmer …… .. 1.2.1.Analyse de Volgmer Backdoor2.Analyse du téléchargeur Scout….2.1.DIGNES (Volgmer, Scout)….2.2.Analyse du téléchargeur Scout …… .. 2.2.1.Scout Downloader v1 …… .. 2.2.2.Scout Downloader V23.Conclusion Table des matières Le groupe de menaces de Lazarus parrainé par l'État a des dossiers d'activité qui remontent à 2009. Au début, leurs activités étaient principalement axées sur ...

---

Overview1. Analysis of Volgmer Backdoor…. 1.1. Early Version of Volgmer…….. 1.1.1. Analysis of Volgmer Dropper…….. 1.1.2. Analysis of Volgmer Backdoor…. 1.2. Later Version of Volgmer…….. 1.2.1. Analysis of Volgmer Backdoor2. Analysis of Scout Downloader…. 2.1. Droppers (Volgmer, Scout)…. 2.2. Analysis of Scout Downloader…….. 2.2.1. Scout Downloader v1…….. 2.2.2. Scout Downloader v23. Conclusion Table of Contents The seemingly state-sponsored Lazarus threat group has records of activity that date back to 2009. In the early days, their activities were mostly focused on... ]]> 2023-10-13T08:21:01+00:00 https://asec.ahnlab.com/en/57685/ www.secnews.physaphae.fr/article.php?IdArticle=8395055 False Threat APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As much as $7 billion in cryptocurrency has been illicitly laundered through cross-chain crime, with the North Korea-linked Lazarus Group linked to the theft of roughly $900 million of those proceeds between July 2022 and July of this year. "As traditional entities such as mixers continue to be subject to seizures and sanctions scrutiny, the crypto crime displacement to chain- or asset-hopping]]> 2023-10-06T20:26:00+00:00 https://thehackernews.com/2023/10/north-koreas-lazarus-group-launders-900.html www.secnews.physaphae.fr/article.php?IdArticle=8392275 False None APT 38 2.0000000000000000 Korben - Bloger francais 2023-10-05T07:00:00+00:00 https://korben.info/tio-des-interpreteurs-de-code-gratuits-pour-les-developpeurs-et-les-enseignants.html www.secnews.physaphae.fr/article.php?IdArticle=8391770 False None APT 32 2.0000000000000000 The Register - Site journalistique Anglais LightningCan evades infosec tools in new and interesting ways The Lazarus Group, the cybercrime gang linked to the North Korean government, has been named as the perpetrator of an attack against a Spanish aerospace firm, using a dangerous new piece of malware.…]]> 2023-10-04T07:30:06+00:00 https://go.theregister.com/feed/www.theregister.com/2023/10/04/lazarus_group_lightlesscan_malware_upgrade/ www.secnews.physaphae.fr/article.php?IdArticle=8391313 False Malware,Tool APT 38 2.0000000000000000 Dark Reading - Informationweek Branch The Lazarus Group\'s "LightlessCan" malware executes multiple native Windows commands within the RAT itself, making detection significantly harder, security vendor says.]]> 2023-10-02T20:51:09+00:00 https://www.darkreading.com/cloud/north-korea-meta-complex-backdoor-aerospace www.secnews.physaphae.fr/article.php?IdArticle=8390638 False Malware APT 38 3.0000000000000000 Dark Reading - Informationweek Branch The Menorah malware can upload and download files, as well as execute shell commands.]]> 2023-10-02T17:19:00+00:00 https://www.darkreading.com/dr-global/iran-linked-apt34-spy-campaign-targets-saudis www.secnews.physaphae.fr/article.php?IdArticle=8390594 False Malware APT 34,APT 34 3.0000000000000000 HackRead - Chercher Cyber Par waqas Rapport des pertes de crypto immunufi: T1 2023 voit les plus hautes pertes de l'année. Ceci est un article de HackRead.com Lire le post original: L'industrie cryptographique a perdu 685 millions de dollars au troisième trimestre 2023, 30% par le groupe Lazare

---

>By Waqas Immunefi Crypto Losses Report: Q3 2023 Sees Highest Losses of the Year. This is a post from HackRead.com Read the original post: Crypto Industry Lost $685 Million in Q3 2023, 30% by Lazarus Group]]> 2023-10-02T17:05:46+00:00 https://www.hackread.com/crypto-industry-q3-2023-lazarus-group/ www.secnews.physaphae.fr/article.php?IdArticle=8390569 False Studies APT 38 4.0000000000000000 knowbe4 - cybersecurity services Une récente attaque contre une entreprise aérospatiale espagnole non divulguée a tous commencé avec des messages aux employés de l'entreprise qui semblaient provenir de méta recruteurs, via la messagerie LinkedIn. chercheurs ESET à découvertL'attaque et l'attribué au groupe Lazare, en particulier une campagne surnommée Opération Dreamjob.Cette campagne du groupe Lazare était destinée aux entreprises de défense et aérospatiale dans le but de réaliser un cyberespionnage. & Nbsp;

---

A recent attack on an undisclosed Spanish aerospace company all started with messages to the company\'s employees that appeared to be coming from Meta recruiters, via LinkedIn Messaging. ESET researchers uncovered the attack and attributed it to the Lazarus group, particularly a campaign dubbed Operation DreamJob. This campaign by the Lazarus group was aimed at defense and aerospace companies with the goal of carrying out cyberespionage. ]]> 2023-10-02T16:29:11+00:00 https://blog.knowbe4.com/lazarus-attack-spanish-aerospace-company www.secnews.physaphae.fr/article.php?IdArticle=8390565 False None APT 38 3.0000000000000000 CyberWarzone - Cyber News Introduction Ever wondered how a seemingly innocent LinkedIn message can turn into a cybersecurity nightmare? A Spanish aerospace company recently]]> 2023-10-01T22:55:22+00:00 https://cyberwarzone.com/lazarus-group-targets-spanish-aerospace-company-through-linkedin-unveiling-the-lightlesscan-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8390245 False Malware APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files from the machine, and downloading another file or malware," Trend Micro researchers Mohamed Fahmy and Mahmoud Zohdy]]> 2023-09-30T14:51:00+00:00 https://thehackernews.com/2023/09/iranian-apt-group-oilrig-using-new.html www.secnews.physaphae.fr/article.php?IdArticle=8389819 False Malware,Prediction APT 34 3.0000000000000000 Recorded Future - FLux Recorded Future Les pirates liés à un groupe notoire du gouvernement nord-coréen ont lancé une attaque contre une société aérospatiale en Espagne, selon des chercheurs de la société de sécurité ESET.Vendredi, dans un rapport, les chercheurs ont déclaré avoir découvert une campagne de pirates liés à Lazarus - un groupe infâme qui a volé des milliards de milliardsentreprises de crypto-monnaie

---

Hackers connected to a notorious group within the North Korean government launched an attack against an aerospace company in Spain, according to researchers at security company ESET. In a report on Friday, researchers said they discovered a campaign by hackers connected to Lazarus - an infamous group that has stolen billions from cryptocurrency firms over]]> 2023-09-29T21:45:00+00:00 https://therecord.media/north-korean-govt-hackers-spain www.secnews.physaphae.fr/article.php?IdArticle=8389658 False None APT 38 2.0000000000000000 HackRead - Chercher Cyber Par deeba ahmed Auparavant, lorsque le groupe a exploité LinkedIn, il a réussi à piloter 625 millions de dollars stupéfiants du réseau de blockchain Ronin Network (RON). Ceci est un article de HackRead.com Lire le post original: Lazarus apt exploitant Linkedin à cibler la société aérospatiale espagnole

---

>By Deeba Ahmed Previously, when the group exploited LinkedIn, it managed to pilfer a staggering $625 million from the Ronin Network (RON) blockchain network. This is a post from HackRead.com Read the original post: Lazarus APT Exploiting LinkedIn to Target Spanish Aerospace Firm]]> 2023-09-29T19:43:27+00:00 https://www.hackread.com/lazarus-exploit-linkedin-spanish-aerospace-firm/ www.secnews.physaphae.fr/article.php?IdArticle=8389620 False Industrial APT 38 4.0000000000000000 Recorded Future - FLux Recorded Future Les pirates iraniens présumés ont récemment lancé une nouvelle opération de cyber-espionnage, infectant leurs victimes avec le malware Menorah nouvellement découvert, selon un rapport publié vendredi.Le groupe de piratage APT34, également connu sous le nom de Oilrig, Cobalt Gypsy, IRN2 et Helix Kitten, serait basé en Iran.Il cible les pays du Moyen-Orient depuis

---

Suspected Iranian hackers recently launched a new cyber espionage operation, infecting their victims with the newly discovered Menorah malware, according to a report published Friday. The hacking group APT34, also known as OilRig, Cobalt Gypsy, IRN2 and Helix Kitten, is believed to be based in Iran. It has been targeting Middle Eastern countries since at]]> 2023-09-29T18:15:00+00:00 https://therecord.media/alleged-iran-hackers-target-saudi-arabia-with-new-spy-malware www.secnews.physaphae.fr/article.php?IdArticle=8389606 False Malware APT 34 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta. "Employees of the targeted company were contacted by a fake recruiter via LinkedIn and tricked into opening a malicious executable file presenting itself as a coding]]> 2023-09-29T17:40:00+00:00 https://thehackernews.com/2023/09/lazarus-group-impersonates-recruiter.html www.secnews.physaphae.fr/article.php?IdArticle=8389485 False Threat APT 38 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET During the attack, the group deployed several tools, most notably a newly-discovered sophisticated backdoor that ESET named LightlessCan]]> 2023-09-29T13:00:00+00:00 https://www.welivesecurity.com/en/videos/how-lazarus-impersonated-meta-attack-target-spain-week-security-tony-anscombe/ www.secnews.physaphae.fr/article.php?IdArticle=8389817 False None APT 38 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET While analyzing a Lazarus attack luring employees of an aerospace company, ESET researchers discovered a publicly undocumented backdoor]]> 2023-09-29T09:30:08+00:00 https://www.welivesecurity.com/en/eset-research/lazarus-luring-employees-trojanized-coding-challenges-case-spanish-aerospace-company/ www.secnews.physaphae.fr/article.php?IdArticle=8389818 False None APT 38,APT 38 3.0000000000000000 Bleeping Computer - Magazine Américain The North Korean \'Lazarus\' hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown \'LightlessCan\' backdoor. [...]]]> 2023-09-29T05:30:00+00:00 https://www.bleepingcomputer.com/news/security/lazarus-hackers-breach-aerospace-firm-with-new-lightlesscan-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8389428 False Malware,Hack APT 38 3.0000000000000000 TrendLabs Security - Editeur Antivirus We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.]]> 2023-09-29T00:00:00+00:00 https://www.trendmicro.com/en_us/research/23/i/apt34-deploys-phishing-attack-with-new-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8389378 False Malware,Threat APT 34,APT 34 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Israeli organizations were targeted as part of two different campaigns orchestrated by the Iranian nation-state actor known as OilRig in 2021 and 2022. The campaigns, dubbed Outer Space and Juicy Mix, entailed the use of two previously documented first-stage backdoors called Solar and Mango, which were deployed to collect sensitive information from major browsers and the Windows Credential]]> 2023-09-22T14:55:00+00:00 https://thehackernews.com/2023/09/iranian-nation-state-actor-oilrig.html www.secnews.physaphae.fr/article.php?IdArticle=8386640 False None APT 34 2.0000000000000000 Global Security Mag - Site de news francais Malwares]]> 2023-09-22T10:26:15+00:00 https://www.globalsecuritymag.fr/ESET-decouvre-que-le-groupe-OilRig-a-deploye-un-nouveau-malware-sur-des.html www.secnews.physaphae.fr/article.php?IdArticle=8386669 False Malware,Tool APT 34 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET ESET researchers document OilRig\'s Outer Space and Juicy Mix campaigns, targeting Israeli organizations in 2021 and 2022]]> 2023-09-21T18:30:13+00:00 https://www.welivesecurity.com/en/eset-research/oilrigs-outer-space-juicy-mix-same-ol-rig-new-drill-pipes/ www.secnews.physaphae.fr/article.php?IdArticle=8386564 False None APT 34 2.0000000000000000 Detection Engineering - Blog Sécu And the cat complains a lot when things go wrong]]> 2023-09-20T12:01:22+00:00 https://www.detectionengineering.net/p/detection-engineering-weekly-41-oceans www.secnews.physaphae.fr/article.php?IdArticle=8385776 False None APT 32 2.0000000000000000 Global Security Mag - Site de news francais mise à jour malveillant

---

CapraTube - Transparent Tribe\'s CapraRAT mimics YouTube to hijack Android phones by SentinelOne - Malware Update]]> 2023-09-19T19:20:01+00:00 https://www.globalsecuritymag.fr/CapraTube-Transparent-Tribe-s-CapraRAT-mimics-YouTube-to-hijack-Android-phones.html www.secnews.physaphae.fr/article.php?IdArticle=8385477 False None APT 36 2.0000000000000000 Techworm - News a écrit dans une analyse lundi. Selon les chercheurs, les APK malveillants ne sont pas distribués via Google Play Store d'Android, ce qui signifie que les victimes sont probablement socialement conçues pour télécharger et installer l'application à partir d'une source tierce. L'analyse des trois APK a révélé qu'elles contenaient le Caprarat Trojan et ont été téléchargées sur Virustotal en avril, juillet et août 2023. Deux des Caprarat APK ont été nommés \\ 'YouTube \', et l'un a été nommé \'Piya Sharma \', associée à un canal potentiellement utilisé pour les techniques d'ingénierie sociale basées sur la romance pour convaincre les cibles d'installer les applications. La liste des applications est la suivante: base.media.service moves.media.tubes videos.watchs.share Pendant l'installation, les applications demandent un certain nombre d'autorisations à risque, dont certaines pourraient initialement sembler inoffensives pour la victime pour une application de streaming médiatique comme YouTube et la traiter sans soupçon. L'interface des applications malveillantes tente d'imiter l'application YouTube réelle de Google, mais ressemble plus à un navigateur Web qu'à une application en raison de l'utilisation de WebView à partir de l'application Trojanisée pour charger le service.Ils manquaient également de certaines fonctionnalités et fonctions disponibles dans l'application Android YouTube native légitime. Une fois que Caprarat est installé sur le dispositif de victime, il peut effectuer diverses actions telles que l'enregistrement avec le microphone, les caméras avant et arrière, la collecte de SMS et les contenus de messages multimédias et les journaux d'appels, d'envoi de messages SMS, de blocage des SMS entrants, initier les appels téléphoniques, prendre des captures d'écran, des paramètres système primordiaux tels que GPS & AMP;Réseau et modification des fichiers sur le système de fichiers du téléphone \\ Selon Sentinelabs, les variantes de caprarat récentes trouvées au cours de la campagne actuelle indiquent un développement continu des logiciels malveillants par la tribu transparente. En ce qui concerne l'attribution, les adresses IP des serveurs de commande et de contrôle (C2) avec lesquels Caprarat communique sont codées en dur dans le fichier de configuration de l'application et ont été liés aux activités passées du groupe de piratage. Cependant, certaines adresses IP étaient liées à d'autres campagnes de rats, bien que la relation exacte entre ces acteurs de menace et la tribu transparente reste claire. ]]> 2023-09-19T17:06:25+00:00 https://www.techworm.net/2023/09/hacker-fake-youtube-apps-android.html www.secnews.physaphae.fr/article.php?IdArticle=8393055 False Malware,Tool,Threat APT 36 2.0000000000000000 Dark Reading - Informationweek Branch Pakistani threat group Transparent Tribe targets military and diplomatic personnel in India and Pakistan with romance-themed lures in the latest spyware campaign.]]> 2023-09-19T14:30:50+00:00 https://www.darkreading.com/endpoint/caprarat-impersonates-youtube-hijack-android-devices www.secnews.physaphae.fr/article.php?IdArticle=8385347 False Threat APT 36 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The suspected Pakistan-linked threat actor known as Transparent Tribe is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity. "CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects," SentinelOne security]]> 2023-09-19T12:26:00+00:00 https://thehackernews.com/2023/09/transparent-tribe-uses-fake-youtube.html www.secnews.physaphae.fr/article.php?IdArticle=8385200 False Malware,Tool,Threat APT 36 1.00000000000000000000 SecurityWeek - Security News Nouvelles versions de la tribu transparente entièrement liée au Pakistan.

---

>New versions of Pakistan-linked APT Transparent Tribe\'s CapraRAT Android trojan mimic the appearance of YouTube. ]]> 2023-09-19T12:16:54+00:00 https://www.securityweek.com/pakistani-apt-uses-youtube-mimicking-rat-to-spy-on-android-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8385303 False None APT 36 2.0000000000000000 Bleeping Computer - Magazine Américain The APT36 hacking group, aka \'Transparent Tribe,\' has been observed using at least three Android apps that mimic YouTube to infect devices with their signature remote access trojan (RAT), \'CapraRAT.\' [...]]]> 2023-09-18T18:06:13+00:00 https://www.bleepingcomputer.com/news/security/apt36-state-hackers-infect-android-devices-using-youtube-app-clones/ www.secnews.physaphae.fr/article.php?IdArticle=8385032 False None APT 36 1.00000000000000000000 SentinelOne (APT) - Cyber Firms Pakistan-aligned threat actor weaponizes fake YouTube apps on the Android platform to deliver mobile remote access trojan spyware.]]> 2023-09-18T13:00:03+00:00 https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/ www.secnews.physaphae.fr/article.php?IdArticle=8388347 False Threat APT 36 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-affiliated Lazarus Group has stolen nearly $240 million in cryptocurrency since June 2023, marking a significant escalation of its hacks. According to multiple reports from Certik, Elliptic, and ZachXBT, the infamous hacking group is said to be suspected behind the theft of $31 million in digital assets from the CoinEx exchange on September 12, 2023. The crypto heist aimed at]]> 2023-09-17T12:02:00+00:00 https://thehackernews.com/2023/09/north-koreas-lazarus-group-suspected-in.html www.secnews.physaphae.fr/article.php?IdArticle=8384403 False None APT 38,APT 38 2.0000000000000000 Recorded Future - FLux Recorded Future Les experts de la société de suivi des crypto-monnaies Elliptic disent que les pirates nord-coréens sont les principaux suspects du vol de 31 millions de dollars en crypto-monnaie du Coinex Exchange rapporté plus tôt cette semaine.Les analystes Comparation des transactions destiné à masquer les fonds pris dans le coinex baist avec les suites des attaquessur le casino en ligne pieu.com et portefeuille de crypto-monnaie

---

Experts at the cryptocurrency-tracking company Elliptic say North Korean hackers are the prime suspects in the theft of $31 million in cryptocurrency from the CoinEx exchange reported earlier this week. The analysts compared transactions intended to hide funds taken in the CoinEx heist with the aftermath of attacks on online casino Stake.com and cryptocurrency wallet]]> 2023-09-15T16:15:00+00:00 https://therecord.media/coinex-cryptocurrency-heist-north-korea www.secnews.physaphae.fr/article.php?IdArticle=8383748 False None APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Iranian nation-state actors have been conducting password spray attacks against thousands of organizations globally between February and July 2023, new findings from Microsoft reveal. The tech giant, which is tracking the activity under the name Peach Sandstorm (formerly Holmium), said the adversary pursued organizations in the satellite, defense, and pharmaceutical sectors to likely facilitate]]> 2023-09-15T09:44:00+00:00 https://thehackernews.com/2023/09/iranian-nation-state-actors-employ.html www.secnews.physaphae.fr/article.php?IdArticle=8383564 False Threat APT 33 3.0000000000000000